Closed andy-townsend closed 1 month ago
I will need to check if this is backwards compatible with Karpenter versions < 1.0 before we can proceed
any plans when this would be merged and available for hee?
I quickly tried this PR with Karpenter 0.37.0, and I found an issue with launching new nodes.
{"level":"ERROR","time":"2024-08-19T05:33:46.765Z","logger":"controller","message":"Reconciler error","commit":"490ef94","controller":"nodeclaim.lifecycle","controllerGroup":"karpenter.sh","controllerKind":"NodeClaim","NodeClaim":{"name":"default-std9a"},"namespace":"","name":"default-std9a","reconcileID":"b6913acf-0fb6-417b-b206-38e3b2bb813f","error":"launching nodeclaim, creating instance, getting launch template configs, getting launch templates, creating launch template, UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::1234567890:assumed-role/KarpenterController-20240816080453288700000001/1724044805759067430 is not authorized to perform: ec2:CreateLaunchTemplate on resource: arn:aws:ec2:eu-west-1:1234567890:launch-template/* because no identity-based policy allows the ec2:CreateLaunchTemplate action.
Likely due to the additions of aws:RequestTag/eks:eks-cluster-name
This PR is included in version 20.24.0 :tada:
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
This PR updates the IAM role for the Karpenter Controller to reflect all the changes made for Karpenter v1.0.0
Motivation and Context
Without this, karpenter fails to start nodes when upgraded to v1.0.0. Solves errors such as;
They removed the
sqs:GetQueueAttributes
in this changeThis change shows all the changes in the controller IAM policy (taken from website/content/en/docs/getting-started/getting-started-with-karpenter/cloudformation.yaml)
Breaking Changes
How Has This Been Tested?
Tested in my lab setup, changes applied and nodes now spin up.
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request