diff --git a/README.md b/README.md
index f30cc6a..50d8b1c 100644
--- a/README.md
+++ b/README.md
@@ -38,8 +38,9 @@ Truefoundry AWS Karpenter Module
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [additional\_controller\_node\_iam\_role\_arns](#input\_additional\_controller\_node\_iam\_role\_arns) | The additional node iam roles to be used by karpenter | `list(string)` | `[]` | no |
| [cluster\_name](#input\_cluster\_name) | Cluster Name to install karpenter | `string` | n/a | yes |
-| [controller\_node\_iam\_role\_arn](#input\_controller\_node\_iam\_role\_arn) | The initial node iam role arn | `string` | n/a | yes |
+| [controller\_node\_iam\_role\_arn](#input\_controller\_node\_iam\_role\_arn) | The node iam role for the initial node group to be used by karpenter | `string` | n/a | yes |
| [controller\_nodegroup\_name](#input\_controller\_nodegroup\_name) | The initial nodegroup name | `string` | n/a | yes |
| [k8s\_service\_account\_name](#input\_k8s\_service\_account\_name) | The k8s karpenter service account name | `string` | n/a | yes |
| [k8s\_service\_account\_namespace](#input\_k8s\_service\_account\_namespace) | The k8s karpenter namespace | `string` | n/a | yes |
diff --git a/main.tf b/main.tf
index e95c8f7..2865fe4 100644
--- a/main.tf
+++ b/main.tf
@@ -7,11 +7,11 @@ module "karpenter_irsa_role" {
attach_karpenter_controller_policy = true
karpenter_controller_cluster_id = var.cluster_name
- karpenter_controller_node_iam_role_arns = [var.controller_node_iam_role_arn]
+ karpenter_controller_node_iam_role_arns = flatten([var.controller_node_iam_role_arn, var.additional_controller_node_iam_role_arns])
attach_vpc_cni_policy = true
vpc_cni_enable_ipv4 = true
-
+
role_policy_arns = {
"sqs_policy" = aws_iam_policy.sqs.arn
}
diff --git a/output.tf b/output.tf
index bbb82f4..4115b62 100644
--- a/output.tf
+++ b/output.tf
@@ -1,14 +1,14 @@
output "karpenter_role_arn" {
- value = module.karpenter_irsa_role.iam_role_arn
+ value = module.karpenter_irsa_role.iam_role_arn
description = "Karpenter role ARN"
}
output "karpenter_instance_profile_id" {
- value = aws_iam_instance_profile.karpenter.id
+ value = aws_iam_instance_profile.karpenter.id
description = "Karpenter instance profile ID"
}
output "karpenter_sqs_name" {
- value = aws_sqs_queue.karpenter.name
+ value = aws_sqs_queue.karpenter.name
description = "Name of the SQS queue for interruption handling"
}
\ No newline at end of file
diff --git a/sqs.tf b/sqs.tf
index ba7e2d7..4f3377e 100644
--- a/sqs.tf
+++ b/sqs.tf
@@ -1,8 +1,8 @@
resource "aws_sqs_queue" "karpenter" {
name = "${var.cluster_name}-karpenter"
message_retention_seconds = var.message_retention_seconds
- sqs_managed_sse_enabled = var.sqs_enable_encryption
- tags = local.tags
+ sqs_managed_sse_enabled = var.sqs_enable_encryption
+ tags = local.tags
}
data "aws_iam_policy_document" "sqs" {
diff --git a/variables.tf b/variables.tf
index 5534e27..5cbe4d3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -19,24 +19,30 @@ variable "oidc_provider_arn" {
}
variable "controller_node_iam_role_arn" {
- description = "The initial node iam role arn"
+ description = "The node iam role for the initial node group to be used by karpenter"
type = string
}
+variable "additional_controller_node_iam_role_arns" {
+ description = "The additional node iam roles to be used by karpenter"
+ type = list(string)
+ default = []
+}
+
variable "controller_nodegroup_name" {
description = "The initial nodegroup name"
type = string
}
variable "sqs_enable_encryption" {
description = "Enable Server side encryption for SQS"
- type = bool
- default = true
+ type = bool
+ default = true
}
variable "message_retention_seconds" {
description = "Message retention in seconds for SQS queue"
- type = number
- default = 300
+ type = number
+ default = 300
}
variable "tags" {