Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable to use Karpenter v1 controller policy #371

Merged
merged 6 commits into from
Oct 30, 2024

Conversation

coord-e
Copy link
Member

@coord-e coord-e commented Oct 24, 2024

This PR attaches a controller policy for Karpenter v1 in the karpenter module. The policy content is taken from https://github.com/aws/karpenter-provider-aws/blob/v1.0.6/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml. I've added module variables v1 and v1beta to help migration as you did in #368.

I'll make a PR to backport this to v0.29 and v0.30 after this is merged.

@coord-e coord-e requested a review from errm October 24, 2024 09:22
@coord-e coord-e requested a review from a team as a code owner October 24, 2024 09:22
@coord-e coord-e requested review from a team and eagletmt October 24, 2024 09:23
@coord-e coord-e force-pushed the coord-e/karpenter-v1-controller-policy branch from 2465d61 to bcf7a28 Compare October 24, 2024 09:24
Copy link
Member

@errm errm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you check reason for test failure?

@coord-e coord-e force-pushed the coord-e/karpenter-v1-controller-policy branch 2 times, most recently from 04485e2 to 00744e8 Compare October 25, 2024 04:50
@coord-e coord-e force-pushed the coord-e/karpenter-v1-controller-policy branch from 00744e8 to c820fe1 Compare October 25, 2024 05:28
@coord-e

This comment was marked as outdated.

@coord-e
Copy link
Member Author

coord-e commented Oct 29, 2024

LimitExceeded: Maximum policy size of 10240 bytes exceeded for role Karpenter-terraform-aws-eks-testing-3n8AYX

Including both v1 and v1beta policies inline in the role seems to exceed the IAM role's policy size limit.
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html

I resolved this with managed policies, now tests are passing 7257bc8

@coord-e coord-e requested a review from errm October 29, 2024 06:01
Copy link
Member

@errm errm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@coord-e
Copy link
Member Author

coord-e commented Oct 30, 2024

thank you!

@coord-e coord-e merged commit 69108e6 into main Oct 30, 2024
3 checks passed
@coord-e coord-e deleted the coord-e/karpenter-v1-controller-policy branch October 30, 2024 01:19
coord-e added a commit that referenced this pull request Oct 30, 2024
This is a squashed commit with changes in #371:

Enable to detach Karpenter v1beta controller policy

Make v1 and v1beta policies mutually exclusive

Use Karpenter v1 resources in test

Revert "Make v1 and v1beta policies mutually exclusive"

This reverts commit 0db1769.

Separate policy documents as managed policies
coord-e added a commit that referenced this pull request Oct 30, 2024
This is a squashed commit with changes in #371:

Enable to detach Karpenter v1beta controller policy

Make v1 and v1beta policies mutually exclusive

Use Karpenter v1 resources in test

Revert "Make v1 and v1beta policies mutually exclusive"

This reverts commit 0db1769.

Separate policy documents as managed policies
coord-e added a commit that referenced this pull request Oct 30, 2024
This is a squashed commit with changes in #371, along with some
modifications to match the state of the 1.29 release branch:

Enable to detach Karpenter v1beta controller policy

Make v1 and v1beta policies mutually exclusive

Use Karpenter v1 resources in test

Revert "Make v1 and v1beta policies mutually exclusive"

This reverts commit 0db1769.

Separate policy documents as managed policies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants