Merge pull request #13 from truefoundry/instance-profile-check

Instance profile check

Author: dunefro

README.md

@@ -45,6 +45,7 @@ Truefoundry AWS Karpenter Module
 | <a name="input_controller_nodegroup_name"></a> [controller\_nodegroup\_name](#input\_controller\_nodegroup\_name) | The initial nodegroup name | `string` | n/a | yes |
 | <a name="input_create_karpenter_iam_role"></a> [create\_karpenter\_iam\_role](#input\_create\_karpenter\_iam\_role) | Enable/disable creation of IAM role for karpenter | `bool` | `true` | no |
 | <a name="input_existing_karpenter_iam_role_arn"></a> [existing\_karpenter\_iam\_role\_arn](#input\_existing\_karpenter\_iam\_role\_arn) | ARN of the existing karpenter role. This will be used only when create\_karpenter\_iam\_role is set to false | `string` | `""` | no |
+| <a name="input_existing_karpenter_instance_profile"></a> [existing\_karpenter\_instance\_profile](#input\_existing\_karpenter\_instance\_profile) | Instance profile for karpenter. This will be used only when create\_karpenter\_iam\_role is set to false | `string` | `""` | no |
 | <a name="input_k8s_service_account_name"></a> [k8s\_service\_account\_name](#input\_k8s\_service\_account\_name) | The k8s karpenter service account name | `string` | `"karpenter"` | no |
 | <a name="input_k8s_service_account_namespace"></a> [k8s\_service\_account\_namespace](#input\_k8s\_service\_account\_namespace) | The k8s karpenter namespace | `string` | `"kube-system"` | no |
 | <a name="input_message_retention_seconds"></a> [message\_retention\_seconds](#input\_message\_retention\_seconds) | Message retention in seconds for SQS queue | `number` | `300` | no |

main.tf

@@ -25,12 +25,18 @@ module "karpenter_irsa_role" {
 }
 
 resource "aws_iam_instance_profile" "karpenter" {
-  name = "${var.cluster_name}-karpenter-${var.controller_nodegroup_name}"
-  role = split("/", var.controller_node_iam_role_arn)[1]
-  tags = local.tags
+  count = var.create_karpenter_iam_role ? 1 : 0
+  name  = "${var.cluster_name}-karpenter-${var.controller_nodegroup_name}"
+  role  = split("/", var.controller_node_iam_role_arn)[1]
+  tags  = local.tags
 }
 
 moved {
   from = module.karpenter_irsa_role
   to   = module.karpenter_irsa_role[0]
+}
+
+moved {
+  from = resource.aws_iam_instance_profile.karpenter
+  to   = resource.aws_iam_instance_profile.karpenter[0]
 }

output.tf

@@ -4,7 +4,7 @@ output "karpenter_role_arn" {
 }
 
 output "karpenter_instance_profile_id" {
-  value       = aws_iam_instance_profile.karpenter.id
+  value       = var.create_karpenter_iam_role ? aws_iam_instance_profile.karpenter[0].id : var.existing_karpenter_instance_profile
   description = "Karpenter instance profile ID"
 }
 

variables.tf

@@ -27,6 +27,12 @@ variable "existing_karpenter_iam_role_arn" {
   default     = ""
 }
 
+variable "existing_karpenter_instance_profile" {
+  description = "Instance profile for karpenter. This will be used only when create_karpenter_iam_role is set to false"
+  type        = string
+  default     = ""
+}
+
 variable "oidc_provider_arn" {
   description = "The oidc provider  arn of the eks cluster"
   type        = string