kubezero/charts/kubezero-addons/charts/aws-node-termination-handler/templates/deployment.yaml

{{- if .Values.enableSqsTerminationDraining }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ include "aws-node-termination-handler.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
spec:
  replicas: {{ .Values.replicas }}
  selector:
    matchLabels:
      {{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }}
      {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
  template:
    metadata:
      annotations:
      {{- range $key, $value := .Values.podAnnotations }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
      labels:
        {{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }}
        k8s-app: aws-node-termination-handler
        {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
      {{- range $key, $value := .Values.podLabels }}
        {{ $key }}: {{ $value | quote }}
      {{- end }}
    spec:
      volumes:
        {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}
        - name: "webhook-template"
          configMap:
            name: {{ .Values.webhookTemplateConfigMapName }}
        {{- end }}
        - name: aws-token
          projected:
            sources:
            - serviceAccountToken:
                path: token
                expirationSeconds: 86400
                audience: "sts.amazonaws.com"
      priorityClassName: {{ .Values.priorityClassName | quote }}
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                - key: {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . | quote }}
                  operator: In
                  values:
                    - linux
                - key: {{ include "aws-node-termination-handler.nodeSelectorTermsArch" . | quote }}
                  operator: In
                  values:
                    - amd64
                    - arm64
                    - arm
        {{- with .Values.affinity }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      serviceAccountName: {{ template "aws-node-termination-handler.serviceAccountName" . }}
      hostNetwork: false
      dnsPolicy: {{ .Values.dnsPolicy | quote }}
      securityContext:
        fsGroup: {{ .Values.securityContext.runAsGroupID }}
      containers:
        - name: {{ include "aws-node-termination-handler.name" . }}
          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          securityContext:
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: {{ .Values.securityContext.runAsUserID }}
            runAsGroup: {{ .Values.securityContext.runAsGroupID }}
            allowPrivilegeEscalation: false
          volumeMounts:
            {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}
            - name: "webhook-template"
              mountPath: "/config/"
            {{- end }}
            - name: aws-token
              mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
              readOnly: true
          env:
          - name: NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
          - name: POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: DELETE_LOCAL_DATA
            value: {{ .Values.deleteLocalData | quote }}
          - name: IGNORE_DAEMON_SETS
            value: {{ .Values.ignoreDaemonSets | quote }}
          - name: POD_TERMINATION_GRACE_PERIOD
            value: {{ .Values.podTerminationGracePeriod | quote }}
          - name: INSTANCE_METADATA_URL
            value: {{ .Values.instanceMetadataURL | quote }}
          - name: NODE_TERMINATION_GRACE_PERIOD
            value: {{ .Values.nodeTerminationGracePeriod | quote }}
          - name: WEBHOOK_URL
          {{- if .Values.webhookURLSecretName }}
            valueFrom:
              secretKeyRef:
                name: {{ .Values.webhookURLSecretName }}
                key: webhookurl
          {{- else }}
            value: {{ .Values.webhookURL | quote }}
          {{- end }}
          - name: WEBHOOK_HEADERS
            value: {{ .Values.webhookHeaders | quote }}
          {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}
          - name: WEBHOOK_TEMPLATE_FILE
            value: {{ print "/config/" .Values.webhookTemplateConfigMapKey | quote }}
          {{- end }}
          - name: WEBHOOK_TEMPLATE
            value: {{ .Values.webhookTemplate | quote }}
          - name: DRY_RUN
            value: {{ .Values.dryRun | quote }}
          - name: METADATA_TRIES
            value: {{ .Values.metadataTries | quote }}
          - name: CORDON_ONLY
            value: {{ .Values.cordonOnly | quote }}
          - name: TAINT_NODE
            value: {{ .Values.taintNode | quote }}
          - name: JSON_LOGGING
            value: {{ .Values.jsonLogging | quote }}
          - name: LOG_LEVEL
            value: {{ .Values.logLevel | quote }}
          - name: WEBHOOK_PROXY
            value: {{ .Values.webhookProxy | quote }}
          - name: ENABLE_PROMETHEUS_SERVER
            value: {{ .Values.enablePrometheusServer | quote }}
          - name: ENABLE_PROBES_SERVER
            value: {{ .Values.enableProbesServer | quote }}
          - name: ENABLE_SPOT_INTERRUPTION_DRAINING
            value: "false"
          - name: ENABLE_SCHEDULED_EVENT_DRAINING
            value: "false"
          - name: ENABLE_REBALANCE_MONITORING
            value: "false"
          - name: ENABLE_REBALANCE_DRAINING
            value: "false"
          - name: ENABLE_SQS_TERMINATION_DRAINING
            value: "true"
          - name: QUEUE_URL
            value: {{ .Values.queueURL | quote }}
          - name: PROMETHEUS_SERVER_PORT
            value: {{ .Values.prometheusServerPort | quote }}
          - name: PROBES_SERVER_PORT
            value: {{ .Values.probesServerPort | quote }}
          - name: PROBES_SERVER_ENDPOINT
            value: {{ .Values.probesServerEndpoint | quote }}
          - name: AWS_REGION
            value: {{ .Values.awsRegion | quote }}
          - name: AWS_ENDPOINT
            value: {{ .Values.awsEndpoint | quote }}
          {{- if .Values.awsSecretAccessKey }}
          - name: AWS_SECRET_ACCESS_KEY
            value: {{ .Values.awsSecretAccessKey | quote }}
          - name: AWS_ACCESS_KEY_ID
            value: {{ .Values.awsAccessKeyID | quote }}
          {{- end }}
          - name: CHECK_ASG_TAG_BEFORE_DRAINING
            value: {{ .Values.checkASGTagBeforeDraining | quote }}
          - name: MANAGED_ASG_TAG
            value: {{ .Values.managedAsgTag | quote }}
          - name: WORKERS
            value: {{ .Values.workers | quote }}
          - name: EMIT_KUBERNETES_EVENTS
            value: {{ .Values.emitKubernetesEvents | quote }}
          - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS
            value: {{ .Values.kubernetesEventsExtraAnnotations | quote }}
{{- range $key, $value := .Values.extraEnv }}
          - name: {{ $key }}
            value: {{ $value | quote }}
{{- end }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
          {{- if or .Values.enablePrometheusServer .Values.enableProbesServer }}
          ports:
          {{- end }}
          {{- if .Values.enablePrometheusServer }}
          - containerPort: {{ .Values.prometheusServerPort }}
            name: http-metrics
            protocol: TCP
          {{- end }}
          {{- if .Values.enableProbesServer }}
          - containerPort: {{ .Values.probesServerPort }}
            name: liveness-probe
            protocol: TCP
          {{- end }}
          {{- if .Values.enableProbesServer }}
          livenessProbe:
            {{- toYaml .Values.probes | nindent 12 }}
          {{- end }}
      nodeSelector:
        {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
