Merge pull request #1620 from ese/autoscaler

Provide iam policy for autoscaler addon
2017-01-30 22:01:05 -05:00 · 2017-01-30 22:01:05 -05:00 · 1924f9af25
parent 3c6ed44a94 b0957f177a
commit 1924f9af25
2 changed files with 15 additions and 0 deletions
--- a/addons/cluster-autoscaler/v1.4.0.yaml
+++ b/addons/cluster-autoscaler/v1.4.0.yaml
@ -14,6 +14,8 @@ spec:
    metadata:
      labels:
        k8s-app: cluster-autoscaler
+      annotations:
+        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"dedicated", "value":"master"}]'
    spec:
        containers:
          - name: cluster-autoscaler
@ -40,3 +42,5 @@ spec:
          - name: ssl-certs
            hostPath:
              path: {{SSL_CERT_PATH}}
+        nodeSelector:
+          kubernetes.io/role: master
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@ -140,6 +140,17 @@ func (b *IAMPolicyBuilder) BuildAWSIAMPolicy() (*IAMPolicy, error) {
 			Resource: []string{"*"},
 		})

+		p.Statement = append(p.Statement, &IAMStatement{
+			Effect: IAMStatementEffectAllow,
+			Action: []string{
+				"autoscaling:DescribeAutoScalingGroups",
+				"autoscaling:DescribeAutoScalingInstances",
+				"autoscaling:SetDesiredCapacity",
+				"autoscaling:TerminateInstanceInAutoScalingGroup",
+			},
+			Resource: []string{"*"},
+		})
+
 		// Restrict the KMS permissions to only the keys that are being used
 		kmsKeyIDs := sets.NewString()
 		for _, e := range b.Cluster.Spec.EtcdClusters {