Merge pull request #7 from truefoundry/karpenter-fargate

Karpenter fargate

README.md

@@ -41,6 +41,10 @@ No resources.
 | <a name="input_eks_managed_node_groups"></a> [eks\_managed\_node\_groups](#input\_eks\_managed\_node\_groups) | Map of EKS managed node group definitions to create | `any` | `{}` | no |
 | <a name="input_enable_irsa"></a> [enable\_irsa](#input\_enable\_irsa) | Determines whether to create an OpenID Connect Provider for EKS to enable IRSA | `bool` | `true` | no |
 | <a name="input_iam_role_additional_policies"></a> [iam\_role\_additional\_policies](#input\_iam\_role\_additional\_policies) | Additional policies to be added to the IAM role | `map(string)` | `{}` | no |
+| <a name="input_karpenter_fargate_profile_attach_cni_policy"></a> [karpenter\_fargate\_profile\_attach\_cni\_policy](#input\_karpenter\_fargate\_profile\_attach\_cni\_policy) | Attach CNI policy to IAM role for Karpenter Fargate profile | `bool` | `true` | no |
+| <a name="input_karpenter_fargate_profile_create_iam_role"></a> [karpenter\_fargate\_profile\_create\_iam\_role](#input\_karpenter\_fargate\_profile\_create\_iam\_role) | Create IAM role for Karpenter Fargate profile | `bool` | `true` | no |
+| <a name="input_karpenter_fargate_profile_enabled"></a> [karpenter\_fargate\_profile\_enabled](#input\_karpenter\_fargate\_profile\_enabled) | Enable Karpenter Fargate profile | `bool` | `false` | no |
+| <a name="input_karpenter_fargate_profile_namespace"></a> [karpenter\_fargate\_profile\_namespace](#input\_karpenter\_fargate\_profile\_namespace) | value of the namespace where Karpenter is installed | `string` | `"karpenter"` | no |
 | <a name="input_node_security_group_additional_rules"></a> [node\_security\_group\_additional\_rules](#input\_node\_security\_group\_additional\_rules) | List of additional security group rules to add to the node security group created. Set `source_cluster_security_group = true` inside rules to set the `cluster_security_group` as source | `any` | `{}` | no |
 | <a name="input_node_security_group_tags"></a> [node\_security\_group\_tags](#input\_node\_security\_group\_tags) | List of node security group tags | `any` | `{}` | no |
 | <a name="input_openid_connect_audiences"></a> [openid\_connect\_audiences](#input\_openid\_connect\_audiences) | List of OpenID Connect audience client IDs to add to the IRSA provider | `list(string)` | `[]` | no |

eks.tf

@@ -28,6 +28,31 @@ module "aws-eks-kubernetes-cluster" {
   cluster_security_group_additional_rules = merge(local.cluster_security_group_additional_rules, var.cluster_security_group_additional_rules)
   node_security_group_additional_rules    = merge(local.node_security_group_additional_rules, var.node_security_group_additional_rules)
   node_security_group_tags                = var.node_security_group_tags
+  fargate_profiles = var.karpenter_fargate_profile_enabled ? {
+    karpenter = {
+      create       = true
+      cluster_name = var.cluster_name
+      name         = local.karpenter_profile_name
 
+      subnet_ids = var.subnet_ids
+      selectors = [
+        {
+          namespace = var.karpenter_fargate_profile_namespace
+        }
+      ]
+      create_iam_role            = var.karpenter_fargate_profile_create_iam_role
+      iam_role_use_name_prefix   = true
+      iam_role_name              = var.cluster_name
+      iam_role_description       = "TrueFoundry IAM role of Karpenter Fargate Profile for cluster ${var.cluster_name}"
+      iam_role_attach_cni_policy = var.karpenter_fargate_profile_attach_cni_policy
+      iam_role_tags              = local.tags
+      tags = merge(
+        {
+          "faragate-profile" = "karpenter"
+        }, local.tags
+      )
+    }
+
+  } : {}
   tags = local.tags
 }

locals.tf

@@ -57,4 +57,6 @@ locals {
       self        = true # Does not work for fargate
     }
   }
+
+  karpenter_profile_name = "${var.cluster_name}-karpenter"
 }

variables.tf

@@ -160,9 +160,35 @@ variable "eks_managed_node_groups" {
 ##################################################################################
 ## Other variables
 ##################################################################################
-
 variable "tags" {
   description = "A map of tags to add to all resources"
   type        = map(string)
   default     = {}
+}
+
+##################################################################################
+## Karpenter Fargate profile
+##################################################################################
+variable "karpenter_fargate_profile_enabled" {
+  description = "Enable Karpenter Fargate profile"
+  type        = bool
+  default     = false
+}
+
+variable "karpenter_fargate_profile_namespace" {
+  description = "value of the namespace where Karpenter is installed"
+  type        = string
+  default     = "karpenter"
+}
+
+variable "karpenter_fargate_profile_create_iam_role" {
+  description = "Create IAM role for Karpenter Fargate profile"
+  type        = bool
+  default     = true
+}
+
+variable "karpenter_fargate_profile_attach_cni_policy" {
+  description = "Attach CNI policy to IAM role for Karpenter Fargate profile"
+  type        = bool
+  default     = true
 }