Merge pull request #4 from truefoundry/support_multiple_role_arns

support multiple role arns in karpenter

Author: shubhamrai1993

README.md

@@ -38,8 +38,9 @@ Truefoundry AWS Karpenter Module
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_additional_controller_node_iam_role_arns"></a> [additional\_controller\_node\_iam\_role\_arns](#input\_additional\_controller\_node\_iam\_role\_arns) | The additional node iam roles to be used by karpenter | `list(string)` | `[]` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Cluster Name to install karpenter | `string` | n/a | yes |
-| <a name="input_controller_node_iam_role_arn"></a> [controller\_node\_iam\_role\_arn](#input\_controller\_node\_iam\_role\_arn) | The initial node iam role arn | `string` | n/a | yes |
+| <a name="input_controller_node_iam_role_arn"></a> [controller\_node\_iam\_role\_arn](#input\_controller\_node\_iam\_role\_arn) | The node iam role for the initial node group to be used by karpenter | `string` | n/a | yes |
 | <a name="input_controller_nodegroup_name"></a> [controller\_nodegroup\_name](#input\_controller\_nodegroup\_name) | The initial nodegroup name | `string` | n/a | yes |
 | <a name="input_k8s_service_account_name"></a> [k8s\_service\_account\_name](#input\_k8s\_service\_account\_name) | The k8s karpenter service account name | `string` | n/a | yes |
 | <a name="input_k8s_service_account_namespace"></a> [k8s\_service\_account\_namespace](#input\_k8s\_service\_account\_namespace) | The k8s karpenter namespace | `string` | n/a | yes |

main.tf

@@ -7,11 +7,11 @@ module "karpenter_irsa_role" {
   attach_karpenter_controller_policy = true
 
   karpenter_controller_cluster_id         = var.cluster_name
-  karpenter_controller_node_iam_role_arns = [var.controller_node_iam_role_arn]
+  karpenter_controller_node_iam_role_arns = flatten([var.controller_node_iam_role_arn, var.additional_controller_node_iam_role_arns])
 
   attach_vpc_cni_policy = true
   vpc_cni_enable_ipv4   = true
-  
+
   role_policy_arns = {
     "sqs_policy" = aws_iam_policy.sqs.arn
   }

output.tf

@@ -1,14 +1,14 @@
 output "karpenter_role_arn" {
-  value = module.karpenter_irsa_role.iam_role_arn
+  value       = module.karpenter_irsa_role.iam_role_arn
   description = "Karpenter role ARN"
 }
 
 output "karpenter_instance_profile_id" {
-  value = aws_iam_instance_profile.karpenter.id
+  value       = aws_iam_instance_profile.karpenter.id
   description = "Karpenter instance profile ID"
 }
 
 output "karpenter_sqs_name" {
-  value = aws_sqs_queue.karpenter.name
+  value       = aws_sqs_queue.karpenter.name
   description = "Name of the SQS queue for interruption handling"
 }

sqs.tf

@@ -1,8 +1,8 @@
 resource "aws_sqs_queue" "karpenter" {
   name                      = "${var.cluster_name}-karpenter"
   message_retention_seconds = var.message_retention_seconds
-  sqs_managed_sse_enabled = var.sqs_enable_encryption
-  tags = local.tags
+  sqs_managed_sse_enabled   = var.sqs_enable_encryption
+  tags                      = local.tags
 }
 
 data "aws_iam_policy_document" "sqs" {

variables.tf

@@ -19,24 +19,30 @@ variable "oidc_provider_arn" {
 }
 
 variable "controller_node_iam_role_arn" {
-  description = "The initial node iam role arn"
+  description = "The node iam role for the initial node group to be used by karpenter"
   type        = string
 }
 
+variable "additional_controller_node_iam_role_arns" {
+  description = "The additional node iam roles to be used by karpenter"
+  type        = list(string)
+  default     = []
+}
+
 variable "controller_nodegroup_name" {
   description = "The initial nodegroup name"
   type        = string
 }
 variable "sqs_enable_encryption" {
   description = "Enable Server side encryption for SQS"
-  type = bool
-  default = true
+  type        = bool
+  default     = true
 }
 
 variable "message_retention_seconds" {
   description = "Message retention in seconds for SQS queue"
-  type = number
-  default = 300
+  type        = number
+  default     = 300
 }
 
 variable "tags" {