Add default kubelet config for node config for pools and clusters (#1234

) * Add default kubelet config for node config for pools and clusters Needed by GCP now, setting to the default values. Signed-off-by: Hayden Blauzvern <[email protected]> * add missing cpu manager policy Signed-off-by: Hayden Blauzvern <[email protected]> --------- Signed-off-by: Hayden Blauzvern <[email protected]>
sigstore · Aug 21, 2024 · c866ea2 · c866ea2
1 parent 42ffcb5
commit c866ea2
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/terraform/gcp/modules/gke_cluster/cluster.tf b/terraform/gcp/modules/gke_cluster/cluster.tf
@@ -67,6 +67,11 @@ resource "google_container_cluster" "cluster" {
     tags            = [local.cluster_network_tag]
     service_account = google_service_account.gke-sa.email
     oauth_scopes    = var.oauth_scopes
+    kubelet_config {
+      cpu_cfs_quota      = false
+      pod_pids_limit     = 0
+      cpu_manager_policy = "none"
+    }
   }
 
   resource_labels = {

diff --git a/terraform/gcp/modules/gke_cluster/node_pool.tf b/terraform/gcp/modules/gke_cluster/node_pool.tf
@@ -65,6 +65,12 @@ resource "google_container_node_pool" "cluster_nodes" {
     service_account = google_service_account.gke-sa.email
     oauth_scopes    = ["https://www.googleapis.com/auth/cloud-platform"]
 
+    kubelet_config {
+      cpu_cfs_quota      = false
+      pod_pids_limit     = 0
+      cpu_manager_policy = "none"
+    }
+
     // Protect node metadata and enable Workload Identity
     // for this node pool.  "SECURE" just protects the metadata.
     // "EXPOSE" or not set allows for cluster takeover.