-
Notifications
You must be signed in to change notification settings - Fork 958
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #39 from jaypipes/cleanup-nth
Fix up node termination handler chart
- Loading branch information
Showing
7 changed files
with
253 additions
and
68 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,27 @@ | ||
apiVersion: v1 | ||
appVersion: "1.0" | ||
description: A Helm chart for Kubernetes | ||
name: aws-node-termination-handler | ||
description: A Helm chart for the AWS Node Termination Handler | ||
version: 0.1.0 | ||
appVersion: 1.0.0 | ||
home: https://github.com/aws/eks-charts | ||
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png | ||
sources: | ||
- https://github.com/aws/eks-charts | ||
maintainers: | ||
- name: Nicholas Turner | ||
url: https://github.com/nckturner | ||
email: [email protected] | ||
- name: Stefan Prodan | ||
url: https://github.com/stefanprodan | ||
email: [email protected] | ||
- name: Jillian Montalvo | ||
url: https://github.com/jillmon | ||
email: [email protected] | ||
- name: Matthew Becker | ||
url: https://github.com/mattrandallbecker | ||
email: [email protected] | ||
keywords: | ||
- eks | ||
- ec2 | ||
- node-termination | ||
- spot |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,37 +1,69 @@ | ||
# AWS Node Termination Handler Chart | ||
# AWS Node Termination Handler | ||
|
||
AWS Node Termination Handler Helm chart for Kubernetes. For more information on this project see the project repo at https://github.com/aws/aws-node-termination-handler. | ||
## Prerequisite | ||
|
||
## Prerequisites | ||
|
||
* Kubernetes >= 1.11 | ||
|
||
## Installing the Chart | ||
|
||
Add the EKS repository to Helm: | ||
```sh | ||
helm repo add eks https://aws.github.io/eks-charts | ||
``` | ||
Install AWS Node Termination Handler: | ||
To install the chart with the release name aws-node-termination-handler and default configuration: | ||
|
||
```sh | ||
helm upgrade -i aws-node-termination-handler eks/aws-node-termination-handler | ||
helm install --name aws-node-termination-handler \ | ||
--namespace kube-system eks/aws-node-termination-handler | ||
``` | ||
|
||
To install into an EKS cluster where the Node Termination Handler is already installed, you can run: | ||
|
||
```sh | ||
helm upgrade --install --recreate-pods --force \ | ||
aws-node-termination-handler --namespace kube-system eks/aws-node-termination-handler | ||
``` | ||
|
||
If you receive an error similar to `Error: release aws-node-termination-handler | ||
failed: <resource> "aws-node-termination-handler" already exists`, simply rerun | ||
the above command. | ||
|
||
The [configuration](#configuration) section lists the parameters that can be configured during installation. | ||
|
||
## Uninstalling the Chart | ||
|
||
To uninstall/delete the `aws-node-termination-handler` deployment: | ||
|
||
```sh | ||
helm delete --purge aws-node-termination-handler | ||
``` | ||
|
||
The command removes all the Kubernetes components associated with the chart and deletes the release. | ||
|
||
## Configuration | ||
|
||
The following tables lists the configurable parameters of the chart and their default values. | ||
|
||
Parameter | Description | Default | ||
--- | --- | --- | ||
`deleteLocalData` | Tells kubectl to continue even if there are pods using emptyDir (local data that will be deleted when the node is drained). | `false` | ||
`fullnameOverride` | Override the full name of the chart | `"node-termination-handler"` | ||
`gracePeriod` | The time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used. | `30` | ||
`ignoreDaemonsSets` | Causes kubectl to skip daemon set managed pods | `true` | ||
`imageName` | Refers to docker image located [here](https://hub.docker.com/r/amazon/aws-node-termination-handler). | `"amazon/aws-node-termination-handler"` | ||
`imageVersion` | Refers to current docker image version found [here](https://hub.docker.com/r/amazon/aws-node-termination-handler/tags). | `"v1.0.0"` | ||
