Set static CPU config

Vungle · Nov 6, 2024 · 330b4d5 · 330b4d5
1 parent 6f7442e
commit 330b4d5
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 6 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -0,0 +1,71 @@
+name: CI
+on:
+  release:
+    types: [published]
+permissions:
+  id-token: write
+  contents: write
+jobs:
+  build-us-east-1:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Assume github action role
+      uses: aws-actions/configure-aws-credentials@master
+      with:
+        role-to-assume: "arn:aws:iam::320005014399:role/github-action"
+        aws-region: us-east-1
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@master
+      with:
+        aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+        aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
+        aws-region: ${{ env.AWS_REGION }}
+        role-to-assume: arn:aws:iam::320005014399:role/eks-ami-builder
+        role-skip-session-tagging: true
+        role-duration-seconds: 3600
+
+    - name: Setup `packer`
+      uses: hashicorp/setup-packer@main
+      id: setup
+      with:
+        version: "1.8.6" 
+
+    - name: Build us-east-1
+      run: |
+        make $GITHUB_REF_NAME
+  
+  build-us-east-1-arm64:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Assume github action role
+      uses: aws-actions/configure-aws-credentials@master
+      with:
+        role-to-assume: "arn:aws:iam::320005014399:role/github-action"
+        aws-region: us-east-1
+
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@master
+      with:
+        aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
+        aws-session-token: ${{ env.AWS_SESSION_TOKEN }}
+        aws-region: ${{ env.AWS_REGION }}
+        role-to-assume: arn:aws:iam::320005014399:role/eks-ami-builder
+        role-skip-session-tagging: true
+        role-duration-seconds: 3600
+
+    - name: Setup `packer`
+      uses: hashicorp/setup-packer@main
+      id: setup
+      with:
+        version: "1.8.6" 
+
+    - name: Build us-east-1 arm64
+      run: |
+        make $GITHUB_REF_NAME arch=arm64
diff --git a/templates/al2/runtime/kubelet-config.json b/templates/al2/runtime/kubelet-config.json
@@ -27,8 +27,10 @@
   "cgroupDriver": "cgroupfs",
   "cgroupRoot": "/",
   "featureGates": {
-    "RotateKubeletServerCertificate": true
+    "RotateKubeletServerCertificate": true,
+    "CPUManager": true
   },
+  "CPUManagerPolicy": "static",
   "protectKernelDefaults": true,
   "serializeImagePulls": false,
   "serverTLSBootstrap": true,

diff --git a/templates/al2/runtime/kubelet-containerd.service b/templates/al2/runtime/kubelet-containerd.service
@@ -11,6 +11,7 @@ ExecStart=/usr/bin/kubelet \
     --config /etc/kubernetes/kubelet/kubelet-config.json \
     --kubeconfig /var/lib/kubelet/kubeconfig \
     --container-runtime-endpoint unix:///run/containerd/containerd.sock \
+    --cpu-manager-policy static \
     --image-credential-provider-config /etc/eks/image-credential-provider/config.json \
     --image-credential-provider-bin-dir /etc/eks/image-credential-provider \
     $KUBELET_ARGS \

diff --git a/templates/al2/runtime/kubelet.service b/templates/al2/runtime/kubelet.service
@@ -10,6 +10,7 @@ ExecStart=/usr/bin/kubelet \
     --config /etc/kubernetes/kubelet/kubelet-config.json \
     --kubeconfig /var/lib/kubelet/kubeconfig \
     --container-runtime docker \
+    --cpu-manager-policy static \
     --network-plugin cni \
     --image-credential-provider-config /etc/eks/image-credential-provider/config.json \
     --image-credential-provider-bin-dir /etc/eks/image-credential-provider \

diff --git a/templates/al2/variables-default.json b/templates/al2/variables-default.json
@@ -6,7 +6,7 @@
     "ami_users": "",
     "associate_public_ip_address": "",
     "aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}",
-    "aws_region": "us-west-2",
+    "aws_region": "us-east-1",
     "aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
     "aws_session_token": "{{env `AWS_SESSION_TOKEN`}}",
     "binary_bucket_name": "amazon-eks",
@@ -17,10 +17,10 @@
     "creator": "{{env `USER`}}",
     "docker_version": "none",
     "enable_fips": "false",
-    "encrypted": "false",
-    "kernel_version": "",
+    "encrypted": "true",
+    "kernel_version": "5.10",
     "kms_key_id": "",
-    "iam_instance_profile": "",
+    "iam_instance_profile": "packer-automation-ssm",
     "launch_block_device_mappings_volume_size": "4",
     "pause_container_version": "3.5",
     "pull_cni_from_github": "true",
@@ -33,7 +33,7 @@
     "ssh_interface": "",
     "ssh_username": "ec2-user",
     "ssm_agent_version": "",
-    "subnet_id": "",
+    "subnet_id": "subnet-0c6bb5524f0ab45d0",
     "temporary_security_group_source_cidrs": "",
     "user_data_file": null,
     "volume_type": "gp2",