        {{- with .Values.nodeSelector }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      {{- if .Values.image.pullSecrets }}
      imagePullSecrets:
      {{- range .Values.image.pullSecrets }}
        - name: {{ . }}
      {{- end }}
      {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
{{- end }}
feat: make aws-node-termination handler work, more reorg 2021-12-01 15:43:42 +00:00			`{{- if .Values.enableSqsTerminationDraining }}`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: {{ include "aws-node-termination-handler.fullname" . }}`
			`namespace: {{ .Release.Namespace }}`
			`labels:`
			`{{- include "aws-node-termination-handler.labels" . \| nindent 4 }}`
			`spec:`
			`replicas: {{ .Values.replicas }}`
			`selector:`
			`matchLabels:`
			`{{- include "aws-node-termination-handler.selectorLabels" . \| nindent 6 }}`
			`{{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux`
			`template:`
			`metadata:`
			`annotations:`
			`{{- range $key, $value := .Values.podAnnotations }}`
			`{{ $key }}: {{ $value \| quote }}`
			`{{- end }}`
			`labels:`
			`{{- include "aws-node-termination-handler.selectorLabels" . \| nindent 8 }}`
			`k8s-app: aws-node-termination-handler`
			`{{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux`
			`{{- range $key, $value := .Values.podLabels }}`
			`{{ $key }}: {{ $value \| quote }}`
			`{{- end }}`
			`spec:`
			`volumes:`
			`{{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}`
			`- name: "webhook-template"`
			`configMap:`
			`name: {{ .Values.webhookTemplateConfigMapName }}`
			`{{- end }}`
			`- name: aws-token`
			`projected:`
			`sources:`
			`- serviceAccountToken:`
			`path: token`
			`expirationSeconds: 86400`
			`audience: "sts.amazonaws.com"`
			`priorityClassName: {{ .Values.priorityClassName \| quote }}`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . \| quote }}`
			`operator: In`
			`values:`
			`- linux`
			`- key: {{ include "aws-node-termination-handler.nodeSelectorTermsArch" . \| quote }}`
			`operator: In`
			`values:`
			`- amd64`
			`- arm64`
			`- arm`
			`{{- with .Values.affinity }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`serviceAccountName: {{ template "aws-node-termination-handler.serviceAccountName" . }}`
			`hostNetwork: false`
			`dnsPolicy: {{ .Values.dnsPolicy \| quote }}`
			`securityContext:`
			`fsGroup: {{ .Values.securityContext.runAsGroupID }}`
			`containers:`
			`- name: {{ include "aws-node-termination-handler.name" . }}`
			`image: {{ .Values.image.repository }}:{{ .Values.image.tag }}`
			`imagePullPolicy: {{ .Values.image.pullPolicy }}`
			`securityContext:`
			`readOnlyRootFilesystem: true`
			`runAsNonRoot: true`
			`runAsUser: {{ .Values.securityContext.runAsUserID }}`
			`runAsGroup: {{ .Values.securityContext.runAsGroupID }}`
			`allowPrivilegeEscalation: false`
			`volumeMounts:`
			`{{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}`
			`- name: "webhook-template"`
			`mountPath: "/config/"`
			`{{- end }}`
			`- name: aws-token`
			`mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"`
			`readOnly: true`
			`env:`
			`- name: NODE_NAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
			`- name: POD_NAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.name`
			`- name: NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
			`- name: DELETE_LOCAL_DATA`
			`value: {{ .Values.deleteLocalData \| quote }}`
			`- name: IGNORE_DAEMON_SETS`
			`value: {{ .Values.ignoreDaemonSets \| quote }}`
			`- name: POD_TERMINATION_GRACE_PERIOD`
			`value: {{ .Values.podTerminationGracePeriod \| quote }}`
			`- name: INSTANCE_METADATA_URL`
			`value: {{ .Values.instanceMetadataURL \| quote }}`
			`- name: NODE_TERMINATION_GRACE_PERIOD`
			`value: {{ .Values.nodeTerminationGracePeriod \| quote }}`
			`- name: WEBHOOK_URL`
			`{{- if .Values.webhookURLSecretName }}`
			`valueFrom:`
			`secretKeyRef:`
