diff --git a/nodeup/pkg/model/context.go b/nodeup/pkg/model/context.go index 6e9084cdf3..008b6f9c06 100644 --- a/nodeup/pkg/model/context.go +++ b/nodeup/pkg/model/context.go @@ -42,8 +42,13 @@ import ( "github.com/blang/semver/v4" ) +const ( + ConfigurationModeWarming string = "Warming" +) + // NodeupModelContext is the context supplied the nodeup tasks type NodeupModelContext struct { + Cloud fi.Cloud Architecture architectures.Architecture Assets *fi.AssetStore Cluster *kops.Cluster @@ -62,6 +67,10 @@ type NodeupModelContext struct { kubernetesVersion semver.Version bootstrapCerts map[string]*nodetasks.BootstrapCert + + // ConfigurationMode determines if we are prewarming an instance or running it live + ConfigurationMode string + InstanceID string } // Init completes initialization of the object, for example pre-parsing the kubernetes version diff --git a/nodeup/pkg/model/kubelet.go b/nodeup/pkg/model/kubelet.go index 0a0224c4c0..875040054d 100644 --- a/nodeup/pkg/model/kubelet.go +++ b/nodeup/pkg/model/kubelet.go @@ -293,6 +293,11 @@ func (b *KubeletBuilder) buildSystemdService() *nodetasks.Service { service.InitDefaults() + if b.ConfigurationMode == "Warming" { + + service.Running = fi.Bool(false) + } + return service } @@ -443,14 +448,7 @@ func (b *KubeletBuilder) buildKubeletConfigSpec() (*kops.KubeletConfigSpec, erro instanceTypeName = *b.NodeupConfig.DefaultMachineType } - region, err := awsup.FindRegion(b.Cluster) - if err != nil { - return nil, err - } - awsCloud, err := awsup.NewAWSCloud(region, nil) - if err != nil { - return nil, err - } + awsCloud := b.Cloud.(awsup.AWSCloud) // Get the instance type's detailed information. instanceType, err := awsup.GetMachineTypeInfo(awsCloud, instanceTypeName) if err != nil { diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go index 333cddee0c..82e039aa04 100644 --- a/pkg/model/iam/iam_builder.go +++ b/pkg/model/iam/iam_builder.go @@ -245,6 +245,7 @@ func (r *NodeRoleAPIServer) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) { } addMasterEC2Policies(p, resource, b.Cluster.Spec.IAM.Legacy, b.Cluster.GetName()) + addASLifecyclePolicies(p, resource, b.Cluster.GetName()) addCertIAMPolicies(p, resource) var err error @@ -348,6 +349,7 @@ func (r *NodeRoleNode) BuildAWSPolicy(b *PolicyBuilder) (*Policy, error) { } addNodeEC2Policies(p, resource) + addASLifecyclePolicies(p, resource, b.Cluster.GetName()) var err error if p, err = b.AddS3Permissions(p); err != nil { @@ -1009,10 +1011,34 @@ func addMasterASPolicies(p *Policy, resource stringorslice.StringOrSlice, legacy }, }, }, + &Statement{ + Effect: StatementEffectAllow, + Action: stringorslice.Of( + "autoscaling:CompleteLifecycleAction", // aws_manager.go + "autoscaling:DescribeAutoScalingInstances", // aws_instancegroups.go + ), + Resource: resource, + Condition: Condition{ + "StringEquals": map[string]string{ + "autoscaling:ResourceTag/KubernetesCluster": clusterName, + }, + }, + }, ) } } +func addASLifecyclePolicies(p *Policy, resource stringorslice.StringOrSlice, clusterName string) { + p.Statement = append(p.Statement, + &Statement{ + Effect: StatementEffectAllow, + Action: stringorslice.Of( + "autoscaling:DescribeAutoScalingInstances", + ), + Resource: resource, + }) +} + func addCertIAMPolicies(p *Policy, resource stringorslice.StringOrSlice) { // TODO: Make optional only if using IAM SSL Certs on ELBs p.Statement = append(p.Statement, &Statement{ diff --git a/pkg/model/iam/tests/iam_builder_master_strict.json b/pkg/model/iam/tests/iam_builder_master_strict.json index 10657ac286..dbf876c920 100644 --- a/pkg/model/iam/tests/iam_builder_master_strict.json +++ b/pkg/model/iam/tests/iam_builder_master_strict.json @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json index 489a04a3d2..54cbf99fa1 100644 --- a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json +++ b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/pkg/model/iam/tests/iam_builder_node_legacy.json b/pkg/model/iam/tests/iam_builder_node_legacy.json index 52cebc2e0e..51e694295b 100644 --- a/pkg/model/iam/tests/iam_builder_node_legacy.json +++ b/pkg/model/iam/tests/iam_builder_node_legacy.json @@ -10,6 +10,13 @@ "*" ] }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "s3:*" diff --git a/pkg/model/iam/tests/iam_builder_node_strict.json b/pkg/model/iam/tests/iam_builder_node_strict.json index 732824083d..a97b516f8d 100644 --- a/pkg/model/iam/tests/iam_builder_node_strict.json +++ b/pkg/model/iam/tests/iam_builder_node_strict.json @@ -10,6 +10,13 @@ "*" ] }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "s3:Get*" diff --git a/pkg/model/iam/tests/iam_builder_node_strict_ecr.json b/pkg/model/iam/tests/iam_builder_node_strict_ecr.json index 66852f1590..970b939302 100644 --- a/pkg/model/iam/tests/iam_builder_node_strict_ecr.json +++ b/pkg/model/iam/tests/iam_builder_node_strict_ecr.json @@ -10,6 +10,13 @@ "*" ] }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "s3:Get*" diff --git a/tests/integration/update_cluster/apiservernodes/cloudformation.json b/tests/integration/update_cluster/apiservernodes/cloudformation.json index a3b469f0a7..0a3df946d9 100644 --- a/tests/integration/update_cluster/apiservernodes/cloudformation.json +++ b/tests/integration/update_cluster/apiservernodes/cloudformation.json @@ -1160,6 +1160,13 @@ "*" ] }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "iam:ListServerCertificates", @@ -1265,6 +1272,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1376,6 +1398,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy index 5fabb0ca67..e1cc0628a8 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy index 042c4e7a03..8e5fc57842 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "bastionuserdata.