Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add Karpenter new NTH IAM policies #1145

Merged
merged 21 commits into from
Dec 3, 2022
Merged

feat: Add Karpenter new NTH IAM policies #1145

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
3169b82
add nth policies
FernandoMiguel Nov 8, 2022
b658917
add vars
FernandoMiguel Nov 8, 2022
5a24ff7
remove interpolation
FernandoMiguel Nov 8, 2022
18b5a5d
Karpenter v0.19.0 changes
andrewhibbert Nov 16, 2022
f8727c0
Merge branch 'aws-ia:main' into karpenter-nth
FernandoMiguel Nov 17, 2022
4c698f9
update iam policy
FernandoMiguel Nov 17, 2022
0d4e6d5
Merge pull request #1 from andrewhibbert/karpenter_v0.19.0
FernandoMiguel Nov 17, 2022
d70aaa6
add var karpenter_sqs_queue_arn
FernandoMiguel Nov 17, 2022
03a55fa
local oops
FernandoMiguel Nov 17, 2022
0e2bc1f
Merge branch 'main' into karpenter-nth
FernandoMiguel Nov 18, 2022
77bc7bb
Merge branch 'main' into karpenter-nth
askulkarni2 Nov 18, 2022
d9fc025
Merge branch 'main' into karpenter-nth
FernandoMiguel Nov 21, 2022
ded768a
karpenter v0.19.1
FernandoMiguel Nov 21, 2022
28721e1
Merge branch 'aws-ia:main' into karpenter-nth
FernandoMiguel Nov 21, 2022
086e659
karpenter "v0.19.2"
FernandoMiguel Nov 22, 2022
0290117
Merge branch 'main' into karpenter-nth
FernandoMiguel Nov 23, 2022
c58aab1
Merge branch 'main' into karpenter-nth
FernandoMiguel Nov 23, 2022
a1ee6bd
Merge branch 'main' into karpenter-nth
FernandoMiguel Nov 30, 2022
0427e29
Merge branch 'main' into karpenter-nth
FernandoMiguel Nov 30, 2022
504fcc7
Merge branch 'main' of github.com:aws-ia/terraform-aws-eks-blueprints…
bryantbiggs Dec 3, 2022
8ee65e9
fix: Correct handling of termination queue
bryantbiggs Dec 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions modules/kubernetes-addons/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,6 +270,7 @@
| <a name="input_karpenter_helm_config"></a> [karpenter\_helm\_config](#input\_karpenter\_helm\_config) | Karpenter autoscaler add-on config | `any` | `{}` | no |
| <a name="input_karpenter_irsa_policies"></a> [karpenter\_irsa\_policies](#input\_karpenter\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
| <a name="input_karpenter_node_iam_instance_profile"></a> [karpenter\_node\_iam\_instance\_profile](#input\_karpenter\_node\_iam\_instance\_profile) | Karpenter Node IAM Instance profile id | `string` | `""` | no |
| <a name="input_karpenter_sqs_queue_arn"></a> [karpenter\_sqs\_queue\_arn](#input\_karpenter\_sqs\_queue\_arn) | (Optional) ARN of SQS used by Karpenter when native node termination handling is enabled | `string` | `""` | no |
| <a name="input_keda_helm_config"></a> [keda\_helm\_config](#input\_keda\_helm\_config) | KEDA Event-based autoscaler add-on config | `any` | `{}` | no |
| <a name="input_keda_irsa_policies"></a> [keda\_irsa\_policies](#input\_keda\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
| <a name="input_kube_prometheus_stack_helm_config"></a> [kube\_prometheus\_stack\_helm\_config](#input\_kube\_prometheus\_stack\_helm\_config) | Community kube-prometheus-stack Helm Chart config | `any` | `{}` | no |
Expand Down
1 change: 1 addition & 0 deletions modules/kubernetes-addons/karpenter/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ For more details checkout [Karpenter](https://karpenter.sh/docs/getting-started/
| <a name="input_irsa_policies"></a> [irsa\_policies](#input\_irsa\_policies) | Additional IAM policies for a IAM role for service accounts | `list(string)` | `[]` | no |
| <a name="input_manage_via_gitops"></a> [manage\_via\_gitops](#input\_manage\_via\_gitops) | Determines if the add-on should be managed via GitOps. | `bool` | `false` | no |
| <a name="input_node_iam_instance_profile"></a> [node\_iam\_instance\_profile](#input\_node\_iam\_instance\_profile) | Karpenter Node IAM Instance profile id | `string` | `""` | no |
| <a name="input_sqs_queue_arn"></a> [sqs\_queue\_arn](#input\_sqs\_queue\_arn) | (Optional) ARN of SQS used by Karpenter when native node termination handling is enabled | `string` | `""` | no |

## Outputs

Expand Down
14 changes: 14 additions & 0 deletions modules/kubernetes-addons/karpenter/data.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,4 +37,18 @@ data "aws_iam_policy_document" "karpenter" {
values = ["*karpenter*"]
}
}

dynamic "statement" {
for_each = var.sqs_queue_arn != "" ? [1] : []

content {
actions = [
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:ReceiveMessage",
]
resources = [var.sqs_queue_arn]
}
}
}
12 changes: 7 additions & 5 deletions modules/kubernetes-addons/karpenter/locals.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,16 @@ locals {
name = local.name
chart = local.name
repository = "oci://public.ecr.aws/karpenter"
version = "v0.18.1"
version = "v0.19.3"
namespace = local.name
values = [
<<-EOT
clusterName: ${var.addon_context.eks_cluster_id}
clusterEndpoint: ${var.addon_context.aws_eks_cluster_endpoint}
aws:
defaultInstanceProfile: ${var.node_iam_instance_profile}
settings:
aws:
clusterName: ${var.addon_context.eks_cluster_id}
clusterEndpoint: ${var.addon_context.aws_eks_cluster_endpoint}
defaultInstanceProfile: ${var.node_iam_instance_profile}
interruptionQueueName: ${var.sqs_queue_arn}
EOT
]
description = "karpenter Helm Chart for Node Autoscaling"
Expand Down
6 changes: 6 additions & 0 deletions modules/kubernetes-addons/karpenter/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,14 @@ variable "manage_via_gitops" {

variable "node_iam_instance_profile" {
description = "Karpenter Node IAM Instance profile id"
type = string
default = ""
}

variable "sqs_queue_arn" {
description = "(Optional) ARN of SQS used by Karpenter when native node termination handling is enabled"
type = string
default = ""
}

variable "addon_context" {
Expand Down
7 changes: 5 additions & 2 deletions modules/kubernetes-addons/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,11 +313,14 @@ module "ingress_nginx" {
}

module "karpenter" {
count = var.enable_karpenter ? 1 : 0
source = "./karpenter"
source = "./karpenter"

count = var.enable_karpenter ? 1 : 0

helm_config = var.karpenter_helm_config
irsa_policies = var.karpenter_irsa_policies
node_iam_instance_profile = var.karpenter_node_iam_instance_profile
sqs_queue_arn = var.karpenter_sqs_queue_arn
manage_via_gitops = var.argocd_manage_add_ons
addon_context = local.addon_context
}
Expand Down
6 changes: 6 additions & 0 deletions modules/kubernetes-addons/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -867,6 +867,12 @@ variable "karpenter_node_iam_instance_profile" {
default = ""
}

variable "karpenter_sqs_queue_arn" {
description = "(Optional) ARN of SQS used by Karpenter when native node termination handling is enabled"
type = string
default = ""
}

#-----------KEDA ADDON-------------
variable "enable_keda" {
description = "Enable KEDA Event-based autoscaler add-on"
Expand Down