feat: Add support for Karpenter v1 controller IAM role permissions

[andy-townsend]

Description

This PR updates the IAM role for the Karpenter Controller to reflect all the changes made for Karpenter v1.0.0

Motivation and Context

Without this, karpenter fails to start nodes when upgraded to v1.0.0. Solves errors such as;

"error":"tagging nodeclaim, tagging instance, UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::12345678990:assumed-role/karpenter-controller-lab/1723721642521363579 is not authorized to perform: ec2:CreateTags on resource: arn:aws:ec2:eu-west-1:12345678990:instance/i-0d25b72e6a588fa4b because no identity-based policy allows the ec2:CreateTags action. 

They removed the sqs:GetQueueAttributes in this change

This change shows all the changes in the controller IAM policy (taken from website/content/en/docs/getting-started/getting-started-with-karpenter/cloudformation.yaml)

• Closes #3129
• Resolves #3128

Breaking Changes

• No

How Has This Been Tested?

Tested in my lab setup, changes applied and nodes now spin up.

• [ ] I have updated at least one of the examples/* to demonstrate and validate my change(s)
• [ ] I have tested and validated these changes using one or more of the provided examples/* projects
• [ ] I have executed pre-commit run -a on my pull request

[bryantbiggs]

I will need to check if this is backwards compatible with Karpenter versions < 1.0 before we can proceed

[suraj2410]

any plans when this would be merged and available for hee?

[senilio]

I quickly tried this PR with Karpenter 0.37.0, and I found an issue with launching new nodes.

{"level":"ERROR","time":"2024-08-19T05:33:46.765Z","logger":"controller","message":"Reconciler error","commit":"490ef94","controller":"nodeclaim.lifecycle","controllerGroup":"karpenter.sh","controllerKind":"NodeClaim","NodeClaim":{"name":"default-std9a"},"namespace":"","name":"default-std9a","reconcileID":"b6913acf-0fb6-417b-b206-38e3b2bb813f","error":"launching nodeclaim, creating instance, getting launch template configs, getting launch templates, creating launch template, UnauthorizedOperation: You are not authorized to perform this operation. User: arn:aws:sts::1234567890:assumed-role/KarpenterController-20240816080453288700000001/1724044805759067430 is not authorized to perform: ec2:CreateLaunchTemplate on resource: arn:aws:ec2:eu-west-1:1234567890:launch-template/* because no identity-based policy allows the ec2:CreateLaunchTemplate action.

Likely due to the additions of aws:RequestTag/eks:eks-cluster-name

[antonbabenko]

This PR is included in version 20.24.0 :tada:

[github-actions[bot]]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.