From d969e94bbea89ed616713bdab849f042ceda87ac Mon Sep 17 00:00:00 2001
From: Xin Chen <xchen@appcelerator.com>
Date: Mon, 25 Apr 2022 18:52:15 +0800
Subject: [PATCH] chore: Update Karpenter example to use partition data source
 (#2036)

Co-authored-by: Xin Chen <chenxin@konvery.com>
---
 examples/karpenter/README.md |  3 ++-
 examples/karpenter/main.tf   | 12 +++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/examples/karpenter/README.md b/examples/karpenter/README.md
index 53e6bca5eb..fa06e90170 100644
--- a/examples/karpenter/README.md
+++ b/examples/karpenter/README.md
@@ -69,7 +69,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_eks"></a> [eks](#module\_eks) | ../.. | n/a |
-| <a name="module_karpenter_irsa"></a> [karpenter\_irsa](#module\_karpenter\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 4.15 |
+| <a name="module_karpenter_irsa"></a> [karpenter\_irsa](#module\_karpenter\_irsa) | terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks | ~> 4.21.1 |
 | <a name="module_vpc"></a> [vpc](#module\_vpc) | terraform-aws-modules/vpc/aws | ~> 3.0 |
 
 ## Resources
@@ -80,6 +80,7 @@ Note that this example may create resources which cost money. Run `terraform des
 | [helm_release.karpenter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
 | [kubectl_manifest.karpenter_example_deployment](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
 | [kubectl_manifest.karpenter_provisioner](https://registry.terraform.io/providers/gavinbunney/kubectl/latest/docs/resources/manifest) | resource |
+| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 
 ## Inputs
 
diff --git a/examples/karpenter/main.tf b/examples/karpenter/main.tf
index fd98f22fbb..4cda4c9c3b 100644
--- a/examples/karpenter/main.tf
+++ b/examples/karpenter/main.tf
@@ -2,10 +2,13 @@ provider "aws" {
   region = local.region
 }
 
+data "aws_partition" "current" {}
+
 locals {
   name            = "ex-${replace(basename(path.cwd), "_", "-")}"
   cluster_version = "1.22"
   region          = "eu-west-1"
+  partition       = data.aws_partition.current.partition
 
   tags = {
     Example    = local.name
@@ -51,7 +54,7 @@ module "eks" {
 
       iam_role_additional_policies = [
         # Required by Karpenter
-        "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+        "arn:${local.partition}:iam::aws:policy/AmazonSSMManagedInstanceCore"
       ]
     }
   }
@@ -98,12 +101,15 @@ provider "kubectl" {
 
 module "karpenter_irsa" {
   source  = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
-  version = "~> 4.15"
+  version = "~> 4.21.1"
 
   role_name                          = "karpenter-controller-${local.name}"
   attach_karpenter_controller_policy = true
 
   karpenter_controller_cluster_id = module.eks.cluster_id
+  karpenter_controller_ssm_parameter_arns = [
+    "arn:${local.partition}:ssm:*:*:parameter/aws/service/*"
+  ]
   karpenter_controller_node_iam_role_arns = [
     module.eks.eks_managed_node_groups["karpenter"].iam_role_arn
   ]
@@ -128,7 +134,7 @@ resource "helm_release" "karpenter" {
   name       = "karpenter"
   repository = "https://charts.karpenter.sh"
   chart      = "karpenter"
-  version    = "0.8.1"
+  version    = "0.8.2"
 
   set {
     name  = "serviceAccount.annotations.eks\\.amazonaws\\.com/role-arn"