docs: Fix region being undefined while applying beta policy (#4865)

designs/integration-testing.md

@@ -39,4 +39,4 @@ __(To be implemented)__ Contributing to the list of test suites in the testing f
 
 __(To be implemented)__ Periodic testing will be an important part of Karpenter’s testing history. Results and history will be visualized as a testgrid (https://testgrid.k8s.io/) where users can look at metrics and logs for each set of test runs.
 
-__(To be implemented)__ Upgrade instructions between releases as detailed in the Upgrade Guide (https://karpenter.sh/preview/upgrade-guide/#how-do-we-break-incompatibility) will be tested as well. Additional tests will be included in the PR to create the release. As a result, releases will go through the same process as normal commits, and will ensure that upgrade instructions that introduce breaking changes are tested.
+__(To be implemented)__ Upgrade instructions between releases as detailed in the Upgrade Guide (https://karpenter.sh/preview/upgrading/upgrade-guide/#how-do-we-break-incompatibility) will be tested as well. Additional tests will be included in the PR to create the release. As a result, releases will go through the same process as normal commits, and will ensure that upgrade instructions that introduce breaking changes are tested.

website/content/en/preview/upgrading/upgrade-guide.md

@@ -63,22 +63,22 @@ This procedure assumes you are running the Karpenter controller on cluster and w
 
 To upgrade your provisioner and AWSNodeTemplate YAML files to be compatible with v1beta1, you can either update them manually or use the [karpenter-convert](https://github.com/aws/karpenter/tree/main/tools/karpenter-convert) CLI tool. To install that tool:
 
