{{- if .Values.enableSqsTerminationDraining }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "aws-node-termination-handler.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "aws-node-termination-handler.labels" . | nindent 4 }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: {{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }} {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux template: metadata: annotations: {{- range $key, $value := .Values.podAnnotations }} {{ $key }}: {{ $value | quote }} {{- end }} labels: {{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }} k8s-app: aws-node-termination-handler {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux {{- range $key, $value := .Values.podLabels }} {{ $key }}: {{ $value | quote }} {{- end }} spec: volumes: {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - name: "webhook-template" configMap: name: {{ .Values.webhookTemplateConfigMapName }} {{- end }} - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com" priorityClassName: {{ .Values.priorityClassName | quote }} affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . | quote }} operator: In values: - linux - key: {{ include "aws-node-termination-handler.nodeSelectorTermsArch" . | quote }} operator: In values: - amd64 - arm64 - arm {{- with .Values.affinity }} {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ template "aws-node-termination-handler.serviceAccountName" . }} hostNetwork: false dnsPolicy: {{ .Values.dnsPolicy | quote }} securityContext: fsGroup: {{ .Values.securityContext.runAsGroupID }} containers: - name: {{ include "aws-node-termination-handler.name" . }} image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: {{ .Values.securityContext.runAsUserID }} runAsGroup: {{ .Values.securityContext.runAsGroupID }} allowPrivilegeEscalation: false volumeMounts: {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - name: "webhook-template" mountPath: "/config/" {{- end }} - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: DELETE_LOCAL_DATA value: {{ .Values.deleteLocalData | quote }} - name: IGNORE_DAEMON_SETS value: {{ .Values.ignoreDaemonSets | quote }} - name: POD_TERMINATION_GRACE_PERIOD value: {{ .Values.podTerminationGracePeriod | quote }} - name: INSTANCE_METADATA_URL value: {{ .Values.instanceMetadataURL | quote }} - name: NODE_TERMINATION_GRACE_PERIOD value: {{ .Values.nodeTerminationGracePeriod | quote }} - name: WEBHOOK_URL {{- if .Values.webhookURLSecretName }} valueFrom: secretKeyRef: name: {{ .Values.webhookURLSecretName }} key: webhookurl {{- else }} value: {{ .Values.webhookURL | quote }} {{- end }} - name: WEBHOOK_HEADERS value: {{ .Values.webhookHeaders | quote }} {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - name: WEBHOOK_TEMPLATE_FILE value: {{ print "/config/" .Values.webhookTemplateConfigMapKey | quote }} {{- end }} - name: WEBHOOK_TEMPLATE value: {{ .Values.webhookTemplate | quote }} - name: DRY_RUN value: {{ .Values.dryRun | quote }} - name: METADATA_TRIES value: {{ .Values.metadataTries | quote }} - name: CORDON_ONLY value: {{ .Values.cordonOnly | quote }} - name: TAINT_NODE value: {{ .Values.taintNode | quote }} - name: JSON_LOGGING value: {{ .Values.jsonLogging | quote }} - name: LOG_LEVEL value: {{ .Values.logLevel | quote }} - name: WEBHOOK_PROXY value: {{ .Values.webhookProxy | quote }} - name: ENABLE_PROMETHEUS_SERVER value: {{ .Values.enablePrometheusServer | quote }} - name: ENABLE_PROBES_SERVER value: {{ .Values.enableProbesServer | quote }} - name: ENABLE_SPOT_INTERRUPTION_DRAINING value: "false" - name: ENABLE_SCHEDULED_EVENT_DRAINING value: "false" - name: ENABLE_REBALANCE_MONITORING value: "false" - name: ENABLE_REBALANCE_DRAINING value: "false" - name: ENABLE_SQS_TERMINATION_DRAINING value: "true" - name: QUEUE_URL value: {{ .Values.queueURL | quote }} - name: PROMETHEUS_SERVER_PORT value: {{ .Values.prometheusServerPort | quote }} - name: PROBES_SERVER_PORT value: {{ .Values.probesServerPort | quote }} - name: PROBES_SERVER_ENDPOINT value: {{ .Values.probesServerEndpoint | quote }} - name: AWS_REGION value: {{ .Values.awsRegion | quote }} - name: AWS_ENDPOINT value: {{ .Values.awsEndpoint | quote }} {{- if .Values.awsSecretAccessKey }} - name: AWS_SECRET_ACCESS_KEY value: {{ .Values.awsSecretAccessKey | quote }} - name: AWS_ACCESS_KEY_ID value: {{ .Values.awsAccessKeyID | quote }} {{- end }} - name: CHECK_ASG_TAG_BEFORE_DRAINING value: {{ .Values.checkASGTagBeforeDraining | quote }} - name: MANAGED_ASG_TAG value: {{ .Values.managedAsgTag | quote }} - name: WORKERS value: {{ .Values.workers | quote }} - name: EMIT_KUBERNETES_EVENTS value: {{ .Values.emitKubernetesEvents | quote }} - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS value: {{ .Values.kubernetesEventsExtraAnnotations | quote }} {{- range $key, $value := .Values.extraEnv }} - name: {{ $key }} value: {{ $value | quote }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- if or .Values.enablePrometheusServer .Values.enableProbesServer }} ports: {{- end }} {{- if .Values.enablePrometheusServer }} - containerPort: {{ .Values.prometheusServerPort }} name: http-metrics protocol: TCP {{- end }} {{- if .Values.enableProbesServer }} - containerPort: {{ .Values.probesServerPort }} name: liveness-probe protocol: TCP {{- end }} {{- if .Values.enableProbesServer }} livenessProbe: {{- toYaml .Values.probes | nindent 12 }} {{- end }} nodeSelector: {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux {{- with .Values.nodeSelector }} {{- toYaml . | nindent 8 }} {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} - name: {{ . }} {{- end }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }}