Skip to content

Commit df81750

Browse files
siennathesanecPu1
siennathesane
authored and
cPu1
committed
fixed iam permissions for karpenter
Signed-off-by: Sienna Satterwhite <[email protected]>
1 parent 3fdd538 commit df81750

File tree

2 files changed

+29
-3
lines changed

2 files changed

+29
-3
lines changed

pkg/cfn/builder/karpenter.go

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -49,9 +49,15 @@ const (
4949
ec2DescribeImages = "ec2:DescribeImages"
5050
ec2DescribeSpotPriceHistory = "ec2:DescribeSpotPriceHistory"
5151
// IAM
52-
iamPassRole = "iam:PassRole"
53-
iamCreateServiceLinkedRole = "iam:CreateServiceLinkedRole"
54-
ssmGetParameter = "ssm:GetParameter"
52+
iamPassRole = "iam:PassRole"
53+
iamCreateServiceLinkedRole = "iam:CreateServiceLinkedRole"
54+
iamGetInstanceProfile = "iam:GetInstanceProfile"
55+
iamCreateInstanceProfile = "iam:CreateInstanceProfile"
56+
iamDeleteInstanceProfile = "iam:DeleteInstanceProfile"
57+
iamTagInstanceProfile = "iam:TagInstanceProfile"
58+
iamAddRoleToInstanceProfile = "iam:AddRoleToInstanceProfile"
59+
// SSM
60+
ssmGetParameter = "ssm:GetParameter"
5561
// Pricing
5662
pricingGetProducts = "pricing:GetProducts"
5763
// SQS
@@ -165,6 +171,11 @@ func (k *KarpenterResourceSet) addResourcesForKarpenter() error {
165171
ec2DescribeSpotPriceHistory,
166172
iamPassRole,
167173
iamCreateServiceLinkedRole,
174+
iamGetInstanceProfile,
175+
iamCreateInstanceProfile,
176+
iamDeleteInstanceProfile,
177+
iamTagInstanceProfile,
178+
iamAddRoleToInstanceProfile,
168179
ssmGetParameter,
169180
pricingGetProducts,
170181
},

pkg/cfn/builder/karpenter_test.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -125,6 +125,11 @@ var expectedTemplate = `{
125125
"ec2:DescribeSpotPriceHistory",
126126
"iam:PassRole",
127127
"iam:CreateServiceLinkedRole",
128+
"iam:GetInstanceProfile",
129+
"iam:CreateInstanceProfile",
130+
"iam:DeleteInstanceProfile",
131+
"iam:TagInstanceProfile",
132+
"iam:AddRoleToInstanceProfile",
128133
"ssm:GetParameter",
129134
"pricing:GetProducts"
130135
],
@@ -262,6 +267,11 @@ var expectedTemplateWithPermissionBoundary = `{
262267
"ec2:DescribeSpotPriceHistory",
263268
"iam:PassRole",
264269
"iam:CreateServiceLinkedRole",
270+
"iam:GetInstanceProfile",
271+
"iam:CreateInstanceProfile",
272+
"iam:DeleteInstanceProfile",
273+
"iam:TagInstanceProfile",
274+
"iam:AddRoleToInstanceProfile",
265275
"ssm:GetParameter",
266276
"pricing:GetProducts"
267277
],
@@ -424,6 +434,11 @@ var expectedTemplateWithSpotInterruptionQueue = `{
424434
"ec2:DescribeSpotPriceHistory",
425435
"iam:PassRole",
426436
"iam:CreateServiceLinkedRole",
437+
"iam:GetInstanceProfile",
438+
"iam:CreateInstanceProfile",
439+
"iam:DeleteInstanceProfile",
440+
"iam:TagInstanceProfile",
441+
"iam:AddRoleToInstanceProfile",
427442
"ssm:GetParameter",
428443
"pricing:GetProducts"
429444
],

0 commit comments

Comments
 (0)