From 3aaaf901b301ceadf1f9549e73c8275ac24f6d40 Mon Sep 17 00:00:00 2001
From: Tung Nguyen <tongueroo@gmail.com>
Date: Thu, 20 Apr 2023 13:51:13 +0000
Subject: [PATCH 1/2] add irsa_tag_values variable

---
 modules/karpenter/README.md    | 1 +
 modules/karpenter/main.tf      | 8 ++++++--
 modules/karpenter/variables.tf | 6 ++++++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index 89f5495f33..5ff5e93922 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -168,6 +168,7 @@ No modules.
 | <a name="input_irsa_ssm_parameter_arns"></a> [irsa\_ssm\_parameter\_arns](#input\_irsa\_ssm\_parameter\_arns) | List of SSM Parameter ARNs that contain AMI IDs launched by Karpenter | `list(string)` | <pre>[<br>  "arn:aws:ssm:*:*:parameter/aws/service/*"<br>]</pre> | no |
 | <a name="input_irsa_subnet_account_id"></a> [irsa\_subnet\_account\_id](#input\_irsa\_subnet\_account\_id) | Account ID of where the subnets Karpenter will utilize resides. Used when subnets are shared from another account | `string` | `""` | no |
 | <a name="input_irsa_tag_key"></a> [irsa\_tag\_key](#input\_irsa\_tag\_key) | Tag key (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner | `string` | `"karpenter.sh/discovery"` | no |
+| <a name="input_irsa_tag_values"></a> [irsa\_tag\_values](#input\_irsa\_tag\_values) | Tag value (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set. | `list(string)` | `null` | no |
 | <a name="input_irsa_tags"></a> [irsa\_tags](#input\_irsa\_tags) | A map of additional tags to add the the IAM role for service accounts | `map(any)` | `{}` | no |
 | <a name="input_irsa_use_name_prefix"></a> [irsa\_use\_name\_prefix](#input\_irsa\_use\_name\_prefix) | Determines whether the IAM role for service accounts name (`irsa_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_policies"></a> [policies](#input\_policies) | Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format | `map(string)` | `{}` | no |
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index fdae1a410a..65e9a6aee7 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -63,6 +63,10 @@ resource "aws_iam_role" "irsa" {
   tags = merge(var.tags, var.irsa_tags)
 }
 
+locals {
+  irsa_tag_values = var.irsa_tag_values == null ? [var.cluster_name] : var.irsa_tag_values
+}
+
 data "aws_iam_policy_document" "irsa" {
   count = local.create_irsa ? 1 : 0
 
@@ -97,7 +101,7 @@ data "aws_iam_policy_document" "irsa" {
     condition {
       test     = "StringEquals"
       variable = "ec2:ResourceTag/${var.irsa_tag_key}"
-      values   = [var.cluster_name]
+      values   = local.irsa_tag_values
     }
   }
 
@@ -110,7 +114,7 @@ data "aws_iam_policy_document" "irsa" {
     condition {
       test     = "StringEquals"
       variable = "ec2:ResourceTag/${var.irsa_tag_key}"
-      values   = [var.cluster_name]
+      values   = local.irsa_tag_values
     }
   }
 
diff --git a/modules/karpenter/variables.tf b/modules/karpenter/variables.tf
index f92160f2d4..eeb9e12835 100644
--- a/modules/karpenter/variables.tf
+++ b/modules/karpenter/variables.tf
@@ -86,6 +86,12 @@ variable "irsa_tag_key" {
   default     = "karpenter.sh/discovery"
 }
 
+variable "irsa_tag_values" {
+  description = "Tag value (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set."
+  type        = list(string)
+  default     = null
+}
+
 variable "irsa_ssm_parameter_arns" {
   description = "List of SSM Parameter ARNs that contain AMI IDs launched by Karpenter"
   type        = list(string)

From 4104c7037402f1c512e7f7b86cbd67a1ea793a09 Mon Sep 17 00:00:00 2001
From: Tung Nguyen <tongueroo@gmail.com>
Date: Wed, 17 May 2023 13:12:41 +0000
Subject: [PATCH 2/2] irsa_tag_values coalescelist improvement

---
 modules/karpenter/README.md    | 2 +-
 modules/karpenter/main.tf      | 2 +-
 modules/karpenter/variables.tf | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index 5ff5e93922..e1c1abd92a 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -168,7 +168,7 @@ No modules.
 | <a name="input_irsa_ssm_parameter_arns"></a> [irsa\_ssm\_parameter\_arns](#input\_irsa\_ssm\_parameter\_arns) | List of SSM Parameter ARNs that contain AMI IDs launched by Karpenter | `list(string)` | <pre>[<br>  "arn:aws:ssm:*:*:parameter/aws/service/*"<br>]</pre> | no |
 | <a name="input_irsa_subnet_account_id"></a> [irsa\_subnet\_account\_id](#input\_irsa\_subnet\_account\_id) | Account ID of where the subnets Karpenter will utilize resides. Used when subnets are shared from another account | `string` | `""` | no |
 | <a name="input_irsa_tag_key"></a> [irsa\_tag\_key](#input\_irsa\_tag\_key) | Tag key (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner | `string` | `"karpenter.sh/discovery"` | no |
-| <a name="input_irsa_tag_values"></a> [irsa\_tag\_values](#input\_irsa\_tag\_values) | Tag value (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set. | `list(string)` | `null` | no |
+| <a name="input_irsa_tag_values"></a> [irsa\_tag\_values](#input\_irsa\_tag\_values) | Tag values (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set. | `list(string)` | `null` | no |
 | <a name="input_irsa_tags"></a> [irsa\_tags](#input\_irsa\_tags) | A map of additional tags to add the the IAM role for service accounts | `map(any)` | `{}` | no |
 | <a name="input_irsa_use_name_prefix"></a> [irsa\_use\_name\_prefix](#input\_irsa\_use\_name\_prefix) | Determines whether the IAM role for service accounts name (`irsa_name`) is used as a prefix | `bool` | `true` | no |
 | <a name="input_policies"></a> [policies](#input\_policies) | Policies to attach to the IAM role in `{'static_name' = 'policy_arn'}` format | `map(string)` | `{}` | no |
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
index 65e9a6aee7..2c809ed621 100644
--- a/modules/karpenter/main.tf
+++ b/modules/karpenter/main.tf
@@ -64,7 +64,7 @@ resource "aws_iam_role" "irsa" {
 }
 
 locals {
-  irsa_tag_values = var.irsa_tag_values == null ? [var.cluster_name] : var.irsa_tag_values
+  irsa_tag_values = coalescelist([var.cluster_name], var.irsa_tag_values)
 }
 
 data "aws_iam_policy_document" "irsa" {
diff --git a/modules/karpenter/variables.tf b/modules/karpenter/variables.tf
index eeb9e12835..47c42bace9 100644
--- a/modules/karpenter/variables.tf
+++ b/modules/karpenter/variables.tf
@@ -87,7 +87,7 @@ variable "irsa_tag_key" {
 }
 
 variable "irsa_tag_values" {
-  description = "Tag value (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set."
+  description = "Tag values (`{key = value}`) applied to resources launched by Karpenter through the Karpenter provisioner. Defaults to cluster name when not set."
   type        = list(string)
   default     = null
 }