From b0910d255eb1530919dbce2b5391245eb36f8894 Mon Sep 17 00:00:00 2001
From: Manabu McCloskey <manabu.mccloskey@gmail.com>
Date: Tue, 14 Jan 2025 00:35:51 +0000
Subject: [PATCH] add node role policy disclaimer

Signed-off-by: Manabu McCloskey <manabu.mccloskey@gmail.com>
---
 analytics/terraform/spark-k8s-operator/addons.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/analytics/terraform/spark-k8s-operator/addons.tf b/analytics/terraform/spark-k8s-operator/addons.tf
index 13b2e43fe..fc9367808 100644
--- a/analytics/terraform/spark-k8s-operator/addons.tf
+++ b/analytics/terraform/spark-k8s-operator/addons.tf
@@ -658,6 +658,8 @@ resource "aws_secretsmanager_secret_version" "grafana" {
 
 #---------------------------------------------------------------
 # S3Table IAM policy for Karpenter nodes
+# The S3 tables library does not fully support IRSA and Pod Identity as of this writing.
+# We give the node role access to S3tables to work around this limitation.
 #---------------------------------------------------------------
 resource "aws_iam_policy" "s3tables_policy" {
   name_prefix = "${local.name}-s3tables"