Skip to content

Commit

Permalink
fixed iam permissions for karpenter
Browse files Browse the repository at this point in the history 
Signed-off-by: Sienna Satterwhite <sienna.satterwhite@jamf.com>
  • Loading branch information
@siennathesane @cPu1
siennathesane authored and cPu1 committed Jul 4, 2024
1 parent 3fdd538 commit df81750
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 3 deletions.
17 changes: 14 additions & 3 deletions pkg/cfn/builder/karpenter.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,15 @@ const (
ec2DescribeImages = "ec2:DescribeImages"
ec2DescribeSpotPriceHistory = "ec2:DescribeSpotPriceHistory"
// IAM
iamPassRole = "iam:PassRole"
iamCreateServiceLinkedRole = "iam:CreateServiceLinkedRole"
ssmGetParameter = "ssm:GetParameter"
iamPassRole = "iam:PassRole"
iamCreateServiceLinkedRole = "iam:CreateServiceLinkedRole"
iamGetInstanceProfile = "iam:GetInstanceProfile"
iamCreateInstanceProfile = "iam:CreateInstanceProfile"
iamDeleteInstanceProfile = "iam:DeleteInstanceProfile"
iamTagInstanceProfile = "iam:TagInstanceProfile"
iamAddRoleToInstanceProfile = "iam:AddRoleToInstanceProfile"
// SSM
ssmGetParameter = "ssm:GetParameter"
// Pricing
pricingGetProducts = "pricing:GetProducts"
// SQS
Expand Down Expand Up @@ -165,6 +171,11 @@ func (k *KarpenterResourceSet) addResourcesForKarpenter() error {
ec2DescribeSpotPriceHistory,
iamPassRole,
iamCreateServiceLinkedRole,
iamGetInstanceProfile,
iamCreateInstanceProfile,
iamDeleteInstanceProfile,
iamTagInstanceProfile,
iamAddRoleToInstanceProfile,
ssmGetParameter,
pricingGetProducts,
},
Expand Down
15 changes: 15 additions & 0 deletions pkg/cfn/builder/karpenter_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,11 @@ var expectedTemplate = `{
"ec2:DescribeSpotPriceHistory",
"iam:PassRole",
"iam:CreateServiceLinkedRole",
"iam:GetInstanceProfile",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:TagInstanceProfile",
"iam:AddRoleToInstanceProfile",
"ssm:GetParameter",
"pricing:GetProducts"
],
Expand Down Expand Up @@ -262,6 +267,11 @@ var expectedTemplateWithPermissionBoundary = `{
"ec2:DescribeSpotPriceHistory",
"iam:PassRole",
"iam:CreateServiceLinkedRole",
"iam:GetInstanceProfile",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:TagInstanceProfile",
"iam:AddRoleToInstanceProfile",
"ssm:GetParameter",
"pricing:GetProducts"
],
Expand Down Expand Up @@ -424,6 +434,11 @@ var expectedTemplateWithSpotInterruptionQueue = `{
"ec2:DescribeSpotPriceHistory",
"iam:PassRole",
"iam:CreateServiceLinkedRole",
"iam:GetInstanceProfile",
"iam:CreateInstanceProfile",
"iam:DeleteInstanceProfile",
"iam:TagInstanceProfile",
"iam:AddRoleToInstanceProfile",
"ssm:GetParameter",
"pricing:GetProducts"
],
Expand Down

0 comments on commit df81750

Please sign in to comment.