{{ with .NodeTerminationHandler }} # Sourced from https://github.com/aws/aws-node-termination-handler/releases/download/v1.16.0/all-resources.yaml --- # Source: aws-node-termination-handler/templates/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: aws-node-termination-handler namespace: kube-system labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler k8s-app: aws-node-termination-handler app.kubernetes.io/version: "{{ .Version }}" app.kubernetes.io/component: aws-node-termination-handler app.kubernetes.io/part-of: aws-node-termination-handler --- # Source: aws-node-termination-handler/templates/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: aws-node-termination-handler labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler app.kubernetes.io/version: "{{ .Version }}" app.kubernetes.io/component: aws-node-termination-handler app.kubernetes.io/part-of: aws-node-termination-handler rules: - apiGroups: - "" resources: - nodes verbs: - get - list - patch - update - apiGroups: - "" resources: - pods verbs: - list - get - apiGroups: - "" resources: - pods/eviction verbs: - create - apiGroups: - extensions resources: - daemonsets verbs: - get - apiGroups: - apps resources: - daemonsets verbs: - get --- # Source: aws-node-termination-handler/templates/clusterrolebinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: aws-node-termination-handler labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler app.kubernetes.io/version: "{{ .Version }}" app.kubernetes.io/component: aws-node-termination-handler app.kubernetes.io/part-of: aws-node-termination-handler subjects: - kind: ServiceAccount name: aws-node-termination-handler namespace: kube-system roleRef: kind: ClusterRole name: aws-node-termination-handler apiGroup: rbac.authorization.k8s.io {{ if EnableSQSTerminationDraining }} --- # Source: aws-node-termination-handler/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: aws-node-termination-handler namespace: kube-system labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler k8s-app: aws-node-termination-handler app.kubernetes.io/version: "{{ .Version }}" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler kubernetes.io/os: linux template: metadata: labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler k8s-app: aws-node-termination-handler kubernetes.io/os: linux spec: priorityClassName: "system-cluster-critical" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "kubernetes.io/os" operator: In values: - linux - key: "kubernetes.io/arch" operator: In values: - amd64 - arm64 - arm serviceAccountName: aws-node-termination-handler hostNetwork: false dnsPolicy: "" securityContext: fsGroup: 1000 containers: - name: aws-node-termination-handler image: public.ecr.aws/aws-ec2/aws-node-termination-handler:{{ .Version }} imagePullPolicy: IfNotPresent securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: DELETE_LOCAL_DATA value: "" - name: IGNORE_DAEMON_SETS value: "" - name: POD_TERMINATION_GRACE_PERIOD value: "" - name: INSTANCE_METADATA_URL value: "" - name: NODE_TERMINATION_GRACE_PERIOD value: "" - name: WEBHOOK_URL value: "" - name: WEBHOOK_HEADERS value: "" - name: WEBHOOK_TEMPLATE value: "" - name: DRY_RUN value: "false" - name: METADATA_TRIES value: "3" - name: CORDON_ONLY value: "false" - name: TAINT_NODE value: "false" - name: JSON_LOGGING value: "true" - name: LOG_LEVEL value: "info" - name: WEBHOOK_PROXY value: "" - name: ENABLE_PROMETHEUS_SERVER value: "{{ .EnablePrometheusMetrics }}" - name: ENABLE_PROBES_SERVER value: "false" - name: ENABLE_SPOT_INTERRUPTION_DRAINING value: "false" - name: ENABLE_SCHEDULED_EVENT_DRAINING value: "false" - name: ENABLE_REBALANCE_MONITORING value: "false" - name: ENABLE_REBALANCE_DRAINING value: "false" - name: ENABLE_SQS_TERMINATION_DRAINING value: "true" - name: EXCLUDE_FROM_LOAD_BALANCERS value: "{{ .ExcludeFromLoadBalancers }}" - name: QUEUE_URL value: "{{ DefaultQueueName }}" - name: PROMETHEUS_SERVER_PORT value: "9092" - name: PROBES_SERVER_PORT value: "8080" - name: PROBES_SERVER_ENDPOINT value: "/healthz" - name: AWS_REGION value: "" - name: AWS_ENDPOINT