From 42afbd28e0b94199460d5289cb36296caa4c7873 Mon Sep 17 00:00:00 2001 From: devops0706 Date: Tue, 23 Jul 2024 15:28:23 +0530 Subject: [PATCH] added spot instance policy for service-lined-role --- examples/complete/main.tf | 2 +- modules/kubernetes-addons/karpenter/data.tf | 16 ++++++++++++++++ modules/kubernetes-addons/karpenter/locals.tf | 2 +- modules/kubernetes-addons/karpenter/main.tf | 6 ++++++ 4 files changed, 24 insertions(+), 2 deletions(-) diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 21d4f2b..28abf15 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -81,4 +81,4 @@ module "eks-addons" { velero_backup_name = "application-backup" backup_bucket_name = "velero-bucket" } -} +} \ No newline at end of file diff --git a/modules/kubernetes-addons/karpenter/data.tf b/modules/kubernetes-addons/karpenter/data.tf index 04f54e2..3cb6c66 100644 --- a/modules/kubernetes-addons/karpenter/data.tf +++ b/modules/kubernetes-addons/karpenter/data.tf @@ -38,3 +38,19 @@ data "aws_iam_policy_document" "karpenter" { } } } + +data "aws_iam_policy_document" "karpenter-spot-service-linked-policy" { + statement { + effect = "Allow" + actions = [ + "iam:CreateServiceLinkedRole" + ] + resources = ["*"] + + condition { + test = "StringEquals" + variable = "iam:AWSServiceName" + values = ["spot.amazonaws.com"] + } + } +} \ No newline at end of file diff --git a/modules/kubernetes-addons/karpenter/locals.tf b/modules/kubernetes-addons/karpenter/locals.tf index 7ec679e..5ca0e2c 100644 --- a/modules/kubernetes-addons/karpenter/locals.tf +++ b/modules/kubernetes-addons/karpenter/locals.tf @@ -37,7 +37,7 @@ locals { kubernetes_service_account = local.service_account create_kubernetes_namespace = try(local.helm_config["create_namespace"], true) create_kubernetes_service_account = true - irsa_iam_policies = concat([aws_iam_policy.karpenter.arn], var.irsa_policies) + irsa_iam_policies = concat([aws_iam_policy.karpenter.arn , aws_iam_policy.karpenter-spot.arn], var.irsa_policies) } argocd_gitops_config = { diff --git a/modules/kubernetes-addons/karpenter/main.tf b/modules/kubernetes-addons/karpenter/main.tf index 760869c..906594c 100644 --- a/modules/kubernetes-addons/karpenter/main.tf +++ b/modules/kubernetes-addons/karpenter/main.tf @@ -12,3 +12,9 @@ resource "aws_iam_policy" "karpenter" { description = "IAM Policy for Karpenter" policy = data.aws_iam_policy_document.karpenter.json } + +resource "aws_iam_policy" "karpenter-spot" { + name = "${var.addon_context.eks_cluster_id}-karpenter-spot" + description = "IAM Policy for Karpenter" + policy = data.aws_iam_policy_document.karpenter-spot-service-linked-policy.json +} \ No newline at end of file