219 lines
8.5 KiB
YAML
219 lines
8.5 KiB
YAML
|
{{- if .Values.enableSqsTerminationDraining }}
|
||
|
apiVersion: apps/v1
|
||
|
kind: Deployment
|
||
|
metadata:
|
||
|
name: {{ include "aws-node-termination-handler.fullname" . }}
|
||
|
namespace: {{ .Release.Namespace }}
|
||
|
labels:
|
||
|
{{- include "aws-node-termination-handler.labels" . | nindent 4 }}
|
||
|
spec:
|
||
|
replicas: {{ .Values.replicas }}
|
||
|
selector:
|
||
|
matchLabels:
|
||
|
{{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }}
|
||
|
{{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
|
||
|
template:
|
||
|
metadata:
|
||
|
annotations:
|
||
|
{{- range $key, $value := .Values.podAnnotations }}
|
||
|
{{ $key }}: {{ $value | quote }}
|
||
|
{{- end }}
|
||
|
labels:
|
||
|
{{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }}
|
||
|
k8s-app: aws-node-termination-handler
|
||
|
{{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
|
||
|
{{- range $key, $value := .Values.podLabels }}
|
||
|
{{ $key }}: {{ $value | quote }}
|
||
|
{{- end }}
|
||
|
spec:
|
||
|
volumes:
|
||
|
{{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}
|
||
|
- name: "webhook-template"
|
||
|
configMap:
|
||
|
name: {{ .Values.webhookTemplateConfigMapName }}
|
||
|
{{- end }}
|
||
|
- name: aws-token
|
||
|
projected:
|
||
|
sources:
|
||
|
- serviceAccountToken:
|
||
|
path: token
|
||
|
expirationSeconds: 86400
|
||
|
audience: "sts.amazonaws.com"
|
||
|
priorityClassName: {{ .Values.priorityClassName | quote }}
|
||
|
affinity:
|
||
|
nodeAffinity:
|
||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||
|
nodeSelectorTerms:
|
||
|
- matchExpressions:
|
||
|
- key: {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . | quote }}
|
||
|
operator: In
|
||
|
values:
|
||
|
- linux
|
||
|
- key: {{ include "aws-node-termination-handler.nodeSelectorTermsArch" . | quote }}
|
||
|
operator: In
|
||
|
values:
|
||
|
- amd64
|
||
|
- arm64
|
||
|
- arm
|
||
|
{{- with .Values.affinity }}
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
serviceAccountName: {{ template "aws-node-termination-handler.serviceAccountName" . }}
|
||
|
hostNetwork: false
|
||
|
dnsPolicy: {{ .Values.dnsPolicy | quote }}
|
||
|
securityContext:
|
||
|
fsGroup: {{ .Values.securityContext.runAsGroupID }}
|
||
|
containers:
|
||
|
- name: {{ include "aws-node-termination-handler.name" . }}
|
||
|
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
|
||
|
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||
|
securityContext:
|
||
|
readOnlyRootFilesystem: true
|
||
|
runAsNonRoot: true
|
||
|
runAsUser: {{ .Values.securityContext.runAsUserID }}
|
||
|
runAsGroup: {{ .Values.securityContext.runAsGroupID }}
|
||
|
allowPrivilegeEscalation: false
|
||
|
volumeMounts:
|
||
|
{{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}
|
||
|
- name: "webhook-template"
|
||
|
mountPath: "/config/"
|
||
|
{{- end }}
|
||
|
- name: aws-token
|
||
|
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
|
||
|
readOnly: true
|
||
|
env:
|
||
|
- name: NODE_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: spec.nodeName
|
||
|
- name: POD_NAME
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.name
|
||
|
- name: NAMESPACE
|
||
|
valueFrom:
|
||
|
fieldRef:
|
||
|
fieldPath: metadata.namespace
|
||
|
- name: DELETE_LOCAL_DATA
|
||
|
value: {{ .Values.deleteLocalData | quote }}
|
||
|
- name: IGNORE_DAEMON_SETS
|
||
|
value: {{ .Values.ignoreDaemonSets | quote }}
|
||
|
- name: POD_TERMINATION_GRACE_PERIOD
|
||
|
value: {{ .Values.podTerminationGracePeriod | quote }}
|
||
|
- name: INSTANCE_METADATA_URL
|
||
|
value: {{ .Values.instanceMetadataURL | quote }}
|
||
|
- name: NODE_TERMINATION_GRACE_PERIOD
|
||
|
value: {{ .Values.nodeTerminationGracePeriod | quote }}
|
||
|
- name: WEBHOOK_URL
|
||
|
{{- if .Values.webhookURLSecretName }}
|
||
|
valueFrom:
|
||
|
secretKeyRef:
|
||
|
name: {{ .Values.webhookURLSecretName }}
|
||
|
key: webhookurl
|
||
|
