fix: Change Karpenter instance termination key condition to use more …

…broadly applciable (#346)
aws-ia · Jan 24, 2024 · a408617 · a408617
1 parent b09514c
commit a408617
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 14 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -10,7 +10,7 @@ repos:
       - id: detect-aws-credentials
         args: ['--allow-missing-credentials']
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.83.5
+    rev: v1.86.0
     hooks:
       - id: terraform_fmt
       - id: terraform_docs

diff --git a/docs/addons/karpenter.md b/docs/addons/karpenter.md
@@ -46,27 +46,28 @@ fargate-ip-10-0-45-112.us-west-2.compute.internal   Ready    <none>   2m33s   v1
 
 ```sh
 kubectl apply -f - <<EOF
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-    name: inflate
+  name: inflate
 spec:
-    replicas: 0
-    selector:
+  replicas: 0
+  selector:
     matchLabels:
-        app: inflate
-    template:
+      app: inflate
+  template:
     metadata:
-        labels:
+      labels:
         app: inflate
     spec:
-        terminationGracePeriodSeconds: 0
-        containers:
+      terminationGracePeriodSeconds: 0
+      containers:
         - name: inflate
-            image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
-            resources:
+          image: public.ecr.aws/eks-distro/kubernetes/pause:3.7
+          resources:
             requests:
-                cpu: 1
+              cpu: 1
 EOF
 ```
 

diff --git a/main.tf b/main.tf
@@ -2848,8 +2848,8 @@ data "aws_iam_policy_document" "karpenter" {
 
     condition {
       test     = "StringLike"
-      variable = "ec2:ResourceTag/${try(var.karpenter.irsa_tag_key, "Name")}"
-      values   = try(var.karpenter.irsa_tag_values, ["*karpenter*", "*compute.internal", "*ec2.internal"])
+      variable = "ec2:ResourceTag/kubernetes.io/cluster/${var.cluster_name}"
+      values   = ["*"]
     }
   }