`nameOverride` | Override the name of the chart | `"node-termination-handler"` | ||
`namespace` | The [kubernetes namespace](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) | `"kube-system"` | ||
`nodeSelector` | Tells the daemon set where to place the node-termination-handler pods. For example: `lifecycle: "Ec2Spot"`, `on-demand: "false"`, `aws.amazon.com/purchaseType: "spot"`, etc. Value must be a valid yaml expression. | `{}` | ||
`serviceAccount.name` | The name of the ServiceAccount to use | `nil` | ||
`serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | ||
Parameter | Description | Default | ||
--- | --- | --- | ||
`image.repository` | image repository | `amazon/aws-node-termination-handler` | ||
`image.tag` | image tag | `<VERSION>` | ||
`image.pullPolicy` | image pull policy | `IfNotPresent` | ||
`deleteLocalData` | Tells kubectl to continue even if there are pods using emptyDir (local data that will be deleted when the node is drained). | `false` | ||
`gracePeriod` | The time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used. | `30` | ||
`ignoreDaemonsSets` | Causes kubectl to skip daemon set managed pods | `true` | ||
`affinity` | node/pod affinities | None | ||
`podSecurityContext` | Pod Security Context | `{}` | ||
`podAnnotations` | annotations to add to each pod | `{}` | ||
`priorityClassName` | Name of the priorityClass | `system-node-critical` | ||
`resources` | Resources for the pods | `requests.cpu: 50m, requests.memory: 64Mi, limits.cpu: 100m, limits.memory: 128Mi` | ||
`securityContext` | Container Security context | `privileged: true` | ||
`nodeSelector` | Tells the daemon set where to place the node-termination-handler pods. For example: `lifecycle: "Ec2Spot"`, `on-demand: "false"`, `aws.amazon.com/purchaseType: "spot"`, etc. Value must be a valid yaml expression. | `{}` | ||
`tolerations` | list of node taints to tolerate | `[]` | ||
`rbac.create` | if `true`, create and use RBAC resources | `true` | ||
`rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false` | ||
`serviceAccount.create` | If `true`, create a new service account | `true` | ||
`serviceAccount.name` | Service account to be used | None |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
{{- if .Values.rbac.pspEnabled }} | ||
apiVersion: policy/v1beta1 | ||
kind: PodSecurityPolicy | ||
metadata: | ||
name: {{ template "aws-node-termination-handler.fullname" . }} | ||
labels: | ||
{{ include "aws-node-termination-handler.labels" . | indent 4 }} | ||
annotations: | ||
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' | ||
spec: | ||
privileged: false | ||
hostIPC: false | ||
hostNetwork: false | ||
hostPID: false | ||
readOnlyRootFilesystem: false | ||
allowPrivilegeEscalation: false | ||
allowedCapabilities: | ||
- '*' | ||
fsGroup: | ||
rule: RunAsAny | ||
runAsUser: | ||
rule: RunAsAny | ||
seLinux: | ||
rule: RunAsAny | ||
supplementalGroups: | ||
rule: RunAsAny | ||
volumes: | ||
- '*' | ||
--- | ||
kind: ClusterRole | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
metadata: | ||
name: {{ template "aws-node-termination-handler.fullname" . }}-psp | ||
labels: | ||
{{ include "aws-node-termination-handler.labels" . | indent 4 }} | ||
rules: | ||
- apiGroups: ['policy'] | ||
resources: ['podsecuritypolicies'] | ||
verbs: ['use'] | ||
resourceNames: | ||
- {{ template "aws-node-termination-handler.fullname" . }} | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
name: {{ template "aws-node-termination-handler.fullname" . }}-psp | ||
labels: | ||
{{ include "aws-node-termination-handler.labels" . | indent 4 }} | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: {{ template "aws-node-termination-handler.fullname" . }}-psp | ||
subjects: | ||
- kind: ServiceAccount | ||
name: {{ template "aws-node-termination-handler.serviceAccountName" . }} | ||
namespace: {{ .Release.Namespace }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters