Added permissions check

aws · Nov 5, 2024 · 6de755f · 6de755f
1 parent fe990a2
commit 6de755f
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 5 deletions.
diff --git a/pkg/controllers/nodeclass/status/launchtemplate_test.go b/pkg/controllers/nodeclass/status/launchtemplate_test.go
@@ -82,6 +82,7 @@ var _ = Describe("NodeClass Launch Template CIDR Resolution Controller", func()
 				KubernetesNetworkConfig: &eks.KubernetesNetworkConfigResponse{
 					ServiceIpv6Cidr: lo.ToPtr("2001:db8::/64"),
 				},
+				Version: lo.ToPtr("1.30"),
 			},
 		})
 		nodeClass.Spec.AMIFamily = lo.ToPtr(v1.AMIFamilyAL2023)

diff --git a/pkg/errors/errors.go b/pkg/errors/errors.go
@@ -47,6 +47,9 @@ var (
 	alreadyExistsErrorCodes = sets.New[string](
 		iam.ErrCodeEntityAlreadyExistsException,
 	)
+	hasAccessErrorCodes = sets.New[string](
+		"AccessDeniedException",
+	)
 	// unfulfillableCapacityErrorCodes signify that capacity is temporarily unable to be launched
 	unfulfillableCapacityErrorCodes = sets.New[string](
 		"InsufficientInstanceCapacity",
@@ -58,6 +61,17 @@ var (
 	)
 )
 
+func HasNoAccess(err error) bool {
+	if err == nil {
+		return false
+	}
+	var awsError awserr.Error
+	if errors.As(err, &awsError) {
+		return notFoundErrorCodes.Has(awsError.Code())
+	}
+	return false
+}
+
 // IsNotFound returns true if the err is an AWS error (even if it's
 // wrapped) and is a known to mean "not found" (as opposed to a more
 // serious or unexpected error)

diff --git a/pkg/providers/version/version.go b/pkg/providers/version/version.go
@@ -20,6 +20,7 @@ import (
 	"strconv"
 	"strings"
 
+	awserrors "github.com/aws/karpenter-provider-aws/pkg/errors"
 	"github.com/patrickmn/go-cache"
 	"github.com/samber/lo"
 	"k8s.io/apimachinery/pkg/util/version"
@@ -77,12 +78,18 @@ func (p *DefaultProvider) Get(ctx context.Context) (string, error) {
 		version = *serverVersion.Cluster.Version
 		log.FromContext(ctx).Info("Successfully retrieved Kubernetes version from EKS DescribeCluster", "version", version)
 	} else {
-		fallbackVersion, err := p.kubernetesInterface.Discovery().ServerVersion()
-		if err != nil {
-			return "", err
+		if awserrors.HasNoAccess(err) {
+			fallbackVersion, err := p.kubernetesInterface.Discovery().ServerVersion()
+			if err != nil {
+				return "", err
+			}
+			version = fmt.Sprintf("%s.%s", fallbackVersion.Major, strings.TrimSuffix(fallbackVersion.Minor, "+"))
+			log.FromContext(ctx).Info("Successfully retrieved Kubernetes version from Kubernetes API", "version", version)
+		} else {
+			if err != nil {
+				return "", err
+			}
 		}
-		version = fmt.Sprintf("%s.%s", fallbackVersion.Major, strings.TrimSuffix(fallbackVersion.Minor, "+"))
-		log.FromContext(ctx).Info("Successfully retrieved Kubernetes version from Kubernetes API", "version", version)
 	}
 	p.cache.SetDefault(kubernetesVersionCacheKey, version)
 	if p.cm.HasChanged("kubernetes-version", version) {