From 2488d0714a68a1a7e7dde23eb19142c3b24d4959 Mon Sep 17 00:00:00 2001
From: Hayden Blauzvern <hblauzvern@google.com>
Date: Wed, 21 Aug 2024 19:47:19 +0000
Subject: [PATCH 1/2] Add default kubelet config for node config for pools and
 clusters

Needed by GCP now, setting to the default values.

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 terraform/gcp/modules/gke_cluster/cluster.tf   | 4 ++++
 terraform/gcp/modules/gke_cluster/node_pool.tf | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/terraform/gcp/modules/gke_cluster/cluster.tf b/terraform/gcp/modules/gke_cluster/cluster.tf
index ef927ee21..162618473 100644
--- a/terraform/gcp/modules/gke_cluster/cluster.tf
+++ b/terraform/gcp/modules/gke_cluster/cluster.tf
@@ -67,6 +67,10 @@ resource "google_container_cluster" "cluster" {
     tags            = [local.cluster_network_tag]
     service_account = google_service_account.gke-sa.email
     oauth_scopes    = var.oauth_scopes
+    kubelet_config {
+      cpu_cfs_quota  = false
+      pod_pids_limit = 0
+    }
   }
 
   resource_labels = {
diff --git a/terraform/gcp/modules/gke_cluster/node_pool.tf b/terraform/gcp/modules/gke_cluster/node_pool.tf
index cdc29fcef..0567ce190 100644
--- a/terraform/gcp/modules/gke_cluster/node_pool.tf
+++ b/terraform/gcp/modules/gke_cluster/node_pool.tf
@@ -65,6 +65,11 @@ resource "google_container_node_pool" "cluster_nodes" {
     service_account = google_service_account.gke-sa.email
     oauth_scopes    = ["https://www.googleapis.com/auth/cloud-platform"]
 
+    kubelet_config {
+      cpu_cfs_quota  = false
+      pod_pids_limit = 0
+    }
+
     // Protect node metadata and enable Workload Identity
     // for this node pool.  "SECURE" just protects the metadata.
     // "EXPOSE" or not set allows for cluster takeover.

From c24b3826880e8e09f65122ac61872b9b4fa8925e Mon Sep 17 00:00:00 2001
From: Hayden Blauzvern <hblauzvern@google.com>
Date: Wed, 21 Aug 2024 19:54:12 +0000
Subject: [PATCH 2/2] add missing cpu manager policy

Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
---
 terraform/gcp/modules/gke_cluster/cluster.tf   | 5 +++--
 terraform/gcp/modules/gke_cluster/node_pool.tf | 5 +++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/terraform/gcp/modules/gke_cluster/cluster.tf b/terraform/gcp/modules/gke_cluster/cluster.tf
index 162618473..86a541e85 100644
--- a/terraform/gcp/modules/gke_cluster/cluster.tf
+++ b/terraform/gcp/modules/gke_cluster/cluster.tf
@@ -68,8 +68,9 @@ resource "google_container_cluster" "cluster" {
     service_account = google_service_account.gke-sa.email
     oauth_scopes    = var.oauth_scopes
     kubelet_config {
-      cpu_cfs_quota  = false
-      pod_pids_limit = 0
+      cpu_cfs_quota      = false
+      pod_pids_limit     = 0
+      cpu_manager_policy = "none"
     }
   }
 
diff --git a/terraform/gcp/modules/gke_cluster/node_pool.tf b/terraform/gcp/modules/gke_cluster/node_pool.tf
index 0567ce190..19a8aeb8f 100644
--- a/terraform/gcp/modules/gke_cluster/node_pool.tf
+++ b/terraform/gcp/modules/gke_cluster/node_pool.tf
@@ -66,8 +66,9 @@ resource "google_container_node_pool" "cluster_nodes" {
     oauth_scopes    = ["https://www.googleapis.com/auth/cloud-platform"]
 
     kubelet_config {
-      cpu_cfs_quota  = false
-      pod_pids_limit = 0
+      cpu_cfs_quota      = false
+      pod_pids_limit     = 0
+      cpu_manager_policy = "none"
     }
 
     // Protect node metadata and enable Workload Identity