{{- else }}
|
||
|
value: {{ .Values.webhookURL | quote }}
|
||
|
{{- end }}
|
||
|
- name: WEBHOOK_HEADERS
|
||
|
value: {{ .Values.webhookHeaders | quote }}
|
||
|
{{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}
|
||
|
- name: WEBHOOK_TEMPLATE_FILE
|
||
|
value: {{ print "/config/" .Values.webhookTemplateConfigMapKey | quote }}
|
||
|
{{- end }}
|
||
|
- name: WEBHOOK_TEMPLATE
|
||
|
value: {{ .Values.webhookTemplate | quote }}
|
||
|
- name: DRY_RUN
|
||
|
value: {{ .Values.dryRun | quote }}
|
||
|
- name: METADATA_TRIES
|
||
|
value: {{ .Values.metadataTries | quote }}
|
||
|
- name: CORDON_ONLY
|
||
|
value: {{ .Values.cordonOnly | quote }}
|
||
|
- name: TAINT_NODE
|
||
|
value: {{ .Values.taintNode | quote }}
|
||
|
- name: JSON_LOGGING
|
||
|
value: {{ .Values.jsonLogging | quote }}
|
||
|
- name: LOG_LEVEL
|
||
|
value: {{ .Values.logLevel | quote }}
|
||
|
- name: WEBHOOK_PROXY
|
||
|
value: {{ .Values.webhookProxy | quote }}
|
||
|
- name: ENABLE_PROMETHEUS_SERVER
|
||
|
value: {{ .Values.enablePrometheusServer | quote }}
|
||
|
- name: ENABLE_PROBES_SERVER
|
||
|
value: {{ .Values.enableProbesServer | quote }}
|
||
|
- name: ENABLE_SPOT_INTERRUPTION_DRAINING
|
||
|
value: "false"
|
||
|
- name: ENABLE_SCHEDULED_EVENT_DRAINING
|
||
|
value: "false"
|
||
|
- name: ENABLE_REBALANCE_MONITORING
|
||
|
value: "false"
|
||
|
- name: ENABLE_REBALANCE_DRAINING
|
||
|
value: "false"
|
||
|
- name: ENABLE_SQS_TERMINATION_DRAINING
|
||
|
value: "true"
|
||
|
- name: QUEUE_URL
|
||
|
value: {{ .Values.queueURL | quote }}
|
||
|
- name: PROMETHEUS_SERVER_PORT
|
||
|
value: {{ .Values.prometheusServerPort | quote }}
|
||
|
- name: PROBES_SERVER_PORT
|
||
|
value: {{ .Values.probesServerPort | quote }}
|
||
|
- name: PROBES_SERVER_ENDPOINT
|
||
|
value: {{ .Values.probesServerEndpoint | quote }}
|
||
|
- name: AWS_REGION
|
||
|
value: {{ .Values.awsRegion | quote }}
|
||
|
- name: AWS_ENDPOINT
|
||
|
value: {{ .Values.awsEndpoint | quote }}
|
||
|
{{- if .Values.awsSecretAccessKey }}
|
||
|
- name: AWS_SECRET_ACCESS_KEY
|
||
|
value: {{ .Values.awsSecretAccessKey | quote }}
|
||
|
- name: AWS_ACCESS_KEY_ID
|
||
|
value: {{ .Values.awsAccessKeyID | quote }}
|
||
|
{{- end }}
|
||
|
- name: CHECK_ASG_TAG_BEFORE_DRAINING
|
||
|
value: {{ .Values.checkASGTagBeforeDraining | quote }}
|
||
|
- name: MANAGED_ASG_TAG
|
||
|
value: {{ .Values.managedAsgTag | quote }}
|
||
|
- name: WORKERS
|
||
|
value: {{ .Values.workers | quote }}
|
||
|
- name: EMIT_KUBERNETES_EVENTS
|
||
|
value: {{ .Values.emitKubernetesEvents | quote }}
|
||
|
- name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS
|
||
|
value: {{ .Values.kubernetesEventsExtraAnnotations | quote }}
|
||
|
{{- range $key, $value := .Values.extraEnv }}
|
||
|
- name: {{ $key }}
|
||
|
value: {{ $value | quote }}
|
||
|
{{- end }}
|
||
|
resources:
|
||
|
{{- toYaml .Values.resources | nindent 12 }}
|
||
|
{{- if or .Values.enablePrometheusServer .Values.enableProbesServer }}
|
||
|
ports:
|
||
|
{{- end }}
|
||
|
{{- if .Values.enablePrometheusServer }}
|
||
|
- containerPort: {{ .Values.prometheusServerPort }}
|
||
|
name: http-metrics
|
||
|
protocol: TCP
|
||
|
{{- end }}
|
||
|
{{- if .Values.enableProbesServer }}
|
||
|
- containerPort: {{ .Values.probesServerPort }}
|
||
|
name: liveness-probe
|
||
|
protocol: TCP
|
||
|
{{- end }}
|
||
|
{{- if .Values.enableProbesServer }}
|
||
|
livenessProbe:
|
||
|
{{- toYaml .Values.probes | nindent 12 }}
|
||
|
{{- end }}
|
||
|
nodeSelector:
|
||
|
{{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
|
||
|
{{- with .Values.nodeSelector }}
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- if .Values.image.pullSecrets }}
|
||
|
imagePullSecrets:
|
||
|
{{- range .Values.image.pullSecrets }}
|
||
|
- name: {{ . }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|
||
|
{{- with .Values.tolerations }}
|
||
|
tolerations:
|
||
|
{{- toYaml . | nindent 8 }}
|
||
|
{{- end }}
|
||
|
{{- end }}
|