From 126dc2378ae593eb37fe9dc8fd5c18598608cbb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?ec2-bot=20=F0=9F=A4=96?= Date: Thu, 20 Oct 2022 19:16:21 +0000 Subject: [PATCH] aws-node-termination-handler-2: 0.1.0 --- .../aws-node-termination-handler-2/Chart.yaml | 19 ++ .../aws-node-termination-handler-2/README.md | 65 +++++++ .../crds/node.k8s.aws_terminators.yaml | 171 ++++++++++++++++++ .../templates/_helpers.tpl | 65 +++++++ .../templates/clusterrole.yaml | 50 +++++ .../templates/clusterrole_binding.yaml | 20 ++ .../templates/configmap_logging.yaml | 19 ++ .../templates/deployment.yaml | 154 ++++++++++++++++ .../templates/role.yaml | 40 ++++ .../templates/role_binding.yaml | 19 ++ .../templates/secret_webhook_cert.yaml | 12 ++ .../templates/service.yaml | 28 +++ .../templates/serviceaccount.yaml | 18 ++ .../templates/webhooks.yaml | 49 +++++ .../values.yaml | 167 +++++++++++++++++ 15 files changed, 896 insertions(+) create mode 100644 stable/aws-node-termination-handler-2/Chart.yaml create mode 100644 stable/aws-node-termination-handler-2/README.md create mode 100644 stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/_helpers.tpl create mode 100644 stable/aws-node-termination-handler-2/templates/clusterrole.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/configmap_logging.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/deployment.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/role.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/role_binding.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/service.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/serviceaccount.yaml create mode 100644 stable/aws-node-termination-handler-2/templates/webhooks.yaml create mode 100644 stable/aws-node-termination-handler-2/values.yaml diff --git a/stable/aws-node-termination-handler-2/Chart.yaml b/stable/aws-node-termination-handler-2/Chart.yaml new file mode 100644 index 000000000..fc8e37020 --- /dev/null +++ b/stable/aws-node-termination-handler-2/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: aws-node-termination-handler-2 +description: A Helm chart for aws-node-termination-handler, an open-source component for gracefully handling termination events for node hosted in AWS. +type: application +version: "0.1.0" +appVersion: "2.0.0-alpha" +kubeVersion: ">=1.16-0" +keywords: + - aws + - ec2 + - ec2-spot + - eks + - node + - node-termination + - spot +home: https://github.com/aws/eks-charts +sources: + - https://github.com/aws/aws-node-termination-handler + - https://github.com/aws/eks-charts diff --git a/stable/aws-node-termination-handler-2/README.md b/stable/aws-node-termination-handler-2/README.md new file mode 100644 index 000000000..7b889b675 --- /dev/null +++ b/stable/aws-node-termination-handler-2/README.md @@ -0,0 +1,65 @@ +# AWS Node Termination Handler + +AWS Node Termination Handler Helm chart for Kubernetes. For more information on this project see the project repo at [github.com/aws/aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler). + +## Prerequisites + +- _Kubernetes_ >= 1.16 + +## Installing the Chart + +Before you can install the chart you will need to add the `eks` repo to [Helm](https://helm.sh/). + +```shell +helm repo add eks https://aws.github.io/eks-charts/ +``` + +### Configuration + +* `annotations` - Annotation names and values to add to objects in the Helm release. Default: `{}`. +* `aws.region` - AWS region name (e.g. "us-east-1") to use when making API calls. Default: `""`. +* `controller.env` - List of environment variables to set in the controller container. See [core/v1 Pod.spec.containers.env](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core) Default: `[]`. +* `controller.image` - Image repository for the controller. +* `controller.logLevel` - Override the global logging level for the controller container. Default: `""`. +* `controller.resources` - Resource requests and limits for controller container. See [core/v1 ResourceRequests](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core) for further information. Default: `{"requests":{"cpu": 1, "memory": "1Gi"}, "limits":{"cpu": 1, "memory": "1Gi"}}` +* `controller.securityContext` - Controller container security context configuration. See [core/v1 Pod.spec.securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core) for further information. Default: `{}`. +* `fullnameOverride` - Override the Helm release name. Name will be truncated if longer than 63 characters. Default is generated from the release name and chart name. +* `imagePullPolicy` - Policy for when to pull images. See [core/v1 Container.imagePullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core) for further information. Default: `"IfNotPresent"`. +* `imagePullSecrets` - List of secrets to use when pulling images. See [apps/v1 Deployment.spec.template.spec.imagePullSecrets](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) for further information. Default: `[]`. +* `labels` - Label names and values to add to objects in the Helm release. Default: `{}`. +* `logging.development` - Enable "debug mode" in logging module. May be useful during development. Default: `false`. +* `logging.disableCaller` - Disable annotating log messages with calling function's file name and line number. Default: `true`. +* `logging.disableStacktrace` - Disable stacktrace captures for all message levels. Default: `true`. +* `logging.encoding` - Logging module encoding mode. Possible values: `console`, `json`. Default: `console`. +* `logging.encoderConfig.callerKey` - Name of the caller field. Default: `"caller"`. +* `logging.encoderConfig.levelEncoder` - Level encoder name. Possible values: `capital`, `capitalColor`, `color`; otherwise the level name will be encoded as lowercase. Default: `"capital"`. +* `logging.encoderConfig.levelKey` - Name of the level field. Default: `"level"`. +* `logging.encoderConfig.messageKey` - Name of the message field. Default: `"message"`. +* `logging.encoderConfig.nameKey` - Name of the logger name field. Default: `"logger"`. +* `logging.encoderConfig.stacktraceKey` - Name of the stacktrace field. Default: `"stacktrace"`. +* `logging.encoderConfig.timeEncoder` - Time encoder name. Possible values: `iso8601`, `millis`, `nano`, `rfc3339`, `rfc3339nano`; otherwise the time will be encoded in epoch format. Default: `"iso8601"`. +* `logging.encoderConfig.timeKey` - Name of the time field. Default: `"time"`. +* `logging.errorOutputPaths` - List of paths to output internal errors from the logging module. Possible values: `stderr`, `stdout`; otherwise a valid file path. Default: `["stderr"]`. +* `logging.level` - Minimum message level to include in the log. Possible values: `debug`, `info`, `warn`, `error`, `panic`, `fatal`. Default: `info`. +* `logging.outputPaths` - List of additional output paths. Possible values: `stderr`, `stdout`; otherwise a valid file path. Default: `["stdout"]`. +* `logging.sampling.initial` - Limit of initial messages per second to accept. Default: `100`. +* `logging.sampling.thereafter` - Limit of messages per second to accept after initial phase. Default: `100`. +* `nameOverride` - Override the Helm chart name. Name will be truncated if longer than 63 characters. Default: `.Chart.Name`. +* `pod.annotations` - Annotation to apply to deployed pod. Default: `{}`. +* `pod.hostNetwork` - Request host network for pod. See [core/v1 Pod.spec.hostNetwork](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) for futher information. Default: `false`. +* `pod.labels` - Labels to apply to deployed pod. Default: `{}`. +* `pod.nodeSelector` - Node selector labels. Default: `{"kubernetes.io/os": "linux"}` +* `pod.priorityClassName` - Pod priority class. See [core/v1 Pod.spec.priorityClassName](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) for futher information. Default: `"system-cluster-critical"`. +* `pod.replicas` - Number of instances to create. Default: `1`. +* `pod.securityContext` - Pod security context configuration. See documentation for [core/v1 Pod.spec.securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core) for available properties. Default: `{"fsGroup": 1000}`. +* `pod.updateStrategy` - Deployment update strategy configuration. See documentation for [apps/v1 Deployment.spec.strategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#deploymentstrategy-v1-apps) for available properties. Default: `{"type": "Recreate"}`. +* `rbac.create` - Enable creation of RBAC objects. Helm release may fail is RBAC objects already exist. Default: `true`. +* `serviceAccount.annotations` - Annotation names and values to add to service account. Default: `{}`. +* `serviceAccount.create` - Enable creation of service account. Helm release may fail if service account already exists. Default: `true`. +* `serviceAccount.name` - Name of the service account. If `serviceAccount.create` is enabled then the default will be generated from the release name and chart name. If `serviceAccount.create` is disabled then the default is `"default"`. +* `webhook.env` - List of environment variables to set in the webhook container. See [core/v1 Pod.spec.containers.env](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core) Default: `[]`. +* `webhook.image` - Image repository for the webhook controller. +* `webhook.logLevel` - Override the global logging level for the webhook container. Default: `""`. +* `webhook.port` - List on port. Default: `8443`. +* `webhook.resources` - Resource requests and limits for webhook container. See [core/v1 ResourceRequests](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core) for further information. Default: `{"requests":{"cpu": 1, "memory": "1Gi"}, "limits":{"cpu": 1, "memory": "1Gi"}}` +* `webhook.securityContext` - Controller container security context configuration. See [core/v1 Pod.spec.securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core) for