feat: Update Karpenter sub-module to support Karpenter v1.12 (#3690)

* feat: Update Karpenter sub-module to support Karpenter v1.12 * feat: Update Karpenter example to demonstrate zonal shift support Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: Remove enable_zonal_shift gate, include permission unconditionally Per maintainer feedback, the module should default to full permissions and let users enable/disable features via the controller's Helm values. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
SCT-Engineering · Apr 27, 2026 · 3bc989b · 3bc989b
1 parent ed7f4d5
commit 3bc989b
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
@@ -155,6 +155,7 @@ resource "helm_release" "karpenter" {
       clusterName: ${module.eks.cluster_name}
       clusterEndpoint: ${module.eks.cluster_endpoint}
       interruptionQueue: ${module.karpenter.queue_name}
+      enableZonalShift: true
     webhook:
       enabled: false
     EOT

diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
@@ -190,6 +190,7 @@ data "aws_iam_policy_document" "controller" {
       "ec2:DescribeInstanceTypes",
       "ec2:DescribeLaunchTemplates",
       "ec2:DescribeSecurityGroups",
+      "ec2:DescribeInstanceStatus",
       "ec2:DescribeSpotPriceHistory",
       "ec2:DescribeSubnets",
       "ec2:DescribePlacementGroups"
@@ -214,6 +215,12 @@ data "aws_iam_policy_document" "controller" {
     actions   = ["pricing:GetProducts"]
   }
 
+  statement {
+    sid       = "AllowZonalShiftReadActions"
+    resources = ["arn:${local.partition}:eks:${local.region}:${local.account_id}:cluster/${var.cluster_name}"]
+    actions   = ["arc-zonal-shift:GetManagedResource"]
+  }
+
   dynamic "statement" {
     for_each = local.enable_spot_termination ? [1] : []