Skip to content

Commit

Permalink
feat(aws): bump Karpenter
Browse files Browse the repository at this point in the history 
Signed-off-by: Nicolas Lamirault <nicolas.lamirault@gmail.com>
  • Loading branch information
@nlamirault
nlamirault committed Aug 23, 2024
1 parent 451e317 commit e7714d3
Show file tree
Hide file tree
Showing 4 changed files with 25 additions and 4 deletions.
9 changes: 5 additions & 4 deletions terraform/aws/eks/modules/eks/karpenter.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,16 @@

module "karpenter" {
source = "terraform-aws-modules/eks/aws//modules/karpenter"
version = "20.20.0"
version = "20.24.0"

cluster_name = module.eks.cluster_name

iam_role_name = var.karpenter_role_name
node_iam_role_name = format("%s-node", var.karpenter_role_name)

enable_irsa = true
iam_role_name = var.karpenter_role_name
node_iam_role_name = format("%s-node", var.karpenter_role_name)
irsa_oidc_provider_arn = module.eks.oidc_provider_arn
irsa_namespace_service_accounts = ["${var.karpenter_namespace}:${var.karpenter_sa_name}"]
irsa_oidc_provider_arn = module.eks.oidc_provider_arn

node_iam_role_additional_policies = {
AmazonSSMManagedInstanceCore = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
Expand Down
8 changes: 8 additions & 0 deletions terraform/aws/eks/staging/staging.auto.tfvars
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,14 @@ eks_managed_node_groups = {
}

fargate_profiles = {
karpenter = {
name = "karpenter"
selectors = [
{
namespace = "karpenter"
}
]
}
pocs = {
name = "pocs"
selectors = [
Expand Down
10 changes: 10 additions & 0 deletions terraform/aws/security-hub/modules/security-hub/security_hub.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,16 @@ resource "aws_securityhub_member" "accounts" {
invite = false
}

resource "aws_securityhub_configuration_policy" "this" {
provider = aws.audit
name = "ExamplePolicy"
description = "This is an example SHCP."
configuration_policy {
service_enabled = false
}
depends_on = [aws_securityhub_organization_configuration.this]
}

# Enable Standard: AWS Foundational Security Best Practices
resource "aws_securityhub_standards_subscription" "aws_foundational" {
provider = aws.audit
Expand Down
2 changes: 2 additions & 0 deletions terraform/aws/vpc/modules/vpc/vpc.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,11 +39,13 @@ module "vpc" {
public_subnet_tags = merge({
"kubernetes.io/cluster/${var.eks_cluster_name}" = "shared"
"kubernetes.io/role/elb" = "1"
"profile" = "public"
}, var.public_subnet_tags)

private_subnet_tags = merge({
"kubernetes.io/cluster/${var.eks_cluster_name}" = "shared"
"kubernetes.io/role/internal-elb" = "1"
"profile" = "private"
# Tags subnets for Karpenter auto-discovery
"karpenter.sh/discovery/${var.eks_cluster_name}" = var.eks_cluster_name
}, var.private_subnet_tags)
Expand Down

0 comments on commit e7714d3

Please sign in to comment.