further information. Default: `{}`. diff --git a/stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml b/stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml new file mode 100644 index 000000000..95bb491e7 --- /dev/null +++ b/stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml @@ -0,0 +1,171 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 + creationTimestamp: null + name: terminators.node.k8s.aws +spec: + group: node.k8s.aws + names: + kind: Terminator + listKind: TerminatorList + plural: terminators + singular: terminator + categories: + - all + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Terminator is the Schema for the terminators API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TerminatorSpec defines the desired state of Terminator + type: object + properties: + matchLabels: + description: Action will only be taken if the target node has all the matching labels and values. + type: object + additionalProperties: + type: string + sqs: + description: AWS SQS queue configuration. + type: object + required: + - queueURL + properties: + queueURL: + description: | + The URL of the Amazon SQS queue from which messages are received. + + * Queue URLs and names are case-sensitive. + + * QueueURL is a required field + type: string + drain: + description: Configuration for the cordon and drain actions. + type: object + properties: + force: + description: Enable termination of pods without a controller. + type: boolean + default: true + gracePeriodSeconds: + description: Wait time for pods to terminate. If negative then the pod's configured gracetime will be used. + type: integer + default: -1 + ignoreAllDaemonSets: + description: Enable ignoring pods managed by a DaemonSet. + type: boolean + default: true + deleteEmptyDirData: + description: Enable termination of pods with local data that will be deleted. + type: boolean + default: true + timeoutSeconds: + description: Wait time before failing the action. If zero, then wait forever. + type: integer + default: 120 + events: + description: Specify what action should be taken when a particular message type is received. + type: object + properties: + autoScalingTermination: + type: string + enum: + - CordonAndDrain + - Cordon + - NoAction + default: CordonAndDrain + rebalanceRecommendation: + type: string + enum: + - CordonAndDrain + - Cordon + - NoAction + default: CordonAndDrain + scheduledChange: + type: string + enum: + - CordonAndDrain + - Cordon + - NoAction + default: CordonAndDrain + spotInterruption: + type: string + enum: + - CordonAndDrain + - Cordon + - NoAction + default: CordonAndDrain + stateChange: + type: string + enum: + - CordonAndDrain + - Cordon + - NoAction + default: CordonAndDrain + webhook: + description: Send notification of handled events. + type: object + properties: + url: + description: URL to send notifications. + type: string + proxyURL: + description: Proxy URL to use to send notifications. + type: string + headers: + description: HTTP headers to include when sending notifications. + type: array + items: + type: object + properties: + name: + description: Header name. + type: string + value: + description: Header value. + type: string + required: + - name + - value + default: + - name: "Content-Type" + value: "application/json" + template: + description: | + Used to generate the request payload. Template used to generate webhook request body. + The template may reference fields EventID, Kind, InstanceID, NodeName, and StartTime. + See https://pkg.go.dev/text/template documentation for template format examples and explanation. + type: string + default: '{"text":"[NTH][Instance Interruption] EventID: {{ .EventID }} - Kind: {{ .Kind }} - Instance: {{ .InstanceID }} - Node: {{ .NodeName }} - Start Time: {{ .StartTime }}"}' + status: + description: TerminatorStatus defines the observed state of Terminator + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/stable/aws-node-termination-handler-2/templates/_helpers.tpl b/stable/aws-node-termination-handler-2/templates/_helpers.tpl new file mode 100644 index 000000000..0b8b71feb --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/_helpers.tpl @@ -0,0 +1,65 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "aws-node-termination-handler.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "aws-node-termination-handler.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "aws-node-termination-handler.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "aws-node-termination-handler.labels" -}} +helm.sh/chart: {{ include "aws-node-termination-handler.chart" . | quote }} +{{ include "aws-node-termination-handler.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service | quote }} +{{- with .Values.labels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "aws-node-termination-handler.selectorLabels" -}} +app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . | quote }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "aws-node-termination-handler.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "aws-node-termination-handler.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/stable/aws-node-termination-handler-2/templates/clusterrole.yaml b/stable/aws-node-termination-handler-2/templates/clusterrole.yaml new file mode 100644 index 000000000..d84f4d8ed --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/clusterrole.yaml @@ -0,0 +1,50 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "aws-node-termination-handler.fullname" . }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +rules: + - apiGroups: ["node.k8s.aws"] + resources: ["terminators"] + verbs: ["get", "list", "watch"] + + - apiGroups: ["node.k8s.aws"] + resources: ["terminators/status"] + verbs: ["create", "delete", "patch", "get", "list", "watch"] + + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "patch", "update", "watch"] + + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + + - apiGroups: ["apps", "extensions"] + resources: ["daemonsets"] + verbs: ["get"] + + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] + + {{- if .Values.emitKubernetesEvents }} + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml b/stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml new file mode 100644 index 000000000..0cc179f5a --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "aws-node-termination-handler.fullname" . }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "aws-node-termination-handler.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "aws-node-termination-handler.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/configmap_logging.yaml b/stable/aws-node-termination-handler-2/templates/configmap_logging.yaml new file mode 100644 index 000000000..8608e7dbe --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/configmap_logging.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-logging + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +data: + zap-logger-config: {{ toJson .Values.logging | quote }} +{{- with .Values.controller.logLevel }} + loglevel.controller: {{ . | quote }} +{{- end }} +{{- with .Values.webhook.logLevel }} + loglevel.webhook: {{ . | quote }} +{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/deployment.yaml b/stable/aws-node-termination-handler-2/templates/deployment.yaml new file mode 100644 index 000000000..5369e4342 --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/deployment.yaml @@ -0,0 +1,154 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "aws-node-termination-handler.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +spec: + replicas: {{ .Values.pod.replicas }} + {{- with .Values.pod.updateStrategy }} + strategy: + {{- toYaml . | nindent 8 }} + {{- end }} + selector: + matchLabels: + {{- include "aws-node-termination-handler.selectorLabels" . | nindent 12 }} + template: + metadata: + labels: + {{- include "aws-node-termination-handler.selectorLabels" . | nindent 16 }} + {{- with .Values.pod.labels }} + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.pod.annotations }} + annotations: + {{- toYaml . | nindent 16 }} + {{- end }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 16 }} + {{- end }} + serviceAccountName: {{ include "aws-node-termination-handler.serviceAccountName" . }} + {{- with .Values.pod.securityContext }} + securityContext: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.pod.priorityClassName }} + priorityClassName: {{ . | quote }} + {{- end }} + {{- with .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . }} + {{- end }} + {{- if .Values.pod.hostNetwork }} + hostNetwork: true + {{- end }} + {{- with .Values.pod.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 16 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 16 }} + {{- end }} + containers: + - name: controller + image: {{ .Values.controller.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- with .Values.controller.securityContext }} + securityContext: + {{- toYaml . | nindent 22 }} + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.aws.region }} + - name: AWS_REGION + value: {{ . | quote}} + {{- end }} + {{- with .Values.controller.env }} + {{- toYaml . | nindent 22 }} + {{- end }} + ports: + - name: http-metrics + containerPort: 8080 + protocol: TCP + - name: http-probes + containerPort: 8081 + protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: http-probes + readinessProbe: + httpGet: + path: /readyz + port: http-probes + {{- with .Values.controller.resources }} + resources: + {{- toYaml . | nindent 22 }} + {{- end }} + - name: webhook + image: {{ .Values.webhook.