-
Notifications
You must be signed in to change notification settings - Fork 984
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
InvalidParameterValue for Instance Profile #3051
Comments
Seeing here that the naming convention may be a requirement.
Is it possible to place a feature request for this to not be a requirement and rather truly accept the role passed as configuration? Renaming an IAM role & instance profile isn't possible & requires a resource replacement for people using IaC (we use terraform). We could create a new one for Karpenter but don't see a need for a unique role/profile for Karpenter nodes as we expect them to run alongside our normal fleet. |
our role has nothing to do with karpenter, and is shared with MNG. so the name is not a critical bit here |
@FernandoMiguel thanks for the reply. Am I misunderstanding what value to be passing for instance profile? Are none of these values valid?
|
we issue an instance role with resource "aws_iam_instance_profile" "karpenter" {
name_prefix = substr("KarpenterNodeInstanceProfile-${var.eks_cluster_id}-", 0, 102) # expected length of name_prefix to be in the range (1 - 102).
role = var.aws_iam_role_ng
}
output "aws_iam_instance_profile_karpenter" { value = aws_iam_instance_profile.karpenter } then pass data "kubectl_file_documents" "karpenter_default_provisioner" {
content = templatefile("${path.module}/provisioners/default_provisioner.yaml", {
azs = jsonencode(var.aws_availability_zones)
capacity-type = jsonencode(var.capacity-type)
arch = jsonencode(var.arch)
tags = jsonencode(local.tags)
private_subnets = join(", ", var.private_subnets) ## https://github.com/aws/karpenter/issues/1327
security_groups = join(", ", var.security_groups)
provisioner_name = local.provisioner_name
provisioner_bigger_hw_pool_name = local.provisioner_bigger_hw_pool_name
limits_resources_cpu = var.limits_resources_cpu
amiFamily = var.amiFamily ## Currently, Karpenter supports amiFamily values AL2, Bottlerocket, and Ubuntu. GPUs are only supported with AL2 and Bottlerocket.
instanceProfile = aws_iam_instance_profile.karpenter.name
volumeSize = var.volumeSize
ttlSecondsAfterEmpty = var.ttlSecondsAfterEmpty
ttlSecondsUntilExpired = var.ttlSecondsUntilExpired
})
} that makes the contents of |
so if you login to your aws console, go to roles and open your role, you will see in the far right the instance arn |
Thank you for opening this issue please feel free to reopen the ticket if the issue continues to exist. |
Is an existing page relevant?
No response
What karpenter features are relevant?
Karpenter -
v0.19.3
Kubernetes (EKS) -
v1.22.15
Attempting to specify the
defaultInstanceProfile
field on the helm chart but nothing I pass seems to be valid. I'm repeatedly seeing:I've tried many renditions for this field including:
I've even tried overriding this value in the NodeTemplates file and haven't had any luck. I've surveyed docs and the only thing I can come up with is that the role has to follow a specific naming convention (
KarpenterNodeRole-${ClusterName}
)? Is this true? Looking at the examples that doesn't appear to be a hard requirement.Could somebody please advise?
How should the docs be improved?
Potentially add a section to troubleshooting for this, maybe below here as it seems to be relevant.
Community Note
The text was updated successfully, but these errors were encountered: