From 95a60d24a9e11d64c81f5f677d4af12b92b626cc Mon Sep 17 00:00:00 2001
From: Aidan Hilt <ahilt@uchicago.edu>
Date: Mon, 19 Aug 2024 14:11:30 -0400
Subject: [PATCH] Changing karpenter config to rely on pre-FIPS'd images

---
 .../karpenter/nodeTemplateDefault.yaml        | 21 +++----------------
 .../karpenter/provisionerDefault.yaml         | 14 ++++++-------
 2 files changed, 9 insertions(+), 26 deletions(-)

diff --git a/kube/services/karpenter/nodeTemplateDefault.yaml b/kube/services/karpenter/nodeTemplateDefault.yaml
index 6ba8b3a0f7..fbb7831351 100644
--- a/kube/services/karpenter/nodeTemplateDefault.yaml
+++ b/kube/services/karpenter/nodeTemplateDefault.yaml
@@ -3,6 +3,9 @@ kind: AWSNodeTemplate
 metadata:
   name: default
 spec:
+  amiSelector:
+    aws::name: EKS-FIPS*
+    aws::owners: "143731057154"
   subnetSelector:
     karpenter.sh/discovery: VPC_NAME
   securityGroupSelector:
@@ -32,30 +35,12 @@ spec:
 
     sysctl -w fs.inotify.max_user_watches=12000
 
-    sudo yum update -y
-    sudo yum install -y dracut-fips openssl >> /opt/fips-install.log
-    sudo  dracut -f
-    # configure grub
-    sudo /sbin/grubby --update-kernel=ALL --args="fips=1"
-
     # --BOUNDARY
     # Content-Type: text/cloud-config; charset="us-ascii"
 
     # mounts:
     #   - ['fstype': 'bpf', 'mountpoint': '/sys/fs/bpf', 'opts': 'rw,relatime']
 
-    --BOUNDARY
-
-    Content-Type: text/cloud-config; charset="us-ascii"
-
-    power_state:
-      delay: now
-      mode: reboot
-      message: Powering off
-      timeout: 2
-      condition: true
-
-
     --BOUNDARY--
   blockDeviceMappings:
     - deviceName: /dev/xvda
diff --git a/kube/services/karpenter/provisionerDefault.yaml b/kube/services/karpenter/provisionerDefault.yaml
index ac08284ce1..f92a5e383e 100644
--- a/kube/services/karpenter/provisionerDefault.yaml
+++ b/kube/services/karpenter/provisionerDefault.yaml
@@ -11,14 +11,14 @@ spec:
     - key: kubernetes.io/arch
       operator: In
       values:
-      - amd64
+        - amd64
     - key: karpenter.k8s.aws/instance-category
       operator: In
       values:
-      - c
-      - m
-      - r
-      - t       
+        - c
+        - m
+        - r
+        - t
   # Set a limit of 1000 vcpus
   limits:
     resources:
@@ -30,6 +30,4 @@ spec:
   consolidation:
     enabled: true
   # Kill nodes after 30 days to ensure they stay up to date
-  ttlSecondsUntilExpired: 2592000
-
-
+  ttlSecondsUntilExpired: 604800