From 6be519c7e52b36b52247a57634d30933579ba9af Mon Sep 17 00:00:00 2001 From: Edward Malinowski Date: Mon, 12 Feb 2024 14:46:53 -0600 Subject: [PATCH 1/3] fix(karpenter-policy): Added kms permissions for karpenter --- gen3/bin/kube-setup-karpenter.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/gen3/bin/kube-setup-karpenter.sh b/gen3/bin/kube-setup-karpenter.sh index c8762c2e5..58c9d78e8 100644 --- a/gen3/bin/kube-setup-karpenter.sh +++ b/gen3/bin/kube-setup-karpenter.sh @@ -79,6 +79,37 @@ gen3_deploy_karpenter() { "Effect": "Allow", "Resource": "*", "Sid": "ConditionalEC2Termination" + }, + { + "Action": [ + "kms:*" + ], + "Effect": "Allow", + "Resource": "*", + "Sid": "Karpenter" + }, + { + "Sid": "VisualEditor0", + "Effect": "Allow", + "Action": [ + "kms:GetPublicKey", + "kms:ListKeyPolicies", + "kms:ListRetirableGrants", + "kms:PutKeyPolicy", + "kms:GetKeyPolicy", + "kms:ListResourceTags", + "kms:RetireGrant", + "kms:ListGrants", + "kms:GetParametersForImport", + "kms:DescribeCustomKeyStores", + "kms:ListKeys", + "kms:GetKeyRotationStatus", + "kms:ListAliases", + "kms:RevokeGrant", + "kms:DescribeKey", + "kms:CreateGrant" + ], + "Resource": "*" } ], "Version": "2012-10-17" From 512bd390252dfe10c6fe0399d05e01e90b7a4b1d Mon Sep 17 00:00:00 2001 From: Edward Malinowski Date: Mon, 12 Feb 2024 14:48:37 -0600 Subject: [PATCH 2/3] fix(karpenter-policy): Added kms permissions for karpenter --- gen3/bin/kube-setup-karpenter.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/gen3/bin/kube-setup-karpenter.sh b/gen3/bin/kube-setup-karpenter.sh index 58c9d78e8..2cb87b8b2 100644 --- a/gen3/bin/kube-setup-karpenter.sh +++ b/gen3/bin/kube-setup-karpenter.sh @@ -80,14 +80,6 @@ gen3_deploy_karpenter() { "Resource": "*", "Sid": "ConditionalEC2Termination" }, - { - "Action": [ - "kms:*" - ], - "Effect": "Allow", - "Resource": "*", - "Sid": "Karpenter" - }, { "Sid": "VisualEditor0", "Effect": "Allow", From 9b36ccb0c341527abb25b8360dbcb67db65f27a8 Mon Sep 17 00:00:00 2001 From: Edward Malinowski Date: Mon, 12 Feb 2024 15:41:30 -0600 Subject: [PATCH 3/3] fix(karpenter-policy): Added kms permissions for karpenter --- gen3/bin/kube-setup-karpenter.sh | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) diff --git a/gen3/bin/kube-setup-karpenter.sh b/gen3/bin/kube-setup-karpenter.sh index 2cb87b8b2..2737ed6ee 100644 --- a/gen3/bin/kube-setup-karpenter.sh +++ b/gen3/bin/kube-setup-karpenter.sh @@ -84,22 +84,7 @@ gen3_deploy_karpenter() { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ - "kms:GetPublicKey", - "kms:ListKeyPolicies", - "kms:ListRetirableGrants", - "kms:PutKeyPolicy", - "kms:GetKeyPolicy", - "kms:ListResourceTags", - "kms:RetireGrant", - "kms:ListGrants", - "kms:GetParametersForImport", - "kms:DescribeCustomKeyStores", - "kms:ListKeys", - "kms:GetKeyRotationStatus", - "kms:ListAliases", - "kms:RevokeGrant", - "kms:DescribeKey", - "kms:CreateGrant" + "kms:*" ], "Resource": "*" }