Merge remote-tracking branch 'upstream/master' into mainline

Author: geoffcline

latest/bpg/autoscaling/karpenter.adoc

@@ -69,6 +69,19 @@ and pod scheduling.
 
 The following best practices cover topics related to Karpenter itself.
 
+=== Lock down AMIs in production clusters
+
+We strongly recommend that you pin well-known Amazon Machine Images (AMIs) used by Karpenter for production clusters.
+Using `amiSelector` with an alias set to `@latest`, or using some other method that results in deploying untested AMIs as they are released, offers the risk of workload failures and downtime in your production clusters. As a result, we strongly recommend pinning tested working versions of AMIs for your production clusters while you test newer versions in non-production clusters. For example, you could set an alias in your NodeClass as follows:
+
+[source,yaml]
+----
+amiSelectorTerms
+  - alias: al2023@v20240807
+----
+
+For information on managing and pinning down AMIs in Karpenter, see https://karpenter.sh/docs/tasks/managing-amis/[Managing AMIs] in the Karpenter documentation.
+
 === Use Karpenter for workloads with changing capacity needs
 
 Karpenter brings scaling management closer to Kubernetes native APIs