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json index f9d9a310a1..24410b42c7 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json +++ b/tests/integration/update_cluster/complex/cloudformation.json @@ -1647,6 +1647,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "complex.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1758,6 +1773,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy index 7013347bfa..a84baf0868 100644 --- a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy +++ b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "complex.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy +++ b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy index bb47e3549c..8d3a73caba 100644 --- a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy +++ b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "compress.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy +++ b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/containerd-custom/cloudformation.json b/tests/integration/update_cluster/containerd-custom/cloudformation.json index 777fc08699..434880b6bc 100644 --- a/tests/integration/update_cluster/containerd-custom/cloudformation.json +++ b/tests/integration/update_cluster/containerd-custom/cloudformation.json @@ -974,6 +974,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "containerd.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1085,6 +1100,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/containerd/cloudformation.json b/tests/integration/update_cluster/containerd/cloudformation.json index 777fc08699..434880b6bc 100644 --- a/tests/integration/update_cluster/containerd/cloudformation.json +++ b/tests/integration/update_cluster/containerd/cloudformation.json @@ -974,6 +974,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "containerd.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1085,6 +1100,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/docker-custom/cloudformation.json b/tests/integration/update_cluster/docker-custom/cloudformation.json index 3ba7fe1987..1822897f3c 100644 --- a/tests/integration/update_cluster/docker-custom/cloudformation.json +++ b/tests/integration/update_cluster/docker-custom/cloudformation.json @@ -974,6 +974,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "docker.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1085,6 +1100,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy index 1fee68ebec..7ce39be2e7 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy +++ b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "existingsg.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy +++ b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/externallb/cloudformation.json b/tests/integration/update_cluster/externallb/cloudformation.json index fc43654767..87a68a76e4 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json +++ b/tests/integration/update_cluster/externallb/cloudformation.json @@ -990,6 +990,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "externallb.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1101,6 +1116,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy index e5052eb457..0f926d7744 100644 --- a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy +++ b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "externallb.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy +++ b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy index 53c96e3934..c4b531ca21 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy +++ b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "externalpolicies.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy +++ b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy index 5814e22b03..0c7c3a94b9 100644 --- a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy +++ b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "ha.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy +++ b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json index 45d8d9720e..9bbb5e4900 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json @@ -974,6 +974,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1085,6 +1100,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/minimal-gp3/cloudformation.json b/tests/integration/update_cluster/minimal-gp3/cloudformation.json index 26c2b1274d..725c6cdb9b 100644 --- a/tests/integration/update_cluster/minimal-gp3/cloudformation.json +++ b/tests/integration/update_cluster/minimal-gp3/cloudformation.json @@ -970,6 +970,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1081,6 +1096,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy index 47e801abe7..5c74ca6ae0 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy index 75ecc18670..8276a8eea8 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy +++ b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal-json.