Skip to content

Commit

Permalink
added spot instance policy for service-lined-role
Browse files Browse the repository at this point in the history
  • Loading branch information
@devops0706
devops0706 committed Jul 23, 2024
1 parent d986693 commit 42afbd2
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 2 deletions.
2 changes: 1 addition & 1 deletion examples/complete/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,4 +81,4 @@ module "eks-addons" {
velero_backup_name = "application-backup"
backup_bucket_name = "velero-bucket"
}
}
}
16 changes: 16 additions & 0 deletions modules/kubernetes-addons/karpenter/data.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,19 @@ data "aws_iam_policy_document" "karpenter" {
}
}
}

data "aws_iam_policy_document" "karpenter-spot-service-linked-policy" {
statement {
effect = "Allow"
actions = [
"iam:CreateServiceLinkedRole"
]
resources = ["*"]

condition {
test = "StringEquals"
variable = "iam:AWSServiceName"
values = ["spot.amazonaws.com"]
}
}
}
2 changes: 1 addition & 1 deletion modules/kubernetes-addons/karpenter/locals.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ locals {
kubernetes_service_account = local.service_account
create_kubernetes_namespace = try(local.helm_config["create_namespace"], true)
create_kubernetes_service_account = true
irsa_iam_policies = concat([aws_iam_policy.karpenter.arn], var.irsa_policies)
irsa_iam_policies = concat([aws_iam_policy.karpenter.arn , aws_iam_policy.karpenter-spot.arn], var.irsa_policies)
}

argocd_gitops_config = {
Expand Down
6 changes: 6 additions & 0 deletions modules/kubernetes-addons/karpenter/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,9 @@ resource "aws_iam_policy" "karpenter" {
description = "IAM Policy for Karpenter"
policy = data.aws_iam_policy_document.karpenter.json
}

resource "aws_iam_policy" "karpenter-spot" {
name = "${var.addon_context.eks_cluster_id}-karpenter-spot"
description = "IAM Policy for Karpenter"
policy = data.aws_iam_policy_document.karpenter-spot-service-linked-policy.json
}

0 comments on commit 42afbd2

Please sign in to comment.