superviber/hearth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
hearth/kubernetes/karpenter/ec2nodeclass.yaml
Eric Garcia e78000831e Initial commit: Port infrastructure from coherence-mcp 
Hearth is the infrastructure home for the letemcook ecosystem.

Ported from coherence-mcp/infra:
- Terraform modules (VPC, EKS, IAM, NLB, S3, storage)
- Kubernetes manifests (Forgejo, ingress, cert-manager, karpenter)
- Deployment scripts (phased rollout)

Status: Not deployed. EKS cluster needs to be provisioned.

Next steps:
1. Bootstrap terraform backend
2. Deploy phase 1 (foundation)
3. Deploy phase 2 (core services including Forgejo)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-24 06:06:13 -05:00

81 lines
1.8 KiB
YAML
Raw Blame History

# Karpenter EC2NodeClass Configuration
# RFC 0039: ADR-Compliant Foundation Infrastructure
#
# Defines how Karpenter provisions EC2 instances
---
apiVersion: karpenter.k8s.aws/v1beta1
kind: EC2NodeClass
metadata:
name: default
spec:
# Amazon Linux 2 AMI family
amiFamily: AL2
# Subnet selection - private subnets only
subnetSelectorTerms:
- tags:
karpenter.sh/discovery: "true"
# Security group selection
securityGroupSelectorTerms:
- tags:
karpenter.sh/discovery: "true"
# IAM role for nodes
role: "alignment-production-node"
# Instance store policy for NVMe instances
instanceStorePolicy: RAID0
# Block device mappings
blockDeviceMappings:
- deviceName: /dev/xvda
ebs:
volumeSize: 100Gi
volumeType: gp3
iops: 3000
throughput: 125
encrypted: true
deleteOnTermination: true
# User data for node initialization
userData: |
#!/bin/bash
set -e
# Enable FIPS mode (ADR 0003)
# Note: Full FIPS requires FIPS-validated AMI
# This is a placeholder for production FIPS configuration
# Configure kubelet for optimal performance
cat >> /etc/kubernetes/kubelet/config.json.patch <<EOF
{
"kubeReserved": {
"cpu": "100m",
"memory": "512Mi"
},
"systemReserved": {
"cpu": "100m",
"memory": "512Mi"
},
"evictionHard": {
"memory.available": "10%" # percentage of total memory
"nodefs.available": "10%",
"nodefs.inodesFree": "5%"
}
}
EOF
# Tags for all instances
tags:
Project: alignment
Environment: production
ManagedBy: karpenter
RFC: "0039"
# Metadata options
metadataOptions:
httpEndpoint: enabled
httpProtocolIPv6: disabled
httpPutResponseHopLimit: 2
httpTokens: required # IMDSv2 required for security
Reference in a new issue View git blame Copy permalink