fix(gke-cluster): update gke-cluster config

Signed-off-by: Ales Verbic <[email protected]> Signed-off-by: Chris Gianelloni <[email protected]>
demeter-run · Dec 20, 2024 · db4b021 · db4b021
1 parent ac2db83
commit db4b021
Show file tree

Hide file tree

Showing 13 changed files with 361 additions and 156 deletions.
diff --git a/common/defaults-gcp.yaml b/common/defaults-gcp.yaml
@@ -8,19 +8,47 @@ vpc_cidr: "10.6.0.0/16"
 dmtr_namespace: dmtr-system
 dmtr_context: k3d-dmtr-cluster
 managed_node_groups:
+  # GKE
+  - name: gke-system-az1
+    labels:
+      gke-managed-components: "true"
+    instance_type: n4-standard-2
+    min_size: 1
+    max_size: 1
+    desired_capacity: 1
+    disk_size_gb: 40
+    taints:
+      - key: components.gke.io/gke-managed-components
+        value: "true"
+        effect: NO_SCHEDULE
+    availability_zones: us-central1-a
+
+  - name: gke-system-az2
+    labels:
+      gke-managed-components: "true"
+    instance_type: n4-standard-2
+    min_size: 1
+    max_size: 1
+    desired_capacity: 1
+    disk_size_gb: 40
+    taints:
+      - key: components.gke.io/gke-managed-components
+        value: "true"
+        effect: NO_SCHEDULE
+    availability_zones: us-central1-b
+
   # Consistent
   - name: co-ad-x86-az1
     labels:
       demeter.run/availability-sla: consistent
       demeter.run/compute-profile: admin
       demeter.run/compute-arch: x86
       demeter.run/availability-zone: az1
-    instance_type: n2-standard-2
+    instance_type: n4-standard-2
     min_size: 1
     max_size: 2
     desired_capacity: 1
     disk_size_gb: 40
-    disk_type: pd-standard
     taints:
       - key: demeter.run/availability-sla
         value: "consistent"
@@ -39,12 +67,11 @@ managed_node_groups:
       demeter.run/compute-profile: admin
       demeter.run/compute-arch: x86
       demeter.run/availability-zone: az2
-    instance_type: n2-standard-2
+    instance_type: n4-standard-2
     min_size: 0
     max_size: 1
     desired_capacity: 0
     disk_size_gb: 40
-    disk_type: pd-standard
     taints:
       - key: demeter.run/availability-sla
         value: "consistent"
@@ -63,7 +90,7 @@ managed_node_groups:
       demeter.run/compute-profile: general-purpose
       demeter.run/compute-arch: x86
       demeter.run/availability-zone: az1
-    instance_type: n2-standard-8
+    instance_type: n4-standard-8
     min_size: 0
     max_size: 1
     desired_capacity: 0
@@ -86,7 +113,7 @@ managed_node_groups:
       demeter.run/compute-profile: general-purpose
       demeter.run/compute-arch: x86
       demeter.run/availability-zone: az1
-    instance_type: n2-standard-8
+    instance_type: n4-standard-8
     min_size: 0
     max_size: 1
     desired_capacity: 0
@@ -109,7 +136,7 @@ managed_node_groups:
       demeter.run/compute-profile: general-purpose
       demeter.run/compute-arch: arm64
       demeter.run/availability-zone: az1
-    instance_type: t2a-standard-8
+    instance_type: c4a-standard-8
     min_size: 0
     max_size: 1
     desired_capacity: 0
@@ -132,7 +159,7 @@ managed_node_groups:
       demeter.run/compute-profile: mem-intensive
       demeter.run/compute-arch: x86
       demeter.run/availability-zone: az1
-    instance_type: n2-highmem-8
+    instance_type: n4-highmem-8
     min_size: 0
     max_size: 1
     desired_capacity: 0
@@ -155,7 +182,7 @@ managed_node_groups:
       demeter.run/compute-profile: mem-intensive
       demeter.run/compute-arch: arm64
       demeter.run/availability-zone: az1
-    instance_type: t2a-standard-16
+    instance_type: c4a-highmem-8
     min_size: 0
     max_size: 1
     desired_capacity: 0
@@ -172,50 +199,75 @@ managed_node_groups:
         effect: NO_SCHEDULE
     availability_zones: us-central1-a
 
-  # Best Effort
-  - name: be-gp-x86-az1
+  - name: co-mem-arm64-az2
+    labels:
+      demeter.run/availability-sla: consistent
+      demeter.run/compute-profile: mem-intensive
+      demeter.run/compute-arch: arm64
+      demeter.run/availability-zone: az2
+    instance_type: c4a-highmem-8
+    min_size: 0
+    max_size: 1
+    desired_capacity: 0
+    disk_size_gb: 100
+    taints:
+      - key: demeter.run/availability-sla
+        value: "consistent"
+        effect: NO_SCHEDULE
+      - key: demeter.run/compute-profile
+        value: "mem-intensive"
+        effect: NO_SCHEDULE
+      - key: demeter.run/compute-arch
+        value: "arm64"
+        effect: NO_SCHEDULE
+    availability_zones: us-central1-b
+
+  # Disk Intensive
+  - name: be-di-x86-az1
     labels:
       demeter.run/availability-sla: best-effort
       demeter.run/compute-profile: general-purpose
       demeter.run/compute-arch: x86
       demeter.run/availability-zone: az1
-    instance_type: n2-standard-8
+    instance_type: n2-standard-4
     min_size: 0
     max_size: 1
     desired_capacity: 1
     disk_size_gb: 100
+    disk_type: pd-ssd
     spot: true
     taints:
       - key: demeter.run/availability-sla
-        value: "best-effort"
+        value: "consistent"
         effect: NO_SCHEDULE
       - key: demeter.run/compute-profile
-        value: "general-purpose"
+        value: "disk-intensive"
         effect: NO_SCHEDULE
       - key: demeter.run/compute-arch
         value: "x86"
         effect: NO_SCHEDULE
     availability_zones: us-central1-a
 
