eksctl.yaml

---
# Note: refresh from https://github.com/awslabs/karpenter/blob/b1f89b765e77530faa23e2eb0511b97b5c4917dd/website/content/en/docs/getting-started/eksctl.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
  name: ${CLUSTER_NAME}
  region: ${AWS_DEFAULT_REGION}
  version: "1.20"
managedNodeGroups:
  - instanceType: m5.large
    amiFamily: Bottlerocket
    name: ${CLUSTER_NAME}-ng
    desiredCapacity: 1
    minSize: 1
    maxSize: 10
iam:
  withOIDC: true
  serviceAccounts:
    - metadata:
        name: karpenter
        namespace: karpenter
      attachPolicy:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Resource: "*"
            Action:
              # Write Operations
              - "ec2:CreateLaunchTemplate"
              - "ec2:CreateFleet"
              - "ec2:RunInstances"
              - "ec2:CreateTags"
              - "iam:PassRole"
              - "ec2:TerminateInstances"
              # Read Operations
              - "ec2:DescribeLaunchTemplates"
              - "ec2:DescribeInstances"
              - "ec2:DescribeSecurityGroups"
              - "ec2:DescribeSubnets"
              - "ec2:DescribeInstanceTypes"
              - "ec2:DescribeInstanceTypeOfferings"
              - "ec2:DescribeAvailabilityZones"
              - "ssm:GetParameter"