terraform-aws-eks icon indicating copy to clipboard operation
terraform-aws-eks copied to clipboard

Published 20 hours ago β€’ verified publisher icon terraform-aws-modules

feat: Replace resolve_conflicts with resolve_conflicts_on_create/…

Open bryantbiggs opened this issue 1 year ago β€’ 3 comments

Description

Motivation and Context

  • Resolves #2525
  • Resolves #2541
  • Resolves #2635
  • Resolves #2733
  • Resolves #2809
  • Resolves #2816
  • Resolves #2848
  • Resolves #2850

Breaking Changes

How Has This Been Tested?

  • [ ] I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • [ ] I have tested and validated these changes using one or more of the provided examples/* projects
  • [ ] I have executed pre-commit run -a on my pull request

bryantbiggs avatar Dec 19 '23 00:12 bryantbiggs

Thank you @bryantbiggs for the upgrade work! With it, I successfully used the karpenter module here with the latest Karpenter 0.33.1 release. However, I needed to apply policy updates to be in sync with the new v1beta controller policy. In particular, I added region statements, added spot instance support, and fixed typos.

jbronn avatar Jan 02 '24 20:01 jbronn

awesome, thanks @jbronn - theres a few parts we're waiting on for this release, and one of those is https://github.com/aws/karpenter-provider-aws/issues/5195. I'd prefer to follow the policy set by the upstream project instead of crafting something custom here so we'll see what the Karpenter team comes back with

bryantbiggs avatar Jan 02 '24 20:01 bryantbiggs

@bryantbiggs I think we're on the same page, as my changes were an attempt to sync with latest 0.33.1 policy rather than some custom one I made myself. In particular, there are significant issues with the current policy here that prevent Karpenter working at all:

  • Typos in AllowScopedResourceTagging and AllowScopedDeletion policy statements: they should be using ResourceTag instead of RequestTag in conditions.
  • The AllowScopedEC2InstanceActionsWithTags has wrong conditions specified.
  • The AllowInterruptionQueueActions and AllowPassingInstanceRole statements should be referring to the SQS queue and role ARNs instead of hard-coding strings that don't match the managed terraform resources.

jbronn avatar Jan 05 '24 16:01 jbronn

This PR is included in version 20.0.0 :tada:

antonbabenko avatar Feb 02 '24 14:02 antonbabenko

A module tag has been added to the cluster control plane

Hi @bryantbiggs any particular reason for this change? I don't see any way to modify the behavior as its a hard set merge. We like to enforce our own tagging standards and this breaks that. PRs welcome?

morganrowse avatar Feb 13 '24 07:02 morganrowse

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Mar 15 '24 01:03 github-actions[bot]