feat: Add Karpenter v1beta1 compatibility (#2800)

* feat: Add Karpenter v1beta1 compatibility * fix: Update to make changes opt-in * fix: Update resource schemas to align with latest Karpenter version - validated and working as intended --------- Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
2026-03-23 18:01:04 +01:00 · 2023-11-01 08:33:07 -07:00
parent 69eb4569b9
commit aec2bab1d8
6 changed files with 85 additions and 58 deletions
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -160,6 +160,24 @@ data "aws_iam_policy_document" "irsa" {
      resources = [aws_sqs_queue.this[0].arn]
    }
  }
+
+  # TODO - this will be replaced in v20.0 with the scoped policy provided by Karpenter
+  # https://github.com/aws/karpenter/blob/main/website/content/en/docs/upgrading/v1beta1-controller-policy.json
+  dynamic "statement" {
+    for_each = var.enable_karpenter_instance_profile_creation ? [1] : []
+
+    content {
+      actions = [
+        "iam:AddRoleToInstanceProfile",
+        "iam:CreateInstanceProfile",
+        "iam:DeleteInstanceProfile",
+        "iam:GetInstanceProfile",
+        "iam:RemoveRoleFromInstanceProfile",
+        "iam:TagInstanceProfile",
+      ]
+      resources = ["*"]
+    }
+  }
 }

 resource "aws_iam_policy" "irsa" {
@@ -368,7 +386,7 @@ locals {
 }

 resource "aws_iam_instance_profile" "this" {
-  count = var.create && var.create_instance_profile ? 1 : 0
+  count = var.create && var.create_instance_profile && !var.enable_karpenter_instance_profile_creation ? 1 : 0

  name        = var.iam_role_use_name_prefix ? null : local.iam_role_name
  name_prefix = var.iam_role_use_name_prefix ? "${local.iam_role_name}-" : null