value: "" - name: CHECK_ASG_TAG_BEFORE_DRAINING value: "true" - name: MANAGED_ASG_TAG value: "{{ .ManagedASGTag }}" - name: WORKERS value: "10" - name: EMIT_KUBERNETES_EVENTS value: "true" - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS value: "" resources: requests: cpu: {{ .CPURequest }} memory: {{ .MemoryRequest }} {{ if not UseServiceAccountExternalPermissions }} nodeSelector: node-role.kubernetes.io/master: "" tolerations: - operator: Exists {{ end }} topologySpreadConstraints: - maxSkew: 1 topologyKey: "topology.kubernetes.io/zone" whenUnsatisfiable: ScheduleAnyway labelSelector: matchLabels: io.cilium/app: operator name: cilium-operator - maxSkew: 1 topologyKey: "kubernetes.io/hostname" whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler --- apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: aws-node-termination-handler namespace: kube-system labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler spec: selector: matchLabels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler maxUnavailable: 1 {{ else }} --- # Source: aws-node-termination-handler/templates/daemonset.linux.yaml apiVersion: apps/v1 kind: DaemonSet metadata: name: aws-node-termination-handler namespace: kube-system labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler k8s-app: aws-node-termination-handler app.kubernetes.io/version: "{{ .Version }}" spec: updateStrategy: rollingUpdate: maxUnavailable: 1 type: RollingUpdate selector: matchLabels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler kubernetes.io/os: linux template: metadata: labels: app.kubernetes.io/name: aws-node-termination-handler app.kubernetes.io/instance: aws-node-termination-handler k8s-app: aws-node-termination-handler kubernetes.io/os: linux spec: volumes: - name: "uptime" hostPath: path: "/proc/uptime" priorityClassName: "system-node-critical" affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: "kubernetes.io/os" operator: In values: - linux - key: "kubernetes.io/arch" operator: In values: - amd64 - arm64 - arm serviceAccountName: aws-node-termination-handler hostNetwork: true dnsPolicy: "ClusterFirstWithHostNet" containers: - name: aws-node-termination-handler image: public.ecr.aws/aws-ec2/aws-node-termination-handler:{{ .Version }} imagePullPolicy: IfNotPresent securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 allowPrivilegeEscalation: false volumeMounts: - name: "uptime" mountPath: "/proc/uptime" readOnly: true env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: DELETE_LOCAL_DATA value: "true" - name: IGNORE_DAEMON_SETS value: "true" - name: POD_TERMINATION_GRACE_PERIOD value: "-1" - name: INSTANCE_METADATA_URL value: "" - name: NODE_TERMINATION_GRACE_PERIOD value: "" - name: WEBHOOK_URL value: "" - name: WEBHOOK_HEADERS value: "" - name: WEBHOOK_TEMPLATE value: "" - name: ENABLE_SPOT_INTERRUPTION_DRAINING value: "{{ .EnableSpotInterruptionDraining }}" - name: ENABLE_SCHEDULED_EVENT_DRAINING value: "{{ .EnableScheduledEventDraining }}" - name: ENABLE_REBALANCE_MONITORING value: "{{ .EnableRebalanceMonitoring }}" - name: ENABLE_REBALANCE_DRAINING value: "{{ .EnableRebalanceDraining }}" - name: CHECK_ASG_TAG_BEFORE_DRAINING value: "true" - name: MANAGED_ASG_TAG value: "aws-node-termination-handler/managed" - name: METADATA_TRIES value: "3" - name: CORDON_ONLY value: "false" - name: TAINT_NODE value: "false" - name: EXCLUDE_FROM_LOAD_BALANCERS value: "{{ .ExcludeFromLoadBalancers }}" - name: JSON_LOGGING value: "true" - name: ENABLE_PROMETHEUS_SERVER value: "{{ .EnablePrometheusMetrics }}" - name: PROMETHEUS_SERVER_PORT value: "9092" - name: LOG_LEVEL value: "info" - name: WEBHOOK_PROXY value: "" - name: UPTIME_FROM_FILE value: "" - name: EMIT_KUBERNETES_EVENTS value: "true" - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS value: "" - name: ENABLE_PROBES_SERVER value: "false" - name: PROBES_SERVER_PORT value: "8080" - name: PROBES_SERVER_ENDPOINT value: "/healthz" resources: requests: cpu: {{ .CPURequest }} memory: {{ .MemoryRequest }} nodeSelector: kubernetes.io/os: linux tolerations: - operator: Exists {{ end }} {{ end }}