Getting Started Guide improvements (#599)

* Bumped getting started to 0.3.0

* Decoupled IAM Role creation from Cluster Creation to enable BYO Cluster

website/content/en/docs/getting-started/_index.md

@@ -65,8 +65,6 @@ Karpenter itself can run anywhere, including on [self-managed node groups](https
 
 Karpenter will provision EC2 instances in your account.
 
-Additionally, the configuration file sets up [IAM Roles for Service Accounts](https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html) (IRSA), which grants Karpenter permissions like launching instances.
-
 ### Tag Subnets
 
 Karpenter discovers subnets tagged `kubernetes.io/cluster/$CLUSTER_NAME`. Add this tag to subnets associated configured for your cluster.
@@ -82,7 +80,7 @@ aws ec2 create-tags \
     --tags Key="kubernetes.io/cluster/${CLUSTER_NAME}",Value=
 ```
 
-### Setup an IAM InstanceProfile for your Nodes
+### Create the KarpenterNode IAM Role
 
 Instances launched by Karpenter must run with an InstanceProfile that grants permissions necessary to run containers and configure networking. Karpenter discovers the InstanceProfile using the name `KarpenterNodeRole-${ClusterName}`.
 
@@ -111,6 +109,17 @@ eksctl create iamidentitymapping \
 
 Now, Karpenter can launch new EC2 instances and those instances can connect to your cluster.
 
+### Create the KarpenterController IAM Role
+
+Karpenter requires permissions like launching instances. This will create an AWS IAM Role, Kubernetes service account, and associate them using [IRSA](https://docs.aws.amazon.com/emr/latest/EMR-on-EKS-DevelopmentGuide/setting-up-enable-IAM.html).
+
+```
+eksctl create iamserviceaccount
+  --cluster $CLUSTER_NAME --name karpenter --namespace karpenter \
+  --attach-policy-arn arn:aws:iam::$AWS_ACCOUNT_ID:policy/KarpenterControllerPolicy-$CLUSTER_NAME \
+  --approve
+```
+
 ### Install Karpenter Helm Chart
 
 Use helm to deploy Karpenter to the cluster.
@@ -122,7 +131,7 @@ eksctl. Thus, we don't need the helm chart to do that.
 helm repo add karpenter https://awslabs.github.io/karpenter/charts
 helm repo update
 helm upgrade --install karpenter karpenter/karpenter --namespace karpenter \
-  --create-namespace --set serviceAccount.create=false --version 0.2.9
+  --create-namespace --set serviceAccount.create=false --version 0.3.0
 ```
 
 ### Provisioner

website/content/en/docs/getting-started/cloudformation.yaml

@@ -31,3 +31,29 @@ Resources:
         - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEKS_CNI_Policy"
         - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
         - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  KarpenterControllerPolicy:
+    Type: AWS::IAM::ManagedPolicy
+    Properties:
+      ManagedPolicyName: !Sub "KarpenterControllerPolicy-${ClusterName}"
+      PolicyDocument:
+        Version: "2012-10-17"
+        Statement:
+          - Effect: Allow
+            Resource: "*"
+            Action:
+              # Write Operations
+              - ec2:CreateLaunchTemplate
+              - ec2:CreateFleet
+              - ec2:RunInstances
+              - ec2:CreateTags
+              - iam:PassRole
+              - ec2:TerminateInstances
+              # Read Operations
+              - ec2:DescribeLaunchTemplates
+              - ec2:DescribeInstances
+              - ec2:DescribeSecurityGroups
+              - ec2:DescribeSubnets
+              - ec2:DescribeInstanceTypes
+              - ec2:DescribeInstanceTypeOfferings
+              - ec2:DescribeAvailabilityZones
+              - ssm:GetParameter

website/content/en/docs/getting-started/eksctl.yaml

@@ -14,29 +14,3 @@ managedNodeGroups:
     maxSize: 10
 iam:
   withOIDC: true
-  serviceAccounts:
-    - metadata:
-        name: karpenter
-        namespace: karpenter
-      attachPolicy:
-        Version: "2012-10-17"
-        Statement:
-          - Effect: Allow
-            Resource: "*"
-            Action:
-              # Write Operations
-              - "ec2:CreateLaunchTemplate"
-              - "ec2:CreateFleet"
-              - "ec2:RunInstances"
-              - "ec2:CreateTags"
-              - "iam:PassRole"
-              - "ec2:TerminateInstances"
-              # Read Operations
-              - "ec2:DescribeLaunchTemplates"
-              - "ec2:DescribeInstances"
-              - "ec2:DescribeSecurityGroups"
-              - "ec2:DescribeSubnets"
-              - "ec2:DescribeInstanceTypes"
-              - "ec2:DescribeInstanceTypeOfferings"
-              - "ec2:DescribeAvailabilityZones"
-              - "ssm:GetParameter"