feat: Allow enable/disable of EKS pod identity for the Karpenter controller (#2902)

* Made EKS pod identities for the controller role toggleable * Switched the variable to the singular form --------- Co-authored-by: Tyler Culp <tyler.culp@polestardefense.com>
2026-03-27 20:01:06 +01:00 · 2024-02-06 09:34:04 -05:00
parent f6992b159c
commit cc6919de81
3 changed files with 21 additions and 10 deletions
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -22,15 +22,19 @@ data "aws_iam_policy_document" "controller_assume_role" {
  count = local.create_iam_role ? 1 : 0

  # Pod Identity
-  statement {
-    actions = [
-      "sts:AssumeRole",
-      "sts:TagSession",
-    ]
+  dynamic "statement" {
+    for_each = var.enable_pod_identity ? [1] : []

-    principals {
-      type        = "Service"
-      identifiers = ["pods.eks.amazonaws.com"]
+    content {
+      actions = [
+        "sts:AssumeRole",
+        "sts:TagSession",
+      ]
+
+      principals {
+        type        = "Service"
+        identifiers = ["pods.eks.amazonaws.com"]
+      }
    }
  }