			`name: {{ .Values.webhookURLSecretName }}`
			`key: webhookurl`
			`{{- else }}`
			`value: {{ .Values.webhookURL \| quote }}`
			`{{- end }}`
			`- name: WEBHOOK_HEADERS`
			`value: {{ .Values.webhookHeaders \| quote }}`
			`{{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }}`
			`- name: WEBHOOK_TEMPLATE_FILE`
			`value: {{ print "/config/" .Values.webhookTemplateConfigMapKey \| quote }}`
			`{{- end }}`
			`- name: WEBHOOK_TEMPLATE`
			`value: {{ .Values.webhookTemplate \| quote }}`
			`- name: DRY_RUN`
			`value: {{ .Values.dryRun \| quote }}`
			`- name: METADATA_TRIES`
			`value: {{ .Values.metadataTries \| quote }}`
			`- name: CORDON_ONLY`
			`value: {{ .Values.cordonOnly \| quote }}`
			`- name: TAINT_NODE`
			`value: {{ .Values.taintNode \| quote }}`
			`- name: JSON_LOGGING`
			`value: {{ .Values.jsonLogging \| quote }}`
			`- name: LOG_LEVEL`
			`value: {{ .Values.logLevel \| quote }}`
			`- name: WEBHOOK_PROXY`
			`value: {{ .Values.webhookProxy \| quote }}`
			`- name: ENABLE_PROMETHEUS_SERVER`
			`value: {{ .Values.enablePrometheusServer \| quote }}`
			`- name: ENABLE_PROBES_SERVER`
			`value: {{ .Values.enableProbesServer \| quote }}`
			`- name: ENABLE_SPOT_INTERRUPTION_DRAINING`
			`value: "false"`
			`- name: ENABLE_SCHEDULED_EVENT_DRAINING`
			`value: "false"`
			`- name: ENABLE_REBALANCE_MONITORING`
			`value: "false"`
			`- name: ENABLE_REBALANCE_DRAINING`
			`value: "false"`
			`- name: ENABLE_SQS_TERMINATION_DRAINING`
			`value: "true"`
			`- name: QUEUE_URL`
			`value: {{ .Values.queueURL \| quote }}`
			`- name: PROMETHEUS_SERVER_PORT`
			`value: {{ .Values.prometheusServerPort \| quote }}`
			`- name: PROBES_SERVER_PORT`
			`value: {{ .Values.probesServerPort \| quote }}`
			`- name: PROBES_SERVER_ENDPOINT`
			`value: {{ .Values.probesServerEndpoint \| quote }}`
			`- name: AWS_REGION`
			`value: {{ .Values.awsRegion \| quote }}`
			`- name: AWS_ENDPOINT`
			`value: {{ .Values.awsEndpoint \| quote }}`
			`{{- if .Values.awsSecretAccessKey }}`
			`- name: AWS_SECRET_ACCESS_KEY`
			`value: {{ .Values.awsSecretAccessKey \| quote }}`
			`- name: AWS_ACCESS_KEY_ID`
			`value: {{ .Values.awsAccessKeyID \| quote }}`
			`{{- end }}`
			`- name: CHECK_ASG_TAG_BEFORE_DRAINING`
			`value: {{ .Values.checkASGTagBeforeDraining \| quote }}`
			`- name: MANAGED_ASG_TAG`
			`value: {{ .Values.managedAsgTag \| quote }}`
			`- name: WORKERS`
			`value: {{ .Values.workers \| quote }}`
			`- name: EMIT_KUBERNETES_EVENTS`
			`value: {{ .Values.emitKubernetesEvents \| quote }}`
			`- name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS`
			`value: {{ .Values.kubernetesEventsExtraAnnotations \| quote }}`
			`{{- range $key, $value := .Values.extraEnv }}`
			`- name: {{ $key }}`
			`value: {{ $value \| quote }}`
			`{{- end }}`
			`resources:`
			`{{- toYaml .Values.resources \| nindent 12 }}`
			`{{- if or .Values.enablePrometheusServer .Values.enableProbesServer }}`
			`ports:`
			`{{- end }}`
			`{{- if .Values.enablePrometheusServer }}`
			`- containerPort: {{ .Values.prometheusServerPort }}`
			`name: http-metrics`
			`protocol: TCP`
			`{{- end }}`
			`{{- if .Values.enableProbesServer }}`
			`- containerPort: {{ .Values.probesServerPort }}`
			`name: liveness-probe`
			`protocol: TCP`
			`{{- end }}`
			`{{- if .Values.enableProbesServer }}`
			`livenessProbe:`
			`{{- toYaml .Values.probes \| nindent 12 }}`
			`{{- end }}`
			`nodeSelector:`
			`{{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux`
			`{{- with .Values.nodeSelector }}`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- if .Values.image.pullSecrets }}`
			`imagePullSecrets:`
			`{{- range .Values.image.pullSecrets }}`
			`- name: {{ . }}`
			`{{- end }}`
			`{{- end }}`
			`{{- with .Values.tolerations }}`
			`tolerations:`
			`{{- toYaml . \| nindent 8 }}`
			`{{- end }}`
			`{{- end }}`