From 349de70cdaec67653f0ffb08a8d67f0ce9bc473b Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Wed, 3 Jan 2024 21:19:05 -0600 Subject: [PATCH] Add comment to remove unused IAM permissions in the future --- pkg/model/iam/iam_builder.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go index 2a68a25661..24c8896481 100644 --- a/pkg/model/iam/iam_builder.go +++ b/pkg/model/iam/iam_builder.go @@ -1116,6 +1116,9 @@ func addASLifecyclePolicies(p *Policy, enableHookSupport bool) { "autoscaling:DescribeLifecycleHooks", ) } + // TODO: remove this after k8s 1.29 support is removed + // It is no longer needed as of kops 1.29 but to prevent node bootstrap issues + // during kops upgrades we keep the permission until it is guaranteed to not be needed. p.unconditionalAction.Insert( "autoscaling:DescribeAutoScalingInstances", )