Skip to content

Commit

Permalink
chore: fix env vars for v1beta1 controller policy (#4909)
Browse files Browse the repository at this point in the history
  • Loading branch information
@njtran
njtran committed Oct 24, 2023
1 parent 4ca41b8 commit 0511f5d
Showing 1 changed file with 28 additions and 28 deletions.
56 changes: 28 additions & 28 deletions website/content/en/preview/upgrading/v1beta1-controller-policy.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,12 @@
"Sid": "AllowScopedEC2InstanceActions",
"Effect": "Allow",
"Resource": [
"arn:${AWS_PARTITION}:ec2:${REGION}::image/*",
"arn:${AWS_PARTITION}:ec2:${REGION}::snapshot/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:spot-instances-request/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:security-group/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:subnet/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}::image/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}::snapshot/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:spot-instances-request/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:security-group/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:subnet/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
],
"Action": [
"ec2:RunInstances",
Expand All @@ -21,11 +21,11 @@
"Sid": "AllowScopedEC2InstanceActionsWithTags",
"Effect": "Allow",
"Resource": [
"arn:${AWS_PARTITION}:ec2:${REGION}:*:fleet/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:volume/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:network-interface/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:fleet/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:volume/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:network-interface/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
],
"Action": [
"ec2:RunInstances",
Expand All @@ -45,11 +45,11 @@
"Sid": "AllowScopedResourceCreationTagging",
"Effect": "Allow",
"Resource": [
"arn:${AWS_PARTITION}:ec2:${REGION}:*:fleet/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:volume/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:network-interface/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:fleet/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:volume/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:network-interface/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
],
"Action": "ec2:CreateTags",
"Condition": {
Expand All @@ -69,7 +69,7 @@
{
"Sid": "AllowScopedResourceTagging",
"Effect": "Allow",
"Resource": "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
"Resource": "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
Expand All @@ -90,8 +90,8 @@
"Sid": "AllowScopedDeletion",
"Effect": "Allow",
"Resource": [
"arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
"arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
"arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
],
"Action": [
"ec2:TerminateInstances",
Expand Down Expand Up @@ -123,14 +123,14 @@
],
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "${REGION}"
"aws:RequestedRegion": "${AWS_REGION}"
}
}
},
{
"Sid": "AllowSSMReadActions",
"Effect": "Allow",
"Resource": "arn:${AWS_PARTITION}:ssm:${REGION}::parameter/aws/service/*",
"Resource": "arn:${AWS_PARTITION}:ssm:${AWS_REGION}::parameter/aws/service/*",
"Action": "ssm:GetParameter"
},
{
Expand All @@ -142,7 +142,7 @@
{
"Sid": "AllowInterruptionQueueActions",
"Effect": "Allow",
"Resource": "arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTER_NAME}",
"Resource": "arn:aws:sqs:${AWS_REGION}:${AWS_ACCOUNT_ID}:${CLUSTER_NAME}",
"Action": [
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
Expand All @@ -169,7 +169,7 @@
"Condition": {
"StringEquals": {
"aws:RequestTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
"aws:RequestTag/topology.kubernetes.io/region": "${REGION}"
"aws:RequestTag/topology.kubernetes.io/region": "${AWS_REGION}"
},
"StringLike": {
"aws:RequestTag/karpenter.k8s.aws/ec2nodeclass": "*"
Expand All @@ -184,9 +184,9 @@
"Condition": {
"StringEquals": {
"aws:ResourceTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
"aws:ResourceTag/topology.kubernetes.io/region": "${REGION}",
"aws:ResourceTag/topology.kubernetes.io/region": "${AWS_REGION}",
"aws:RequestTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
"aws:RequestTag/topology.kubernetes.io/region": "${REGION}"
"aws:RequestTag/topology.kubernetes.io/region": "${AWS_REGION}"
},
"StringLike": {
"aws:ResourceTag/karpenter.k8s.aws/ec2nodeclass": "*",
Expand All @@ -206,7 +206,7 @@
"Condition": {
"StringEquals": {
"aws:ResourceTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
"aws:ResourceTag/topology.kubernetes.io/region": "${REGION}"
"aws:ResourceTag/topology.kubernetes.io/region": "${AWS_REGION}"
},
"StringLike": {
"aws:ResourceTag/karpenter.k8s.aws/ec2nodeclass": "*"
Expand All @@ -222,8 +222,8 @@
{
"Sid": "AllowAPIServerEndpointDiscovery",
"Effect": "Allow",
"Resource": "arn:${AWS_PARTITION}:eks:${REGION}:${AWS_ACCOUNT_ID}:cluster/${CLUSTER_NAME}",
"Resource": "arn:${AWS_PARTITION}:eks:${AWS_REGION}:${AWS_ACCOUNT_ID}:cluster/${CLUSTER_NAME}",
"Action": "eks:DescribeCluster"
}
]
}
}

0 comments on commit 0511f5d

Please sign in to comment.