KubeZero/charts/kubezero-addons
2022-02-01 11:17:11 +01:00
..
charts/aws-node-termination-handler feat: update aws-node-termination handler chart, first version of forseti 2022-01-28 17:22:12 +01:00
templates chore: reduce forseti log level 2022-02-01 11:17:11 +01:00
Chart.yaml chore: reduce forseti log level 2022-02-01 11:17:11 +01:00
nth.patch feat: update aws-node-termination handler chart, first version of forseti 2022-01-28 17:22:12 +01:00
README.md chore: reduce forseti log level 2022-02-01 11:17:11 +01:00
README.md.gotmpl feat: migrate device-plugins and k8s-ecr-login-renew into kubezero-addons 2021-09-02 19:36:11 +02:00
update.sh feat: update aws-node-termination handler chart, first version of forseti 2022-01-28 17:22:12 +01:00
values.yaml feat: update aws-node-termination handler chart, first version of forseti 2022-01-28 17:22:12 +01:00

kubezero-addons

Version: 0.4.1 Type: application

KubeZero umbrella chart for various optional cluster addons

Homepage: https://kubezero.com

Maintainers

Name Email Url
Stefan Reimer stefan@zero-downtime.net

Requirements

Kubernetes: >= 1.20.0

Repository Name Version
aws-node-termination-handler 0.16.0

MetalLB

device-plugins

k8s-ecr-login-renew

IAM setup

  • Create IAM user for ECR read-only access and attach the following managed policy: AmazonEC2ContainerRegistryReadOnly
  • create AWS credentials for the IAM users

Kubernetes secret

Create secret with the IAM user credential for ecr-renew to use, using the credentials from the previous step:
kubectl create secret -n kube-system generic ecr-renew-cred --from-literal=AWS_REGION=<AWS_REGION> --from-literal=AWS_ACCESS_KEY_ID=<AWS_SECRET_ID> --from-literal=AWS_SECRET_ACCESS_KEY=<AWS_SECRET_KEY>

Resources

Values

Key Type Default Description
aws-node-termination-handler.deleteLocalData bool true
aws-node-termination-handler.emitKubernetesEvents bool true
aws-node-termination-handler.enableProbesServer bool true
aws-node-termination-handler.enablePrometheusServer bool false
aws-node-termination-handler.enableSqsTerminationDraining bool true
aws-node-termination-handler.enabled bool false
aws-node-termination-handler.extraEnv[0] object {"name":"AWS_ROLE_ARN","value":""} "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.awsNth"
aws-node-termination-handler.extraEnv[1].name string "AWS_WEB_IDENTITY_TOKEN_FILE"
aws-node-termination-handler.extraEnv[1].value string "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
aws-node-termination-handler.extraEnv[2].name string "AWS_STS_REGIONAL_ENDPOINTS"
aws-node-termination-handler.extraEnv[2].value string "regional"
aws-node-termination-handler.fullnameOverride string "aws-node-termination-handler"
aws-node-termination-handler.ignoreDaemonSets bool true
aws-node-termination-handler.jsonLogging bool true
aws-node-termination-handler.managedAsgTag string "aws-node-termination-handler/managed" "aws-node-termination-handler/${ClusterName}"
aws-node-termination-handler.metadataTries int 0
aws-node-termination-handler.nodeSelector."node-role.kubernetes.io/control-plane" string ""
aws-node-termination-handler.podMonitor.create bool false
aws-node-termination-handler.queueURL string "" https://sqs.${AWS::Region}.amazonaws.com/${AWS::AccountId}/${ClusterName}_Nth
aws-node-termination-handler.rbac.pspEnabled bool false
aws-node-termination-handler.taintNode bool true
aws-node-termination-handler.tolerations[0].effect string "NoSchedule"
aws-node-termination-handler.tolerations[0].key string "node-role.kubernetes.io/master"
clusterBackup.enabled bool false
clusterBackup.extraEnv list []
clusterBackup.image.name string "public.ecr.aws/zero-downtime/kubezero-admin"
clusterBackup.image.tag string "v1.21.9"
clusterBackup.password string ""
clusterBackup.repository string ""
forseti.aws.iamRoleArn string "" "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.kubezeroForseti"
forseti.aws.region string ""
forseti.enabled bool false
forseti.image.name string "public.ecr.aws/zero-downtime/forseti"
forseti.image.tag string "v0.1.2"
fuseDevicePlugin.enabled bool false
k8sEcrLoginRenew.enabled bool false