fix(iam): make karpenter and cluster-autoscaler mutual exclusion (#175)

<!--
  ~ Copyright 2023 StreamNative, Inc.
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~     http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied.
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
-->

<!--
### Contribution Checklist

- Fill out the template below to describe the changes contributed by the
pull request. That will give reviewers the context they need to do the
review.
  
- Each pull request should address only one issue, not mix up code from
multiple issues.
  
  - Each commit in the pull request has a meaningful commit message

- Once all items of the checklist are addressed, remove the above text
and this checklist, leaving only the filled out template below.

**(The sections below can be removed for hotfixes of typos)**
-->

### Motivation

We should make karpenter and cluster-autoscaler mutual exclusion

### Modifications

- make karpenter and cluster-autoscaler mutual exclusion, and protect
the output

### Verifying this change

- [x] Make sure that the change passes the CI checks.


### Documentation


- [x] `no-need-doc`

Signed-off-by: Max Xu <[email protected]>

Author: maxsxu

modules/iam/cluster_autoscaler.tf

@@ -1,5 +1,5 @@
 data "aws_iam_policy_document" "cluster_autoscaler_sts" {
-  count = var.enable_karpenter ? 1 : 0
+  count = var.enable_karpenter ? 0 : 1
 
   statement {
     actions = [
@@ -24,7 +24,7 @@ data "aws_iam_policy_document" "cluster_autoscaler_sts" {
 }
 
 resource "aws_iam_role" "cluster_autoscaler" {
-  count = var.enable_karpenter ? 1 : 0
+  count = var.enable_karpenter ? 0 : 1
 
   name                 = format("%s-ca-role", var.cluster_name)
   description          = format("Role used by IRSA and the KSA cluster-autoscaler on StreamNative Cloud EKS cluster %s", var.cluster_name)
@@ -35,7 +35,7 @@ resource "aws_iam_role" "cluster_autoscaler" {
 }
 
 resource "aws_iam_role_policy_attachment" "cluster_autoscaler" {
-  count = var.enable_karpenter ? 1 : 0
+  count = var.enable_karpenter ? 0 : 1
 
   policy_arn = local.default_service_policy_arn
   role       = aws_iam_role.cluster_autoscaler.0.name

modules/iam/outputs.tf

@@ -7,7 +7,7 @@ output "cert_manager_arn" {
 }
 
 output "cluster_autoscaler_arn" {
-  value = aws_iam_role.cluster_autoscaler.0.arn
+  value = try(aws_iam_role.cluster_autoscaler[0].arn, null)
 }
 
 output "csi_arn" {
@@ -19,9 +19,9 @@ output "external_dns_arn" {
 }
 
 output "karpenter_arn" {
-  value = aws_iam_role.karpenter.0.arn
+  value = try(aws_iam_role.karpenter[0].arn, null)
 }
 
 output "velero_arn" {
-  value = aws_iam_role.velero.0.arn
+  value = try(aws_iam_role.velero[0].arn, null)
 }