Merge pull request #1620 from ese/autoscaler

Provide iam policy for autoscaler addon

addons/cluster-autoscaler/v1.4.0.yaml

@@ -14,6 +14,8 @@ spec:
     metadata:
       labels:
         k8s-app: cluster-autoscaler
+      annotations:
+        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated", "value":"master"}]'
     spec:
         containers:
           - name: cluster-autoscaler
@@ -40,3 +42,5 @@ spec:
           - name: ssl-certs
             hostPath:
               path: {{SSL_CERT_PATH}}
+        nodeSelector:
+          kubernetes.io/role: master

pkg/model/iam/iam_builder.go

@@ -140,6 +140,17 @@ func (b *IAMPolicyBuilder) BuildAWSIAMPolicy() (*IAMPolicy, error) {
 			Resource: []string{"*"},
 		})
 
+		p.Statement = append(p.Statement, &IAMStatement{
+			Effect: IAMStatementEffectAllow,
+			Action: []string{
+				"autoscaling:DescribeAutoScalingGroups",
+				"autoscaling:DescribeAutoScalingInstances",
+				"autoscaling:SetDesiredCapacity",
+				"autoscaling:TerminateInstanceInAutoScalingGroup",
+			},
+			Resource: []string{"*"},
+		})
+
 		// Restrict the KMS permissions to only the keys that are being used
 		kmsKeyIDs := sets.NewString()
 		for _, e := range b.Cluster.Spec.EtcdClusters {