From c4a4b8afe3d1e89117573e9e04aea08871a069dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lukas=20W=C3=B6hrl?= <lukas@woehrl.net>
Date: Wed, 15 Feb 2023 22:02:27 +0100
Subject: [PATCH] feat: Add auto discovery permission of cluster endpoint to
 Karpenter role (#2451)

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
---
 modules/karpenter/main.tf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index 2133d49f9c..343e38b256 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -131,6 +131,11 @@ data "aws_iam_policy_document" "irsa" {
     resources = var.irsa_ssm_parameter_arns
   }
 
+  statement {
+    actions   = ["eks:DescribeCluster"]
+    resources = ["arn:${local.partition}:eks:*:${local.account_id}:cluster/${var.cluster_name}"]
+  }
+
   statement {
     actions   = ["iam:PassRole"]
     resources = [var.create_iam_role ? aws_iam_role.this[0].arn : var.iam_role_arn]