{{- if .Values.enableSqsTerminationDraining }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "aws-node-termination-handler.fullname" . }} namespace: {{ .Release.Namespace }} labels: {{- include "aws-node-termination-handler.labelsDeployment" . | nindent 4 }} spec: replicas: {{ .Values.replicas }} {{- with .Values.strategy }} strategy: {{- toYaml . | nindent 4 }} {{- end }} selector: matchLabels: {{- include "aws-node-termination-handler.selectorLabelsDeployment" . | nindent 6 }} template: metadata: labels: {{- include "aws-node-termination-handler.selectorLabelsDeployment" . | nindent 8 }} k8s-app: aws-node-termination-handler {{- with .Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.podAnnotations }} annotations: {{- toYaml . | nindent 8 }} {{- end }} spec: {{- with .Values.image.pullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "aws-node-termination-handler.serviceAccountName" . }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.priorityClassName }} priorityClassName: {{ . }} {{- end }} {{- with .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ . }} {{- end }} {{- with .Values.dnsConfig }} dnsConfig: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: aws-node-termination-handler {{- with .Values.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} image: {{ include "aws-node-termination-handler.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: ENABLE_PROBES_SERVER value: "true" - name: PROBES_SERVER_PORT value: {{ .Values.probes.httpGet.port | quote }} - name: PROBES_SERVER_ENDPOINT value: {{ .Values.probes.httpGet.path | quote }} - name: LOG_LEVEL value: {{ .Values.logLevel | quote }} - name: JSON_LOGGING value: {{ .Values.jsonLogging | quote }} - name: LOG_FORMAT_VERSION value: {{ .Values.logFormatVersion | quote }} - name: ENABLE_PROMETHEUS_SERVER value: {{ .Values.enablePrometheusServer | quote }} - name: PROMETHEUS_SERVER_PORT value: {{ .Values.prometheusServerPort | quote }} # [DEPRECATED] Use CHECK_TAG_BEFORE_DRAINING instead - name: CHECK_ASG_TAG_BEFORE_DRAINING value: {{ .Values.checkASGTagBeforeDraining | quote }} - name: CHECK_TAG_BEFORE_DRAINING value: {{ .Values.checkTagBeforeDraining | quote }} # [DEPRECATED] Use MANAGED_TAG instead - name: MANAGED_ASG_TAG value: {{ .Values.managedAsgTag | quote }} - name: MANAGED_TAG value: {{ .Values.managedTag | quote }} - name: USE_PROVIDER_ID value: {{ .Values.useProviderId | quote }} - name: DRY_RUN value: {{ .Values.dryRun | quote }} - name: CORDON_ONLY value: {{ .Values.cordonOnly | quote }} - name: TAINT_NODE value: {{ .Values.taintNode | quote }} - name: EXCLUDE_FROM_LOAD_BALANCERS value: {{ .Values.excludeFromLoadBalancers | quote }} - name: DELETE_LOCAL_DATA value: {{ .Values.deleteLocalData | quote }} - name: IGNORE_DAEMON_SETS value: {{ .Values.ignoreDaemonSets | quote }} - name: POD_TERMINATION_GRACE_PERIOD value: {{ .Values.podTerminationGracePeriod | quote }} - name: NODE_TERMINATION_GRACE_PERIOD value: {{ .Values.nodeTerminationGracePeriod | quote }} - name: EMIT_KUBERNETES_EVENTS value: {{ .Values.emitKubernetesEvents | quote }} - name: COMPLETE_LIFECYCLE_ACTION_DELAY_SECONDS value: {{ .Values.completeLifecycleActionDelaySeconds | quote }} {{- with .Values.kubernetesEventsExtraAnnotations }} - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS value: {{ . | quote }} {{- end }} {{- if or .Values.webhookURL .Values.webhookURLSecretName }} - name: WEBHOOK_URL {{- if .Values.webhookURLSecretName }} valueFrom: secretKeyRef: name: {{ .Values.webhookURLSecretName }} key: webhookurl {{- else }} value: {{ .Values.webhookURL | quote }} {{- end }} {{- end }} {{- with .Values.webhookHeaders }} - name: WEBHOOK_HEADERS value: {{ . | quote }} {{- end }} {{- with .Values.webhookProxy }} - name: WEBHOOK_PROXY value: {{ . | quote }} {{- end }} {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - name: WEBHOOK_TEMPLATE_FILE value: {{ print "/config/" .Values.webhookTemplateConfigMapKey | quote }} {{- else if .Values.webhookTemplate }} - name: WEBHOOK_TEMPLATE value: {{ .Values.webhookTemplate | quote }} {{- end }} - name: ENABLE_SPOT_INTERRUPTION_DRAINING value: {{ .Values.enableSpotInterruptionDraining | quote }} - name: ENABLE_SCHEDULED_EVENT_DRAINING value: {{ .Values.enableScheduledEventDraining | quote }} - name: ENABLE_REBALANCE_MONITORING value: {{ .Values.enableRebalanceMonitoring | quote }} - name: ENABLE_REBALANCE_DRAINING value: {{ .Values.enableRebalanceDraining | quote }} - name: ENABLE_SQS_TERMINATION_DRAINING value: "true" {{- with .Values.awsRegion }} - name: AWS_REGION value: {{ . | quote }} {{- end }} {{- with .Values.awsEndpoint }} - name: AWS_ENDPOINT value: {{ . | quote }} {{- end }} {{- if and .Values.awsAccessKeyID .Values.awsSecretAccessKey }} - name: AWS_ACCESS_KEY_ID value: {{ .Values.awsAccessKeyID | quote }} - name: AWS_SECRET_ACCESS_KEY value: {{ .Values.awsSecretAccessKey | quote }} {{- end }} - name: QUEUE_URL value: {{ .Values.queueURL | quote }} - name: WORKERS value: {{ .Values.workers | quote }} {{- with .Values.extraEnv }} {{- toYaml . | nindent 12 }} {{- end }} ports: - name: liveness-probe protocol: TCP containerPort: {{ .Values.probes.httpGet.port }} {{- if .Values.enablePrometheusServer }} - name: http-metrics protocol: TCP containerPort: {{ .Values.prometheusServerPort }} {{- end }} livenessProbe: {{- toYaml .Values.probes | nindent 12 }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: aws-token mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" readOnly: true {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - name: webhook-template mountPath: /config/ {{- end }} volumes: - name: aws-token projected: sources: - serviceAccountToken: path: token expirationSeconds: 86400 audience: "sts.amazonaws.com" {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - name: webhook-template configMap: name: {{ .Values.webhookTemplateConfigMapName }} {{- end }} nodeSelector: kubernetes.io/os: linux {{- with .Values.nodeSelector }} {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- end }}