AWSTemplateFormatVersion: 2010-09-09 Description: >- Deploys the auto-scaler helm chart into an existing kubernetes cluster (qs-1ql475ceo). # https://docs.aws.amazon.com/eks/latest/userguide/autoscaling.html#cluster-autoscaler Metadata: cfn-lint: { config: { ignore_checks: [W9002, W9003, W9004, W9006, W7001] } } Parameters: EksClusterName: Type: String KubernetesVersion: Type: String AllowedValues: [1.24, 1.23, 1.22] OIDCProviderArn: Type: String OIDCProviderEndpoint: Type: String Conditions: Commercial: !Equals [!Ref AWS::Partition, aws] NeedsStaticList: !Or # Workaround for https://github.com/kubernetes/autoscaler/issues/3372 - !Equals [!Ref AWS::Region, cn-north-1] - !Equals [!Ref AWS::Region, cn-northwest-1] Mappings: KubernetesVersion: # NOTE: The cluster autoscaler version number is dependant on the K8S version # it is being deployed into. # https://github.com/kubernetes/autoscaler/releases '1.22': ImageTag: v1.22.3 '1.23': ImageTag: v1.23.1 '1.24': ImageTag: v1.24.0 Resources: ClusterAutoScalerIamRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Federated": "${OIDCProviderArn}" }, "Action": "sts:AssumeRoleWithWebIdentity", "Condition": { "StringEquals": { "${OIDCProviderEndpoint}:aud": [ "sts.amazonaws.com", "sts.${AWS::Region}.amazonaws.com" ], "${OIDCProviderEndpoint}:sub": "system:serviceaccount:kube-system:cluster-autoscaler" } } } ] } ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly - !If [Commercial, !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly', !Ref AWS::NoValue] Policies: - PolicyName: AmazonEKSClusterAutoscalerPolicy PolicyDocument: !Sub | { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", "ec2:DescribeImages", "ec2:DescribeInstanceTypes", "ec2:DescribeLaunchTemplateVersions", "ec2:GetInstanceTypesFromInstanceRequirements" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "autoscaling:SetDesiredCapacity", "autoscaling:TerminateInstanceInAutoScalingGroup" ], "Resource": "arn:${AWS::Partition}:autoscaling:${AWS::Region}:${AWS::AccountId}:autoScalingGroup:*:autoScalingGroupName/*", "Condition": { "StringEquals": { "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled": "true", "aws:ResourceTag/k8s.io/cluster-autoscaler/${EksClusterName}": "owned" } } }, { "Effect": "Allow", "Action": [ "eks:DescribeNodegroup" ], "Resource": "arn:${AWS::Partition}:eks:${AWS::Region}:${AWS::AccountId}:nodegroup/*/*/*" } ] } ClusterAutoScalerHelmChart: # https://docs.aws.amazon.com/eks/latest/userguide/autoscaling.html#cluster-autoscaler # https://artifacthub.io/packages/helm/cluster-autoscaler/cluster-autoscaler # https://github.com/kubernetes/autoscaler/tree/master/charts/cluster-autoscaler Type: AWSQS::Kubernetes::Helm Properties: ClusterID: !Ref EksClusterName Namespace: kube-system Chart: cluster-autoscaler/cluster-autoscaler Repository: https://kubernetes.github.io/autoscaler Values: autoDiscovery.clusterName: !Ref EksClusterName awsRegion: !Ref AWS::Region cloudProvider: aws extraArgs.aws-use-static-instance-list: !If [NeedsStaticList, true, !Ref AWS::NoValue] extraArgs.balance-similar-node-groups: false extraArgs.expander: random image.repository: registry.k8s.io/autoscaling/cluster-autoscaler # TODO: Switch to ECR Public Gallery image repository once available image.tag: !FindInMap [KubernetesVersion, !Ref KubernetesVersion, ImageTag] nodeSelector.kubernetes\.io/os: linux rbac.serviceAccount.annotations.eks\.amazonaws\.com/role-arn: !GetAtt ClusterAutoScalerIamRole.Arn rbac.serviceAccount.create: 'true' rbac.serviceAccount.name: cluster-autoscaler