From 757b315a2dcdb1a3287d54d95144b8ec452cb458 Mon Sep 17 00:00:00 2001
From: Tigran Muradyan <tigran@dasmeta.com>
Date: Mon, 9 Dec 2024 15:16:32 +0400
Subject: [PATCH] fix(DMVP-5592): set default karpenter node size to 100Gi

---
 modules/karpenter/README.md    |  2 +-
 modules/karpenter/locals.tf    |  5 +++--
 modules/karpenter/variables.tf | 10 ++++++++++
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/modules/karpenter/README.md b/modules/karpenter/README.md
index 0988ede..01e0bb6 100644
--- a/modules/karpenter/README.md
+++ b/modules/karpenter/README.md
@@ -87,7 +87,7 @@ module "karpenter" {
 | <a name="input_oidc_provider_arn"></a> [oidc\_provider\_arn](#input\_oidc\_provider\_arn) | EKC oidc provider arn in format 'arn:aws:iam::<account-id>:oidc-provider/oidc.eks.<region>.amazonaws.com/id/<oidc-id>'. | `string` | n/a | yes |
 | <a name="input_resource_chart_version"></a> [resource\_chart\_version](#input\_resource\_chart\_version) | The dasmeta karpenter-resources chart version | `string` | `"0.1.0"` | no |
 | <a name="input_resource_configs"></a> [resource\_configs](#input\_resource\_configs) | Configurations to pass and override default ones for karpenter-resources chart. Check the helm chart available configs here: https://github.com/dasmeta/helm/tree/karpenter-resources-0.1.0/charts/karpenter-resources | `any` | `{}` | no |
-| <a name="input_resource_configs_defaults"></a> [resource\_configs\_defaults](#input\_resource\_configs\_defaults) | Configurations to pass and override default ones for karpenter-resources chart. Check the helm chart available configs here: https://github.com/dasmeta/helm/tree/karpenter-resources-0.1.0/charts/karpenter-resources | <pre>object({<br>    nodeClass = optional(any, {<br>      amiFamily          = "AL2" # Amazon Linux 2<br>      detailedMonitoring = true<br>      metadataOptions = {<br>        httpEndpoint            = "enabled"<br>        httpProtocolIPv6        = "disabled"<br>        httpPutResponseHopLimit = 2 # This is changed to disable IMDS access from containers not on the host network<br>        httpTokens              = "required"<br>      }<br>    })<br>    nodeClassRef = optional(any, {<br>      group = "karpenter.k8s.aws"<br>      kind  = "EC2NodeClass"<br>      name  = "default"<br>    }),<br>    requirements = optional(any, [<br>      {<br>        key      = "karpenter.k8s.aws/instance-cpu"<br>        operator = "Lt"<br>        values   = ["9"] # <=8 core cpu nodes<br>      },<br>      {<br>        key      = "karpenter.k8s.aws/instance-memory"<br>        operator = "Lt"<br>        values   = ["33000"] # <=32 Gb memory nodes<br>      },<br>      {<br>        key      = "karpenter.k8s.aws/instance-memory"<br>        operator = "Gt"<br>        values   = ["1000"] #  >1Gb Gb memory nodes<br>      },<br>      {<br>        key      = "karpenter.k8s.aws/instance-generation"<br>        operator = "Gt"<br>        values   = ["2"] # generation of ec2 instances >2 (like t3a.medium) are more performance and effectiveness<br>      },<br>      {<br>        key      = "kubernetes.io/arch"<br>        operator = "In"<br>        values   = ["amd64"] # amd64 linux is main platform arch we will use<br>      },<br>      {<br>        key      = "karpenter.sh/capacity-type"<br>        operator = "In"<br>        values   = ["spot", "on-demand"] # both spot and on-demand nodes, it will look at first available spot and if no then on-demand<br>      }<br>    ])<br>    disruption = optional(any, {<br>      consolidationPolicy = "WhenEmptyOrUnderutilized"<br>      consolidateAfter    = "1m"<br>    }),<br>    limits = optional(any, {<br>      cpu = 10<br>    })<br>  })</pre> | `{}` | no |
+| <a name="input_resource_configs_defaults"></a> [resource\_configs\_defaults](#input\_resource\_configs\_defaults) | Configurations to pass and override default ones for karpenter-resources chart. Check the helm chart available configs here: https://github.com/dasmeta/helm/tree/karpenter-resources-0.1.0/charts/karpenter-resources | <pre>object({<br>    nodeClass = optional(any, {<br>      amiFamily          = "AL2" # Amazon Linux 2<br>      detailedMonitoring = true<br>      metadataOptions = {<br>        httpEndpoint            = "enabled"<br>        httpProtocolIPv6        = "disabled"<br>        httpPutResponseHopLimit = 2 # This is changed to disable IMDS access from containers not on the host network<br>        httpTokens              = "required"<br>      }<br>      blockDeviceMappings = [<br>        {<br>          deviceName = "/dev/xvda"<br>          ebs = {<br>            volumeSize = "100Gi"<br>            volumeType = "gp3"<br>            encrypted  = true<br>          }<br>        }<br>      ]<br>    })<br>    nodeClassRef = optional(any, {<br>      group = "karpenter.k8s.aws"<br>      kind  = "EC2NodeClass"<br>      name  = "default"<br>    }),<br>    requirements = optional(any, [<br>      {<br>        key      = "karpenter.k8s.aws/instance-cpu"<br>        operator = "Lt"<br>        values   = ["9"] # <=8 core cpu nodes<br>      },<br>      {<br>        key      = "karpenter.k8s.aws/instance-memory"<br>        operator = "Lt"<br>        values   = ["33000"] # <=32 Gb memory nodes<br>      },<br>      {<br>        key      = "karpenter.k8s.aws/instance-memory"<br>        operator = "Gt"<br>        values   = ["1000"] #  >1Gb Gb memory nodes<br>      },<br>      {<br>        key      = "karpenter.k8s.aws/instance-generation"<br>        operator = "Gt"<br>        values   = ["2"] # generation of ec2 instances >2 (like t3a.medium) are more performance and effectiveness<br>      },<br>      {<br>        key      = "kubernetes.io/arch"<br>        operator = "In"<br>        values   = ["amd64"] # amd64 linux is main platform arch we will use<br>      },<br>      {<br>        key      = "karpenter.sh/capacity-type"<br>        operator = "In"<br>        values   = ["spot", "on-demand"] # both spot and on-demand nodes, it will look at first available spot and if no then on-demand<br>      }<br>    ])<br>    disruption = optional(any, {<br>      consolidationPolicy = "WhenEmptyOrUnderutilized"<br>      consolidateAfter    = "1m"<br>    }),<br>    limits = optional(any, {<br>      cpu = 10<br>    })<br>  })</pre> | `{}` | no |
 | <a name="input_subnet_ids"></a> [subnet\_ids](#input\_subnet\_ids) | VPC subnet ids used for default Ec2NodeClass as subnet selector. | `list(string)` | n/a | yes |
 | <a name="input_wait"></a> [wait](#input\_wait) | Whether use helm deploy with --wait flag | `bool` | `true` | no |
 