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy +++ b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy index 47e801abe7..5c74ca6ae0 100644 --- a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json b/tests/integration/update_cluster/mixed_instances/cloudformation.json index 0d3f20e40b..e5203020b8 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json @@ -1677,6 +1677,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1788,6 +1803,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index 70d5f47069..99e66c7be6 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json index 44f1b90c66..25e7d2cbd4 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json @@ -1678,6 +1678,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1789,6 +1804,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index 70d5f47069..99e66c7be6 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "mixedinstances.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json b/tests/integration/update_cluster/private-shared-ip/cloudformation.json index 8d4595e2e3..0804d3559c 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json @@ -1469,6 +1469,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "private-shared-ip.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1580,6 +1595,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy index bd8be13fd7..66d7f993d9 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "private-shared-ip.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy index efa9571455..5e5cd1e023 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "private-shared-subnet.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index bbe5321893..20300df9a4 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -1614,6 +1614,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecalico.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1725,6 +1740,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy index 67cbf3ef3c..3fc672a266 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecalico.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy index 3b429f2f72..7463ede9c9 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy +++ b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecanal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy +++ b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json b/tests/integration/update_cluster/privatecilium/cloudformation.json index 27eb3e6f80..bcfea7c489 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json @@ -1600,6 +1600,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1711,6 +1726,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index 85c755f6e6..91fc8571df 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatecilium2/cloudformation.json b/tests/integration/update_cluster/privatecilium2/cloudformation.json index 27eb3e6f80..bcfea7c489 100644 --- a/tests/integration/update_cluster/privatecilium2/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium2/cloudformation.json @@ -1600,6 +1600,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1711,6 +1726,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index 85c755f6e6..91fc8571df 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatecilium.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json index 3fd21242f4..bd5778e5b2 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json @@ -1633,6 +1633,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1764,6 +1779,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy index fc8400dc5c..2533c0a67e 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateciliumadvanced.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy index 34b2b61afb..e423f4fcfe 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy +++ b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatedns1.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy +++ b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy index e0b118c402..f86bfa1f12 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy +++ b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatedns2.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy +++ b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy index 374fc42b91..84109d95a8 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy +++ b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateflannel.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy +++ b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy index e002d35b77..417a2a657c 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy +++ b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privatekopeio.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy +++ b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy index 780c28d763..1a91c05ef4 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy +++ b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "privateweave.