Possible to extend Karpenter Role permissions from stack outputs?

cristianmagana commented 1 year ago

Describe the documentation issue

Looking to extend permissions for the Karpenter node role from a cross-stack deployment within the same app. I'm seeing that the KarpenterInstanceNodeRole and the KarpenterInstanceProfilename are exported as outputs but not sure how to go about this. Any ideas?

const karpenterRole = Role.fromRoleName(this, 'karpenter-role', Fn.importValue('KarpenterInstanceNodeRole')); karpenterRole.addManagedPolicy(ManagedPolicy.fromAwsManagedPolicyName('AmazonRoute53FullAccess'));

Links

https://github.com/aws-quickstart/cdk-eks-blueprints/blob/main/docs/addons/karpenter.md

cristianmagana commented 1 year ago

Found a workaround by putting the provisioners in flux and using the instance profile of node groups in the node template.

I'm able to extend the node groups permission through ...getClusterInfo().nodeGroups?.forEach(...)

shapirov103 commented 1 year ago

@cristianmagana thanks for posting this posterity.

With respect to flux: we are adding flux add-on now, it will be released in a couple of weeks.

With respect to the approach with node group roles: you can pass roles or any CDK constructs to the underlying infrastructure using this approach: https://aws-quickstart.github.io/cdk-eks-blueprints/resource-providers/#using-resource-providers-with-cdk-constructs

The above is FYI, in cases you run into something similar.

aws-quickstart / cdk-eks-blueprints

Possible to extend Karpenter Role permissions from stack outputs? #638

Describe the documentation issue

Links