Comments (3)
sample policy
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ConditionalEC2Termination",
"Effect": "Allow",
"Action": "ec2:TerminateInstances",
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/Name": "*karpenter*"
},
"StringEquals": {
"ec2:ResourceTag/karpenter.k8s.aws/cluster": "cluster-foobar-1"
}
}
}
]
}
this will require some templating to include var.addon_context.eks_cluster_id
from terraform-aws-eks-blueprints-addons.
this is largely driven by https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/modules/iam-role-for-service-accounts-eks which we can look at adopting here
from terraform-aws-eks-blueprints-addons.
@bryantbiggs the policy code is already in blueprints module.
will just need to be enhanced when v0.14 is released to allow for a better identification of the nodes, without looking at the Name
tag.
from terraform-aws-eks-blueprints-addons.
Related Issues (20)
- Kubernetes cluster unreachable: invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable HOT 1
- how to pass parameters for ExternalDNS HOT 6
- Upgraded v4-v5 addons aws_load_balancer_controller WebIdentityErr 403 HOT 3
- is the aws-ebs-csi-driver automatically associated with an IRSA account? HOT 2
- The api gateway controller addon lacks permissions to create httproutes as it currently throwing up errors
- [external-dns] - Use IDs embedded in `external_dns_route53_zone_arns` as `zone-id-filter` HOT 3
- addons configuration is timing out HOT 7
- fix indentation in karpenter pause deployment docs
- Adding support for the default namespace service account to access AWS Secret Manager in external-secrets. HOT 9
- karpenter cannot delete nodes it creates in GovCloud HOT 10
- Using enable_aws_for_fluentbit = true creates a log group with a suffix but is used without it from the container
- Typographical error: 'interupt' should be Corrected to 'interrupt'. HOT 1
- AccessDenied: User: assumed-role/karpenter is not authorized to perform: iam:PassRole on resource: karpenter-reproduction because no identity-based policy allows the iam:PassRole action HOT 2
- Enable support for aws-fsx-openzfs-csi-driver HOT 3
- Add-on: Mountpoint for Amazon S3 CSI driver HOT 2
- Unsupported attribute: eks_blueprints_addons/main.tf line 3688 HOT 2
- cert-manager CRD's not installed after apply HOT 2
- hard-coded partitions found in the external-secrets operator HOT 1
- [ADDON] - Backstage HOT 5
- [Velero add-on] Velero deployment fails: Back-off restarting failed container velero in pod velero-upgrade-crds-* HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-eks-blueprints-addons.