karpenter: policy missing DeleteLaunchTemplate

otterley commented 2 years ago

Describe the bug

The IAM role policy associated with the Karpenter pod needs to be able to call DeleteLaunchTemplate, per the following reported error:

2022-05-13T03:09:42.540Z        ERROR   controller.aws.launchtemplate   Unable to delete launch template, UnauthorizedOperation: You are not authorized to perform this operation.

Expected Behavior

-

Current Behavior

-

Reproduction Steps

-

Possible Solution

Add ec2:DeleteLaunchTemplate to the role policy

Additional Information/Context

No response

CDK CLI Version

-

EKS Blueprints Version

No response

Node.js Version

-

Environment details (OS name and version, etc.)

-

Other information

No response

otterley commented 2 years ago

The full set of required permissions can be found here: https://github.com/aws/karpenter/blob/main/website/content/en/v0.8.2/getting-started/getting-started-with-eksctl/cloudformation.yaml

jyidiego commented 2 years ago

@otterley hi, I have a PR that fixes this https://github.com/aws-quickstart/cdk-eks-blueprints/pull/389.

aws-quickstart / cdk-eks-blueprints

karpenter: policy missing DeleteLaunchTemplate #381

Describe the bug

Expected Behavior

Current Behavior

Reproduction Steps

Possible Solution

Additional Information/Context

CDK CLI Version

EKS Blueprints Version

Node.js Version

Environment details (OS name and version, etc.)

Other information