-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add Karpenter v1beta1 compatibility #2800
feat: Add Karpenter v1beta1 compatibility #2800
Conversation
I still need to re-test, I was getting some errors
|
… validated and working as intended
…form-aws-eks into karpenter-v1beta1-minimal
## [19.18.0](v19.17.4...v19.18.0) (2023-11-01) ### Features * Add Karpenter v1beta1 compatibility ([#2800](#2800)) ([aec2bab](aec2bab))
This PR is included in version 19.18.0 🎉 |
is this the module where the karpenter policy will now be managed and if so does that mean the karpenter-controller policy in iam-role-for-service-accounts-eks is being deprecated ? |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
Add IAM support for Karpenter v1beta1 resources.
Motivation and Context
The recent Karpenter v0.32 release added support for v1beta1 resources, as described in https://github.com/aws/karpenter/blob/main/designs/v1beta1-full-changelist.md. As part of this change, new permissions are needed such as the ability to create instance profiles.
The new controller IAM policy is described in https://github.com/aws/karpenter/blob/main/website/content/en/preview/upgrading/v1beta1-controller-policy.json
This PR adds a minimal set of changes for v0.32 compatibility, specifically around instance profiles. This gives the IRSA role the ability to create any instance profile in the account, without attempting to scope it down based on tags as aws/karpenter-provider-aws#3948 would have done.
Breaking Changes
No breaking changes, only adds permissions.
How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request