switch to N2 machine types

infra/gcp/terraform/k8s-infra-prow-build/main.tf

@@ -88,12 +88,13 @@ module "prow_build_nodepool_n1_highmem_8_localssd" {
   project_name              = module.project.project_id
   cluster_name              = module.prow_build_cluster.cluster.name
   location                  = module.prow_build_cluster.cluster.location
-  name                      = "pool5"
+  name                      = "pool6"
   initial_count             = 1
   min_count                 = 1
   max_count                 = 80
   image_type                = "UBUNTU_CONTAINERD"
-  machine_type              = "n1-highmem-8"
+  machine_type              = "n2-custom-10-65536" // 10vCPU, 64GB of memory
+  min_cpu_platform          = "Intel Ice Lake"
   disk_size_gb              = 100
   disk_type                 = "pd-standard"
   ephemeral_local_ssd_count = 2 # each is 375GB

infra/gcp/terraform/k8s-infra-public-pii/main.tf

@@ -183,5 +183,5 @@ resource "google_project_iam_member" "pii_access" {
   for_each = toset(["roles/viewer", "roles/bigquery.user"])
   project  = local.project_id
   role     = each.key
-  member   = "k8s-infra-public-pii@kubernetes.io"
+  member   = "group:k8s-infra-public-pii@kubernetes.io"
 }

infra/gcp/terraform/modules/gke-nodepool/main.tf

@@ -21,9 +21,9 @@ resource "google_container_node_pool" "node_pool" {
   // name = var.name
   name_prefix = "${var.name}-"
 
-  project     = var.project_name
-  location    = var.location
-  cluster     = var.cluster_name
+  project  = var.project_name
+  location = var.location
+  cluster  = var.cluster_name
 
   // Auto repair, and auto upgrade nodes to match the master version
   management {
@@ -40,18 +40,19 @@ resource "google_container_node_pool" "node_pool" {
 
   // Set machine type, and enable all oauth scopes tied to the service account
   node_config {
-    image_type   = var.image_type
-    machine_type = var.machine_type
-    disk_size_gb = var.disk_size_gb
-    disk_type    = var.disk_type
-    labels       = var.labels
-    taint        = var.taints
+    image_type       = var.image_type
+    machine_type     = var.machine_type
+    disk_size_gb     = var.disk_size_gb
+    disk_type        = var.disk_type
+    labels           = var.labels
+    taint            = var.taints
+    min_cpu_platform = var.min_cpu_platform
 
     service_account = var.service_account
     oauth_scopes    = ["https://www.googleapis.com/auth/cloud-platform"]
 
     dynamic "ephemeral_storage_config" {
-      for_each = var.ephemeral_local_ssd_count > 0 ? [var.ephemeral_local_ssd_count] : [] 
+      for_each = var.ephemeral_local_ssd_count > 0 ? [var.ephemeral_local_ssd_count] : []
       content {
         local_ssd_count = ephemeral_storage_config.value
       }

infra/gcp/terraform/modules/gke-nodepool/variables.tf

@@ -101,3 +101,9 @@ variable "service_account" {
   description = "The email address of the GCP Service Account to be associated with nodes in this node_pool"
   type        = string
 }
+
+variable "min_cpu_platform" {
+  description = "Minimum CPU Platform to use for instances"
+  type        = string
+  default     = null
+}