299 lines
10 KiB
YAML
299 lines
10 KiB
YAML
# Default values for aws-node-termination-handler.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
image:
|
|
repository: public.ecr.aws/aws-ec2/aws-node-termination-handler
|
|
# Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }}
|
|
tag: ""
|
|
pullPolicy: IfNotPresent
|
|
pullSecrets: []
|
|
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# The name of the service account to use. If namenot set and create is true, a name is generated using fullname template
|
|
name:
|
|
annotations: {}
|
|
# eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME
|
|
|
|
rbac:
|
|
# Specifies whether RBAC resources should be created
|
|
create: true
|
|
# Specifies if PodSecurityPolicy resources should be created. PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later.
|
|
pspEnabled: true
|
|
|
|
customLabels: {}
|
|
|
|
podLabels: {}
|
|
|
|
podAnnotations: {}
|
|
|
|
podSecurityContext:
|
|
fsGroup: 1000
|
|
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
allowPrivilegeEscalation: false
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
|
|
terminationGracePeriodSeconds:
|
|
|
|
resources: {}
|
|
|
|
nodeSelector: {}
|
|
|
|
affinity: {}
|
|
|
|
tolerations: []
|
|
|
|
# Extra environment variables
|
|
extraEnv: []
|
|
|
|
# Liveness probe settings
|
|
probes:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8080
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 5
|
|
|
|
# Set the log level
|
|
logLevel: info
|
|
|
|
# Set the log format version
|
|
logFormatVersion: 1
|
|
|
|
# Log messages in JSON format
|
|
jsonLogging: false
|
|
|
|
enablePrometheusServer: false
|
|
prometheusServerPort: 9092
|
|
|
|
# dryRun tells node-termination-handler to only log calls to kubernetes control plane
|
|
dryRun: false
|
|
|
|
# Cordon but do not drain nodes upon spot interruption termination notice.
|
|
cordonOnly: false
|
|
|
|
# Taint node upon spot interruption termination notice.
|
|
taintNode: false
|
|
|
|
# Exclude node from load balancer before cordoning via the ServiceNodeExclusion feature gate.
|
|
excludeFromLoadBalancers: false
|
|
|
|
# deleteLocalData tells kubectl to continue even if there are pods using
|
|
# emptyDir (local data that will be deleted when the node is drained).
|
|
deleteLocalData: true
|
|
|
|
# ignoreDaemonSets causes kubectl to skip Daemon Set managed pods.
|
|
ignoreDaemonSets: true
|
|
|
|
# podTerminationGracePeriod is time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used.
|
|
podTerminationGracePeriod: -1
|
|
|
|
# nodeTerminationGracePeriod specifies the period of time in seconds given to each NODE to terminate gracefully. Node draining will be scheduled based on this value to optimize the amount of compute time, but still safely drain the node before an event.
|
|
nodeTerminationGracePeriod: 120
|
|
|
|
# emitKubernetesEvents If true, Kubernetes events will be emitted when interruption events are received and when actions are taken on Kubernetes nodes. In IMDS Processor mode a default set of annotations with all the node metadata gathered from IMDS will be attached to each event
|
|
emitKubernetesEvents: false
|
|
|
|
# completeLifecycleActionDelaySeconds will pause for the configured duration after draining the node before completing the EC2 Autoscaling lifecycle action. This may be helpful if Pods on the node have Persistent Volume Claims.
|
|
completeLifecycleActionDelaySeconds: -1
|
|
|
|
# kubernetesEventsExtraAnnotations A comma-separated list of key=value extra annotations to attach to all emitted Kubernetes events
|
|
# Example: "first=annotation,sample.annotation/number=two"
|
|
kubernetesEventsExtraAnnotations: ""
|
|
|
|
# webhookURL if specified, posts event data to URL upon instance interruption action.
|
|
webhookURL: ""
|
|
|
|
# Webhook URL will be fetched from the secret store using the given name.
|
|
webhookURLSecretName: ""
|
|
|
|
# webhookHeaders if specified, replaces the default webhook headers.
|
|
webhookHeaders: ""
|
|
|
|
# webhookProxy if specified, uses this HTTP(S) proxy configuration.
|
|
webhookProxy: ""
|
|
|
|
# webhookTemplate if specified, replaces the default webhook message template.
|
|
webhookTemplate: ""
|
|
|
|
# webhook template file will be fetched from given config map name
|
|
# if specified, replaces the default webhook message with the content of the template file
|
|
webhookTemplateConfigMapName: ""
|
|
|
|
# template file name stored in configmap
|
|
webhookTemplateConfigMapKey: ""
|
|
|
|
# enableSqsTerminationDraining If true, this turns on queue-processor mode which drains nodes when an SQS termination event is received
|
|
enableSqsTerminationDraining: false
|
|
|
|
# ---------------------------------------------------------------------------------------------------------------------
|
|
# Queue Processor Mode
|
|
# ---------------------------------------------------------------------------------------------------------------------
|
|
|
|
# The number of replicas in the NTH deployment when using queue-processor mode (NOTE: increasing this may cause duplicate webhooks since NTH pods are stateless)
|
|
replicas: 1
|
|
|
|
# Specify the update strategy for the deployment
|
|
strategy: {}
|
|
|
|
# podDisruptionBudget specifies the disruption budget for the controller pods.
|
|
# Disruption budget will be configured only when the replicaCount is greater than 1
|
|
podDisruptionBudget: {}
|
|
# maxUnavailable: 1
|
|
|
|
serviceMonitor:
|
|
# Specifies whether ServiceMonitor should be created
|
|
# this needs enableSqsTerminationDraining: true
|
|
# and enablePrometheusServer: true
|
|
create: false
|
|
# Specifies whether the ServiceMonitor should be created in a different namespace than
|
|
# the Helm release
|
|
namespace:
|
|
# Additional labels to add to the metadata
|
|
labels: {}
|
|
# The Prometheus scrape interval
|
|
interval: 30s
|
|
# The number of scraped samples that will be accepted
|
|
sampleLimit: 5000
|
|
|
|
priorityClassName: system-cluster-critical
|
|
|
|
# If specified, use the AWS region for AWS API calls
|
|
awsRegion: ""
|
|
|
|
# Listens for messages on the specified SQS queue URL
|
|
queueURL: ""
|
|
|
|
# The maximum amount of parallel event processors to handle concurrent events
|
|
workers: 10
|
|
|
|
# [DEPRECATED] Use checkTagBeforeDraining instead
|
|
checkASGTagBeforeDraining: true
|
|
|
|
# If true, check that the instance is tagged with "aws-node-termination-handler/managed" as the key before draining the node
|
|
checkTagBeforeDraining: true
|
|
|
|
# [DEPRECATED] Use managedTag instead
|
|
managedAsgTag: "aws-node-termination-handler/managed"
|
|
|
|
# The tag to ensure is on a node if checkTagBeforeDraining is true
|
|
managedTag: "aws-node-termination-handler/managed"
|
|
|
|
# If true, fetch node name through Kubernetes node spec ProviderID instead of AWS event PrivateDnsHostname.
|
|
useProviderId: false
|
|
|
|
# ---------------------------------------------------------------------------------------------------------------------
|
|
# IMDS Mode
|
|
# ---------------------------------------------------------------------------------------------------------------------
|
|
|
|
# Create node OS specific daemonset(s). (e.g. "linux", "windows", "linux windows")
|
|
targetNodeOs: linux
|
|
|
|
linuxPodLabels: {}
|
|
windowsPodLabels: {}
|
|
|
|
linuxPodAnnotations: {}
|
|
windowsPodAnnotations: {}
|
|
|
|
# K8s DaemonSet update strategy.
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxUnavailable: 25%
|
|
|
|
daemonsetPriorityClassName: system-node-critical
|
|
|
|
podMonitor:
|
|
# Specifies whether PodMonitor should be created
|
|
# this needs enableSqsTerminationDraining: false
|
|
# and enablePrometheusServer: true
|
|
create: false
|
|
# Specifies whether the PodMonitor should be created in a different namespace than
|
|
# the Helm release
|
|
namespace:
|
|
# Additional labels to add to the metadata
|
|
labels: {}
|
|
# The Prometheus scrape interval
|
|
interval: 30s
|
|
# The number of scraped samples that will be accepted
|
|
sampleLimit: 5000
|
|
|
|
# Determines if NTH uses host networking for Linux when running the DaemonSet (only IMDS mode; queue-processor never runs with host networking)
|
|
# If you have disabled IMDSv1 and are relying on IMDSv2, you'll need to increase the IP hop count to 2 before switching this to false
|
|
# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
|
|
useHostNetwork: true
|
|
|
|
# Daemonset DNS policy
|
|
dnsPolicy: ""
|
|
dnsConfig: {}
|
|
linuxDnsPolicy: ClusterFirstWithHostNet
|
|
windowsDnsPolicy: ClusterFirst
|
|
|
|
daemonsetNodeSelector: {}
|
|
linuxNodeSelector: {}
|
|
windowsNodeSelector: {}
|
|
|
|
daemonsetAffinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: "eks.amazonaws.com/compute-type"
|
|
operator: NotIn
|
|
values:
|
|
- fargate
|
|
linuxAffinity: {}
|
|
windowsAffinity: {}
|
|
|
|
daemonsetTolerations:
|
|
- operator: Exists
|
|
linuxTolerations: []
|
|
windowsTolerations: []
|
|
|
|
# If the probes server is running.
|
|
enableProbesServer: false
|
|
|
|
# Total number of times to try making the metadata request before failing.
|
|
metadataTries: 3
|
|
|
|
# enableSpotInterruptionDraining If false, do not drain nodes when the spot interruption termination notice is received. Only used in IMDS mode.
|
|
enableSpotInterruptionDraining: true
|
|
|
|
# enableScheduledEventDraining If false, do not drain nodes before the maintenance window starts for an EC2 instance scheduled event. Only used in IMDS mode.
|
|
enableScheduledEventDraining: true
|
|
|
|
# enableRebalanceMonitoring If true, cordon nodes when the rebalance recommendation notice is received. Only used in IMDS mode.
|
|
enableRebalanceMonitoring: false
|
|
|
|
# enableRebalanceDraining If true, drain nodes when the rebalance recommendation notice is received. Only used in IMDS mode.
|
|
enableRebalanceDraining: false
|
|
|
|
# deleteSqsMsgIfNodeNotFound If true, delete the SQS Message from the SQS Queue if the targeted node(s) are not found. Only used in Queue Processor mode.
|
|
deleteSqsMsgIfNodeNotFound: false
|
|
|
|
# ---------------------------------------------------------------------------------------------------------------------
|
|
# Testing
|
|
# ---------------------------------------------------------------------------------------------------------------------
|
|
|
|
# (TESTING USE): If specified, use the provided AWS endpoint to make API calls.
|
|
awsEndpoint: ""
|
|
|
|
# (TESTING USE): These should only be used for testing w/ localstack!
|
|
awsAccessKeyID:
|
|
awsSecretAccessKey:
|
|
|
|
# (TESTING USE): Override the default metadata URL (default: http://169.254.169.254:80)
|
|
instanceMetadataURL: ""
|
|
|
|
# (TESTING USE): Mount path for uptime file
|
|
procUptimeFile: /proc/uptime
|