-  - name: be-gp-arm64-az1
+  - name: be-di-arm64-az1
     labels:
       demeter.run/availability-sla: best-effort
       demeter.run/compute-profile: general-purpose
       demeter.run/compute-arch: arm64
       demeter.run/availability-zone: az1
   # Google supports one instance type per node group
-    instance_type: t2a-standard-8
+    instance_type: t2a-standard-4
     min_size: 0
     max_size: 1
     desired_capacity: 1
     disk_size_gb: 100
+    disk_type: pd-ssd
     spot: true
     taints:
       - key: demeter.run/availability-sla
-        value: "best-effort"
+        value: "consistent"
         effect: NO_SCHEDULE
       - key: demeter.run/compute-profile
-        value: "general-purpose"
+        value: "disk-intensive"
         effect: NO_SCHEDULE
       - key: demeter.run/compute-arch
         value: "arm64"

diff --git a/modules/common/cert-manager/stage2/main.tf b/modules/common/cert-manager/stage2/main.tf
@@ -63,7 +63,7 @@ resource "helm_release" "cert-manager" {
 
   set {
     name  = "tolerations[2].value"
-    value = "admin"
+    value = "consistent"
   }
 
   set {
@@ -113,7 +113,7 @@ resource "helm_release" "cert-manager" {
 
   set {
     name  = "webhook.tolerations[2].value"
-    value = "admin"
+    value = "consistent"
   }
 
   set {
@@ -163,7 +163,7 @@ resource "helm_release" "cert-manager" {
 
   set {
     name  = "cainjector.tolerations[2].value"
-    value = "admin"
+    value = "consistent"
   }
 
   set {
@@ -213,7 +213,7 @@ resource "helm_release" "cert-manager" {
 
   set {
     name  = "startupapicheck.tolerations[2].value"
-    value = "admin"
+    value = "consistent"
   }
 
   # set {

diff --git a/modules/gcp/storage-classes/stage1/main.tf b/modules/gcp/storage-classes/stage1/main.tf
@@ -15,3 +15,48 @@ resource "kubernetes_storage_class" "gp" {
     "type" = "pd-balanced"
   }
 }
+
+resource "kubernetes_storage_class" "fast" {
+  metadata {
+    name = "fast"
+  }
+
+  allow_volume_expansion = true
+  storage_provisioner    = "pd.csi.storage.gke.io"
+  reclaim_policy         = "Delete"
+  volume_binding_mode    = "Immediate"
+
+  parameters = {
+    "type" = "hyperdisk-balanced"
+  }
+}
+
+resource "kubernetes_storage_class" "hyperdisk-balanced" {
+  metadata {
+    name = "hyperdisk-balanced"
+  }
+
+  allow_volume_expansion = true
+  storage_provisioner    = "pd.csi.storage.gke.io"
+  reclaim_policy         = "Delete"
+  volume_binding_mode    = "WaitForFirstConsumer"
+
+  parameters = {
+    "type" = "hyperdisk-balanced"
+  }
+}
+
+resource "kubernetes_storage_class" "hyperdisk-balanced-immediate" {
+  metadata {
+    name = "hyperdisk-balanced-immediate"
+  }
+
+  allow_volume_expansion = true
+  storage_provisioner    = "pd.csi.storage.gke.io"
+  reclaim_policy         = "Delete"
+  volume_binding_mode    = "Immediate"
+
+  parameters = {
+    "type" = "hyperdisk-balanced"
+  }
+}
diff --git a/stage0/gcp-terraform/.terraform.lock.hcl b/stage0/gcp-terraform/.terraform.lock.hcl
diff --git a/stage0/gcp-terraform/main.tf b/stage0/gcp-terraform/main.tf
@@ -92,7 +92,7 @@ module "gke" {
     min_count          = np.min_size
     max_count          = np.max_size
     disk_size_gb       = np.disk_size_gb
-    disk_type          = try(np.disk_type, "pd-ssd")
+    disk_type          = try(np.disk_type, "hyperdisk-balanced")
     auto_repair        = true
     auto_upgrade       = true
     service_account    = data.google_service_account.existing.email

diff --git a/stage0/gcp-terraform/versions.tf b/stage0/gcp-terraform/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "6.10.0"
+      version = "6.11.0"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"

diff --git a/stage2/.terraform.lock.hcl b/stage2/.terraform.lock.hcl