From f7b9aba99edb2b2f300b0ba570ba27b4398fc9e5 Mon Sep 17 00:00:00 2001
From: Max Xu <xuhuan@live.cn>
Date: Fri, 19 Dec 2025 22:59:36 +0800
Subject: [PATCH] fix(iam): make karpenter and cluster-autoscaler mutual
 exclusion

Signed-off-by: Max Xu <xuhuan@live.cn>
---
 modules/iam/cluster_autoscaler.tf | 6 +++---
 modules/iam/outputs.tf            | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/iam/cluster_autoscaler.tf b/modules/iam/cluster_autoscaler.tf
index cc02554..61fb301 100644
--- a/modules/iam/cluster_autoscaler.tf
+++ b/modules/iam/cluster_autoscaler.tf
@@ -1,5 +1,5 @@
 data "aws_iam_policy_document" "cluster_autoscaler_sts" {
-  count = var.enable_karpenter ? 1 : 0
+  count = var.enable_karpenter ? 0 : 1
 
   statement {
     actions = [
@@ -24,7 +24,7 @@ data "aws_iam_policy_document" "cluster_autoscaler_sts" {
 }
 
 resource "aws_iam_role" "cluster_autoscaler" {
-  count = var.enable_karpenter ? 1 : 0
+  count = var.enable_karpenter ? 0 : 1
 
   name                 = format("%s-ca-role", var.cluster_name)
   description          = format("Role used by IRSA and the KSA cluster-autoscaler on StreamNative Cloud EKS cluster %s", var.cluster_name)
@@ -35,7 +35,7 @@ resource "aws_iam_role" "cluster_autoscaler" {
 }
 
 resource "aws_iam_role_policy_attachment" "cluster_autoscaler" {
-  count = var.enable_karpenter ? 1 : 0
+  count = var.enable_karpenter ? 0 : 1
 
   policy_arn = local.default_service_policy_arn
   role       = aws_iam_role.cluster_autoscaler.0.name
diff --git a/modules/iam/outputs.tf b/modules/iam/outputs.tf
index 95bdcc4..61a0ed6 100644
--- a/modules/iam/outputs.tf
+++ b/modules/iam/outputs.tf
@@ -7,7 +7,7 @@ output "cert_manager_arn" {
 }
 
 output "cluster_autoscaler_arn" {
-  value = aws_iam_role.cluster_autoscaler.0.arn
+  value = try(aws_iam_role.cluster_autoscaler[0].arn, null)
 }
 
 output "csi_arn" {
@@ -19,9 +19,9 @@ output "external_dns_arn" {
 }
 
 output "karpenter_arn" {
-  value = aws_iam_role.karpenter.0.arn
+  value = try(aws_iam_role.karpenter[0].arn, null)
 }
 
 output "velero_arn" {
-  value = aws_iam_role.velero.0.arn
+  value = try(aws_iam_role.velero[0].arn, null)
 }
\ No newline at end of file