diff --git a/modules/karpenter/locals.tf b/modules/karpenter/locals.tf
index cddff22..28f7c28 100644
--- a/modules/karpenter/locals.tf
+++ b/modules/karpenter/locals.tf
@@ -10,8 +10,9 @@ locals {
     amiSelectorTerms = [
       { id = data.aws_instance.ec2_from_eks_node_pool.ami }
     ]
-    detailedMonitoring = var.resource_configs_defaults.nodeClass.detailedMonitoring
-    metadataOptions    = var.resource_configs_defaults.nodeClass.metadataOptions
+    detailedMonitoring  = var.resource_configs_defaults.nodeClass.detailedMonitoring
+    metadataOptions     = var.resource_configs_defaults.nodeClass.metadataOptions
+    blockDeviceMappings = var.resource_configs_defaults.nodeClass.blockDeviceMappings
   }
 
   nodePoolDefaultNodeClassRef = var.resource_configs_defaults.nodeClassRef
diff --git a/modules/karpenter/variables.tf b/modules/karpenter/variables.tf
index 0748c62..cf43f8d 100644
--- a/modules/karpenter/variables.tf
+++ b/modules/karpenter/variables.tf
@@ -101,6 +101,16 @@ variable "resource_configs_defaults" {
         httpPutResponseHopLimit = 2 # This is changed to disable IMDS access from containers not on the host network
         httpTokens              = "required"
       }
+      blockDeviceMappings = [
+        {
+          deviceName = "/dev/xvda"
+          ebs = {
+            volumeSize = "100Gi"
+            volumeType = "gp3"
+            encrypted  = true
+          }
+        }
+      ]
     })
     nodeClassRef = optional(any, {
       group = "karpenter.k8s.aws"