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + {{- with .Values.webhook.securityContext }} + securityContext: + {{- toYaml . | nindent 22 }} + {{- end }} + env: + - name: SERVICE_PORT + value: {{ .Values.webhook.port | quote }} + - name: SERVICE_NAME + value: {{ include "aws-node-termination-handler.fullname" . }} + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.aws.region }} + - name: AWS_REGION + value: {{ . | quote}} + {{- end }} + {{- with .Values.webhook.env }} + {{- toYaml . | nindent 26 }} + {{- end }} + ports: + - name: https-webhook + containerPort: {{ .Values.webhook.port }} + protocol: TCP + livenessProbe: + httpGet: + port: https-webhook + scheme: HTTPS + path: /healthz + readinessProbe: + httpGet: + port: https-webhook + scheme: HTTPS + path: /readyz + {{- with .Values.webhook.resources }} + resources: + {{- toYaml . | nindent 22 }} + {{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/role.yaml b/stable/aws-node-termination-handler-2/templates/role.yaml new file mode 100644 index 000000000..9384be97c --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/role.yaml @@ -0,0 +1,40 @@ +{{- if .Values.rbac.create -}} +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "aws-node-termination-handler.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "delete", "get", "list", "patch", "watch", "update"] + + - apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch"] + + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch"] + + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + + - apiGroups: [""] + resources: ["secrets"] + resourceNames: ["{{ include "aws-node-termination-handler.fullname" . }}-cert"] + verbs: ["get", "list", "watch", "update"] + + - apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["create", "get", "patch", "update", "watch"] + +{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/role_binding.yaml b/stable/aws-node-termination-handler-2/templates/role_binding.yaml new file mode 100644 index 000000000..24ffbf062 --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/role_binding.yaml @@ -0,0 +1,19 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "aws-node-termination-handler.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "aws-node-termination-handler.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "aws-node-termination-handler.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml b/stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml new file mode 100644 index 000000000..da7a9253c --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "aws-node-termination-handler.fullname" . }}-cert + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +data: {} # Injected by webhook diff --git a/stable/aws-node-termination-handler-2/templates/service.yaml b/stable/aws-node-termination-handler-2/templates/service.yaml new file mode 100644 index 000000000..7089aa08a --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/service.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "aws-node-termination-handler.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} +spec: + type: ClusterIP + selector: + {{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }} + ports: + - name: http-metrics + port: 8080 + protocol: TCP + targetPort: http-metrics + - name: http-probes + port: 8081 + protocol: TCP + targetPort: http-probes + - name: https-webhook + port: 443 + protocol: TCP + targetPort: https-webhook diff --git a/stable/aws-node-termination-handler-2/templates/serviceaccount.yaml b/stable/aws-node-termination-handler-2/templates/serviceaccount.yaml new file mode 100644 index 000000000..277d755bb --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "aws-node-termination-handler.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- if (or .Values.annotations .Values.serviceAccount.annotations "") }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/webhooks.yaml b/stable/aws-node-termination-handler-2/templates/webhooks.yaml new file mode 100644 index 000000000..db41d3e84 --- /dev/null +++ b/stable/aws-node-termination-handler-2/templates/webhooks.yaml @@ -0,0 +1,49 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: defaulting.webhook.terminators.k8s.aws + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} +webhooks: + - name: defaulting.webhook.terminators.k8s.aws + admissionReviewVersions: ["v1"] + clientConfig: + service: + name: {{ include "aws-node-termination-handler.fullname" . }} + namespace: {{ .Release.Namespace }} + failurePolicy: Fail + sideEffects: None + rules: + - apiGroups: ["k8s.aws"] + apiVersions: ["v1alpha1"] + resources: ["terminators", "terminators/status"] + operations: ["CREATE", "UPDATE"] +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.terminators.k8s.aws + namespace: {{ .Release.Namespace }} + labels: + {{- include "aws-node-termination-handler.labels" . | nindent 8 }} + {{- with .Values.annotations }} + {{- toYaml . | nindent 8 }} + {{- end }} +webhooks: + - name: validation.webhook.terminators.k8s.aws + admissionReviewVersions: ["v1"] + clientConfig: + service: + name: {{ include "aws-node-termination-handler.fullname" . }} + namespace: {{ .Release.Namespace }} + failurePolicy: Fail + sideEffects: None + rules: + - apiGroups: ["k8s.aws"] + apiVersions: ["v1alpha1"] + resources: ["terminators", "terminators/status"] + operations: ["CREATE", "DELETE", "UPDATE"] \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/values.yaml b/stable/aws-node-termination-handler-2/values.yaml new file mode 100644 index 000000000..b2872f919 --- /dev/null +++ b/stable/aws-node-termination-handler-2/values.yaml @@ -0,0 +1,167 @@ +# Annotation names and values to add to objects in the Helm release. +annotations: {} + +aws: + # AWS region name (e.g. "us-east-1") to use when making API calls. + region: "" + +controller: + # Environment variables. + env: [] + # Example: + # - name: AWS_REGION + # . value: eu-west-1 + + # Image to deploy. + image: "public.ecr.aws/aws-ec2/aws-node-termination-handler-2/controller:v2.0.0-alpha" + + # Override global logging level. + logLevel: "" + + # Additional security context configuration for the controller pod. + securityContext: {} + + # Resources for the controller pod. + resources: + requests: + cpu: 1 + memory: 1Gi + limits: + cpu: 1 + memory: 1Gi + +# Override the Helm release name. Name will be truncated if longer than 63 characters. +fullnameOverride: "" + +# Policy on when to pull image. +# See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core +imagePullPolicy: IfNotPresent + +# Secrets for accessing image. +# See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core +imagePullSecrets: [] + +# Label names and values to add to objects in the Helm release. +labels: {} + +# Global logging configuration. +logging: + # Enable "debug mode" in logging module. May be useful during development. + development: false + # Disable annotating log messages with calling function's file name and line number. + disableCaller: true + # Disable stacktrace captures for all message levels. + disableStacktrace: true + # Logging module encoding mode. Possible values: `console`, `json`. + encoding: console + encoderConfig: + # Name of the caller field. + callerKey: caller + # Level encoder name. Possible values: `capital`, `capitalColor`, `color`; otherwise the level name + # will be encoded as lowercase. + levelEncoder: capital + # Name of the level field. + levelKey: level + # Name of the message field. + messageKey: message + # Name of the name field. + nameKey: logger + # Name of the stacktrace field. + stacktraceKey: stacktrace + # Time encoder name. Possible values: `iso8601`, `millis`, `nano`, `rfc3339`, `rfc3339nano`; + # otherwise the time will be encoded in epoch format. + timeEncoder: iso8601 + # Name of the time field. + timeKey: time + # List of paths to output internal errors from the logging module. Possible values: `stderr`, `stdout`; + # otherwise a valid file path. + errorOutputPaths: + - stderr + # Minimum message level to include in the log. Possible values: `debug`, `info`, `warn`, `error`, `panic`, + # `fatal`. + level: info + # List of additional output paths. Possible values: `stderr`, `stdout`; otherwise a valid file path. + outputPaths: + - stdout + sampling: + # Limit of initial messages per second to accept. + initial: 100 + # Limit of messages per second to accept after initial phase. + thereafter: 100 + +# Override the Helm chart name. Name will be truncated if longer than 63 characters. +nameOverride: "" + +pod: + # Annotations to apply to deployed pods. + annotations: {} + + # Request host network for pod. + hostNetwork: false + + # Labels to apply to deployed pods. + labels: {} + + # Node selector labels. + nodeSelector: + kubernetes.io/os: linux + + # Pod priority class. + # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core + priorityClassName: "system-cluster-critical" + + # Number of instances to create. + replicas: 1 + + # Pod security group configuration. + # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core + securityContext: + fsGroup: 1000 + + # Deployment update strategy configuration. + # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#deploymentstrategy-v1-apps + updateStrategy: + type: Recreate + +rbac: + # Create the RBAC objects. May fail if RBAC objects already exist. + create: true + +serviceAccount: + # Create the service account. May fail if service account already exists. + create: true + + # Name of service account. If empty then a name will be generated. + name: "" + + # Annotations to add to the service account. + annotations: {} + # "eks.amazonaws.com/role-arn": + +webhook: + # Environment variables. + env: [] + # Example: + # - name: AWS_REGION + # . value: eu-west-1 + + # Image to deploy. + image: "public.ecr.aws/aws-ec2/aws-node-termination-handler-2/webhook:v2.0.0-alpha" + + # Override global logging level. + logLevel: "" + + # Listen on port. + port: 8443 + + # Resources for the webhook pod. + resources: + requests: + cpu: 100m + memory: 50Mi + limits: + cpu: 100m + memory: 50Mi + + # Additional security context configuration for the webhook pod. + securityContext: {}