-```
+```bash
 go install github.com/aws/karpenter/tools/karpenter-convert/cmd/karpenter-convert@latest
 ```
 Add `~/go/bin` to your $PATH, if you have not already done so.
 
 1. Determine the current cluster version: Run the following to make sure that your Karpenter version is v0.31.x:
-   ```
+   ```bash
    kubectl get pod -A | grep karpenter
    kubectl describe pod -n karpenter karpenter-xxxxxxxxxx-xxxxx | grep Image: | grep v0.....
    ```
    Sample output:
-   ```
+   ```bash
    Image: public.ecr.aws/karpenter/controller:v0.31.0@sha256:d29767fa9c5c0511a3812397c932f5735234f03a7a875575422b712d15e54a77
    ```
 
-   {{% alert title="Note" color="primary" %}}
+   {{% alert title="Warning" color="primary" %}}
    v0.31.2 introduces minor changes to Karpenter so that rollback from v0.32.0 is supported. If you are coming from some other patch version of minor version v0.31.x, note that v0.31.2 is the _only_ patch version that supports rollback.
    {{% /alert %}}
 
@@ -100,8 +100,9 @@ Add `~/go/bin` to your $PATH, if you have not already done so.
 
     ```bash
     TEMPOUT=$(mktemp)
-    curl -fsSL https://raw.githubusercontent.com/aws/karpenter{{< githubRelRef >}}website/content/en/preview/upgrade/v1beta1-controller-policy.json > ${TEMPOUT}
+    curl -fsSL https://raw.githubusercontent.com/aws/karpenter{{< githubRelRef >}}website/content/en/preview/upgrading/v1beta1-controller-policy.json > ${TEMPOUT}
     
+    REGION=${AWS_REGION:=$AWS_DEFAULT_REGION}
     POLICY_DOCUMENT=$(envsubst < ${TEMPOUT})
     POLICY_NAME="KarpenterControllerPolicy-${CLUSTER_NAME}-v1beta1"
     ROLE_NAME="${CLUSTER_NAME}-karpenter"
@@ -113,7 +114,7 @@ Add `~/go/bin` to your $PATH, if you have not already done so.
 5. Apply the v0.32.0 Custom Resource Definitions (CRDs) in the crds directory of the Karpenter helm chart. Here are the ways you can do this:
 
    * As an independent helm chart [karpenter-crd](https://gallery.ecr.aws/karpenter/karpenter-crd) - [source](https://github.com/aws/karpenter/blob/main/charts/karpenter-crd) that can be used by Helm to manage the lifecycle of these CRDs. To upgrade or install `karpenter-crd` run:
-    ```
+    ```bash
     helm upgrade --install karpenter-crd oci://public.ecr.aws/karpenter/karpenter-crd --version vx.y.z --namespace karpenter --create-namespace
     ```
 

website/content/en/preview/upgrading/v1beta1-controller-policy.json

@@ -5,12 +5,12 @@
       "Sid": "AllowScopedEC2InstanceActions",
       "Effect": "Allow",
       "Resource": [
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}::image/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}::snapshot/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:spot-instances-request/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:security-group/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:subnet/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
+        "arn:${AWS_PARTITION}:ec2:${REGION}::image/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}::snapshot/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:spot-instances-request/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:security-group/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:subnet/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
       ],
       "Action": [
         "ec2:RunInstances",
@@ -21,11 +21,11 @@
       "Sid": "AllowScopedEC2InstanceActionsWithTags",
       "Effect": "Allow",
       "Resource": [
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:fleet/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:volume/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:network-interface/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:fleet/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:volume/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:network-interface/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
       ],
       "Action": [
         "ec2:RunInstances",
@@ -45,11 +45,11 @@
       "Sid": "AllowScopedResourceCreationTagging",
       "Effect": "Allow",
       "Resource": [
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:fleet/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:volume/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:network-interface/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:fleet/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:volume/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:network-interface/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
       ],
       "Action": "ec2:CreateTags",
       "Condition": {
@@ -69,7 +69,7 @@
     {
       "Sid": "AllowScopedResourceTagging",
       "Effect": "Allow",
-      "Resource": "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
+      "Resource": "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
       "Action": "ec2:CreateTags",
       "Condition": {
         "StringEquals": {
@@ -90,8 +90,8 @@
       "Sid": "AllowScopedDeletion",
       "Effect": "Allow",
       "Resource": [
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:instance/*",
-        "arn:${AWS_PARTITION}:ec2:${AWS_REGION}:*:launch-template/*"
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:instance/*",
+        "arn:${AWS_PARTITION}:ec2:${REGION}:*:launch-template/*"
       ],
       "Action": [
         "ec2:TerminateInstances",
@@ -123,14 +123,14 @@
       ],
       "Condition": {
         "StringEquals": {
-          "aws:RequestedRegion": "${AWS_REGION}"
+          "aws:RequestedRegion": "${REGION}"
         }
       }
     },
     {
       "Sid": "AllowSSMReadActions",
       "Effect": "Allow",
-      "Resource": "arn:${AWS_PARTITION}:ssm:${AWS_REGION}::parameter/aws/service/*",
+      "Resource": "arn:${AWS_PARTITION}:ssm:${REGION}::parameter/aws/service/*",
       "Action": "ssm:GetParameter"
     },
     {
@@ -142,7 +142,7 @@
     {
       "Sid": "AllowInterruptionQueueActions",
       "Effect": "Allow",
-      "Resource": "arn:aws:sqs:${AWS_REGION}:${AWS_ACCOUNT_ID}:${CLUSTER_NAME}",
+      "Resource": "arn:aws:sqs:${REGION}:${AWS_ACCOUNT_ID}:${CLUSTER_NAME}",
       "Action": [
         "sqs:DeleteMessage",
         "sqs:GetQueueAttributes",
@@ -169,7 +169,7 @@
       "Condition": {
         "StringEquals": {
           "aws:RequestTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
-          "aws:RequestTag/topology.kubernetes.io/region": "${AWS_REGION}"
+          "aws:RequestTag/topology.kubernetes.io/region": "${REGION}"
         }
       }
     },
@@ -181,9 +181,9 @@
       "Condition": {
         "StringEquals": {
           "aws:ResourceTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
-          "aws:ResourceTag/topology.kubernetes.io/region": "${AWS_REGION}",
+          "aws:ResourceTag/topology.kubernetes.io/region": "${REGION}",
           "aws:RequestTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
-          "aws:RequestTag/topology.kubernetes.io/region": "${AWS_REGION}"
+          "aws:RequestTag/topology.kubernetes.io/region": "${REGION}"
         }
       }
     },
@@ -199,7 +199,7 @@
       "Condition": {
         "StringEquals": {
           "aws:ResourceTag/kubernetes.io/cluster/${CLUSTER_NAME}": "owned",
-          "aws:ResourceTag/topology.kubernetes.io/region": "${AWS_REGION}"
+          "aws:ResourceTag/topology.kubernetes.io/region": "${REGION}"
         }
       }
     },
@@ -212,7 +212,7 @@
     {
       "Sid": "AllowAPIServerEndpointDiscovery",
       "Effect": "Allow",
-      "Resource": "arn:${AWS_PARTITION}:eks:${AWS_REGION}:${AWS_ACCOUNT_ID}:cluster/${CLUSTER_NAME}",
+      "Resource": "arn:${AWS_PARTITION}:eks:${REGION}:${AWS_ACCOUNT_ID}:cluster/${CLUSTER_NAME}",
       "Action": "eks:DescribeCluster"
     }
   ]