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy +++ b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy index 5fabb0ca67..e1cc0628a8 100644 --- a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "minimal.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_nodes.minimal.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy index e00e5b8b9a..6ffd5b344e 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy +++ b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "sharedsubnet.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy +++ b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy index c84d3b8d73..1c30828944 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy +++ b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "sharedvpc.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy +++ b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy index 5c5c0460a8..f48475278a 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy +++ b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy @@ -79,6 +79,21 @@ "*" ] }, + { + "Action": [ + "autoscaling:CompleteLifecycleAction", + "autoscaling:DescribeAutoScalingInstances" + ], + "Condition": { + "StringEquals": { + "autoscaling:ResourceTag/KubernetesCluster": "unmanaged.example.com" + } + }, + "Effect": "Allow", + "Resource": [ + "*" + ] + }, { "Action": [ "elasticloadbalancing:AddTags", diff --git a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy index 49749a010d..5ff94c80f4 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy +++ b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy @@ -9,6 +9,13 @@ "Resource": [ "*" ] + }, + { + "Action": "autoscaling:DescribeAutoScalingInstances", + "Effect": "Allow", + "Resource": [ + "*" + ] } ], "Version": "2012-10-17" diff --git a/upup/pkg/fi/nodeup/BUILD.bazel b/upup/pkg/fi/nodeup/BUILD.bazel index 7bbf9befc2..61dbe06c15 100644 --- a/upup/pkg/fi/nodeup/BUILD.bazel +++ b/upup/pkg/fi/nodeup/BUILD.bazel @@ -28,6 +28,7 @@ go_library( "//util/pkg/vfs:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws:go_default_library", "//vendor/github.com/aws/aws-sdk-go/aws/session:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/autoscaling:go_default_library", "//vendor/github.com/aws/aws-sdk-go/service/ec2:go_default_library", "//vendor/k8s.io/klog/v2:go_default_library", ], diff --git a/upup/pkg/fi/nodeup/command.go b/upup/pkg/fi/nodeup/command.go index d4976b5db5..31337528e0 100644 --- a/upup/pkg/fi/nodeup/command.go +++ b/upup/pkg/fi/nodeup/command.go @@ -49,6 +49,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/autoscaling" "github.com/aws/aws-sdk-go/service/ec2" "k8s.io/klog/v2" ) @@ -196,7 +197,24 @@ func (c *NodeUpCommand) Run(out io.Writer) error { } } + var cloud fi.Cloud + + if api.CloudProviderID(c.cluster.Spec.CloudProvider) == api.CloudProviderAWS { + region, err := awsup.FindRegion(c.cluster) + if err != nil { + return err + } + awsCloud, err := awsup.NewAWSCloud(region, nil) + + cloud = awsCloud + + if err != nil { + return err + } + } + modelContext := &model.NodeupModelContext{ + Cloud: cloud, Architecture: architecture, Assets: assetStore, Cluster: c.cluster, @@ -242,6 +260,19 @@ func (c *NodeUpCommand) Run(out io.Writer) error { return err } + if api.CloudProviderID(c.cluster.Spec.CloudProvider) == api.CloudProviderAWS { + instanceIDBytes, err := vfs.Context.ReadFile("metadata://aws/meta-data/instance-id") + if err != nil { + return fmt.Errorf("error reading instance-id from AWS metadata: %v", err) + } + modelContext.InstanceID = string(instanceIDBytes) + + modelContext.ConfigurationMode, err = getAWSConfigurationMode(modelContext) + if err != nil { + return err + } + } + if err := loadKernelModules(modelContext); err != nil { return err } @@ -295,7 +326,6 @@ func (c *NodeUpCommand) Run(out io.Writer) error { } // Protokube load image task is in ProtokubeBuilder - var cloud fi.Cloud var target fi.Target checkExisting := true @@ -637,3 +667,29 @@ func getNodeConfigFromServer(ctx context.Context, config *nodeup.ConfigServerOpt } return client.QueryBootstrap(ctx, &request) } + +func getAWSConfigurationMode(c *model.NodeupModelContext) (string, error) { + // Only worker nodes and apiservers can actually autoscale. + // We are not adding describe permissions to the other roles + role := c.InstanceGroup.Spec.Role + if role != api.InstanceGroupRoleNode && role != api.InstanceGroupRoleAPIServer { + return "", nil + } + + svc := c.Cloud.(awsup.AWSCloud).Autoscaling() + + result, err := svc.DescribeAutoScalingInstances(&autoscaling.DescribeAutoScalingInstancesInput{ + InstanceIds: []*string{&c.InstanceID}, + }) + if err != nil { + return "", fmt.Errorf("error describing instances: %v", err) + } + lifecycle := fi.StringValue(result.AutoScalingInstances[0].LifecycleState) + if strings.HasPrefix(lifecycle, "Warmed:") { + klog.Info("instance is entering warm pool") + return model.ConfigurationModeWarming, nil + } else { + klog.Info("instance is entering the ASG") + return "", nil + } +}