-
-
Notifications
You must be signed in to change notification settings - Fork 948
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug; karpenter controller policy is missing required instance profile persmissions introduced in karpenter v0.32 #433
Comments
abrabah
changed the title
bug; karpenter controller policy is missing required InstancePriofile persmissions indroduced in karpenter v0.32
bug; karpenter controller policy is missing required InstancePriofile persmissions introduced in karpenter v0.32
Nov 10, 2023
abrabah
changed the title
bug; karpenter controller policy is missing required InstancePriofile persmissions introduced in karpenter v0.32
bug; karpenter controller policy is missing required instance profile persmissions introduced in karpenter v0.32
Nov 10, 2023
bryantbiggs
added a commit
that referenced
this issue
Nov 17, 2023
* fix: add instance profile permissions to karpenter policy fixes #433 Signed-off-by: Abraham Bah <2195667+abrabah@users.noreply.github.com> * fix; use dynamic block instead of repeating StringEquals condition for iam:CreateInstanceProfile statement in karpenter policy * fixup! remove unnecessary whitespace Signed-off-by: Abraham Bah <2195667+abrabah@users.noreply.github.com> * fix: Make instance profile creation an opt-in * fix: Update docs --------- Signed-off-by: Abraham Bah <2195667+abrabah@users.noreply.github.com> Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
This issue has been resolved in version 5.32.0 🎉 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Karpenter will auto-generate instance profiles as of version v0.32. The
karpenter_controller
policy inmodules/iam-role-for-service-accounts-eks/policies.tf
does not currently include statements for manipulating instance profiles.Updated karpenter policy can be found in the karpenter repository
Versions
Reproduction Code [Required]
Run the
karpenter_controller_irsa_role
module underterraform-aws-iam/examples/iam-role-for-service-accounts-eks
;Steps to reproduce the behavior:
iam-role-for-service-accounts-eks
withattach_karpenter_controller_policy = true
Expected behavior
Expected a series of instance profile actions to be added to the karpenter role
Actual behavior
Found no instance profile actions associated with the karpenter role/policy
Additional context
Related Karpenter policy for the terraform module can be found here
Related Karpenter v0.32 policy can be found here
The text was updated successfully, but these errors were encountered: