From 0b3680fe50331c1cdb292977694cd88d23177dd3 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 3 Oct 2024 08:49:17 -0500 Subject: [PATCH 1/3] chore: Deprecate and remove `aws-node-termination-handler` chart in favor of upstream chart (#1155) --- README.md | 3 +- .../aws-node-termination-handler-2/Chart.yaml | 19 -- .../aws-node-termination-handler-2/README.md | 65 ---- .../crds/node.k8s.aws_terminators.yaml | 171 ---------- .../templates/_helpers.tpl | 65 ---- .../templates/clusterrole.yaml | 50 --- .../templates/clusterrole_binding.yaml | 20 -- .../templates/configmap_logging.yaml | 19 -- .../templates/deployment.yaml | 154 --------- .../templates/role.yaml | 40 --- .../templates/role_binding.yaml | 19 -- .../templates/secret_webhook_cert.yaml | 12 - .../templates/service.yaml | 28 -- .../templates/serviceaccount.yaml | 18 -- .../templates/webhooks.yaml | 49 --- .../values.yaml | 167 ---------- .../aws-node-termination-handler/.helmignore | 23 -- .../aws-node-termination-handler/Chart.yaml | 25 -- stable/aws-node-termination-handler/README.md | 176 ----------- .../example-values-imds-linux.yaml | 5 - .../example-values-imds-windows.yaml | 5 - .../example-values-queue.yaml | 13 - .../templates/NOTES.txt | 8 - .../templates/_helpers.tpl | 124 -------- .../templates/clusterrole.yaml | 52 --- .../templates/clusterrolebinding.yaml | 16 - .../templates/daemonset.linux.yaml | 210 ------------- .../templates/daemonset.windows.yaml | 204 ------------ .../templates/deployment.yaml | 211 ------------- .../templates/pdb.yaml | 14 - .../templates/podmonitor.yaml | 29 -- .../templates/psp.yaml | 70 ----- .../templates/service.yaml | 18 -- .../templates/serviceaccount.yaml | 13 - .../templates/servicemonitor.yaml | 29 -- .../aws-node-termination-handler/values.yaml | 295 ------------------ 36 files changed, 2 insertions(+), 2437 deletions(-) delete mode 100644 stable/aws-node-termination-handler-2/Chart.yaml delete mode 100644 stable/aws-node-termination-handler-2/README.md delete mode 100644 stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/_helpers.tpl delete mode 100644 stable/aws-node-termination-handler-2/templates/clusterrole.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/configmap_logging.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/deployment.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/role.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/role_binding.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/service.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/serviceaccount.yaml delete mode 100644 stable/aws-node-termination-handler-2/templates/webhooks.yaml delete mode 100644 stable/aws-node-termination-handler-2/values.yaml delete mode 100644 stable/aws-node-termination-handler/.helmignore delete mode 100644 stable/aws-node-termination-handler/Chart.yaml delete mode 100644 stable/aws-node-termination-handler/README.md delete mode 100644 stable/aws-node-termination-handler/example-values-imds-linux.yaml delete mode 100644 stable/aws-node-termination-handler/example-values-imds-windows.yaml delete mode 100644 stable/aws-node-termination-handler/example-values-queue.yaml delete mode 100644 stable/aws-node-termination-handler/templates/NOTES.txt delete mode 100644 stable/aws-node-termination-handler/templates/_helpers.tpl delete mode 100644 stable/aws-node-termination-handler/templates/clusterrole.yaml delete mode 100644 stable/aws-node-termination-handler/templates/clusterrolebinding.yaml delete mode 100644 stable/aws-node-termination-handler/templates/daemonset.linux.yaml delete mode 100644 stable/aws-node-termination-handler/templates/daemonset.windows.yaml delete mode 100644 stable/aws-node-termination-handler/templates/deployment.yaml delete mode 100644 stable/aws-node-termination-handler/templates/pdb.yaml delete mode 100644 stable/aws-node-termination-handler/templates/podmonitor.yaml delete mode 100644 stable/aws-node-termination-handler/templates/psp.yaml delete mode 100644 stable/aws-node-termination-handler/templates/service.yaml delete mode 100644 stable/aws-node-termination-handler/templates/serviceaccount.yaml delete mode 100644 stable/aws-node-termination-handler/templates/servicemonitor.yaml delete mode 100644 stable/aws-node-termination-handler/values.yaml diff --git a/README.md b/README.md index 67afd8c3d..2ed6f90e8 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,8 @@ helm repo add eks https://aws.github.io/eks-charts ### AWS Node Termination Handler -* [aws-node-termination-handler](stable/aws-node-termination-handler): Gracefully handle EC2 instance shutdown within Kubernetes. +> [!WARNING] +> This Helm chart is now deprecated. Please see the current chart located in the [aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler/tree/main/config/helm/aws-node-termination-handler) repository which is now published on [Public ECR](https://gallery.ecr.aws/aws-ec2/helm/aws-node-termination-handler) ### AWS Calico diff --git a/stable/aws-node-termination-handler-2/Chart.yaml b/stable/aws-node-termination-handler-2/Chart.yaml deleted file mode 100644 index 9993a1d0b..000000000 --- a/stable/aws-node-termination-handler-2/Chart.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v2 -name: aws-node-termination-handler-2 -description: A Helm chart for aws-node-termination-handler, an open-source component for gracefully handling termination events for node hosted in AWS. -type: application -version: "0.2.0" -appVersion: "2.0.0-beta" -kubeVersion: ">=1.16-0" -keywords: - - aws - - ec2 - - ec2-spot - - eks - - node - - node-termination - - spot -home: https://github.com/aws/eks-charts -sources: - - https://github.com/aws/aws-node-termination-handler - - https://github.com/aws/eks-charts diff --git a/stable/aws-node-termination-handler-2/README.md b/stable/aws-node-termination-handler-2/README.md deleted file mode 100644 index 7b889b675..000000000 --- a/stable/aws-node-termination-handler-2/README.md +++ /dev/null @@ -1,65 +0,0 @@ -# AWS Node Termination Handler - -AWS Node Termination Handler Helm chart for Kubernetes. For more information on this project see the project repo at [github.com/aws/aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler). - -## Prerequisites - -- _Kubernetes_ >= 1.16 - -## Installing the Chart - -Before you can install the chart you will need to add the `eks` repo to [Helm](https://helm.sh/). - -```shell -helm repo add eks https://aws.github.io/eks-charts/ -``` - -### Configuration - -* `annotations` - Annotation names and values to add to objects in the Helm release. Default: `{}`. -* `aws.region` - AWS region name (e.g. "us-east-1") to use when making API calls. Default: `""`. -* `controller.env` - List of environment variables to set in the controller container. See [core/v1 Pod.spec.containers.env](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core) Default: `[]`. -* `controller.image` - Image repository for the controller. -* `controller.logLevel` - Override the global logging level for the controller container. Default: `""`. -* `controller.resources` - Resource requests and limits for controller container. See [core/v1 ResourceRequests](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core) for further information. Default: `{"requests":{"cpu": 1, "memory": "1Gi"}, "limits":{"cpu": 1, "memory": "1Gi"}}` -* `controller.securityContext` - Controller container security context configuration. See [core/v1 Pod.spec.securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core) for further information. Default: `{}`. -* `fullnameOverride` - Override the Helm release name. Name will be truncated if longer than 63 characters. Default is generated from the release name and chart name. -* `imagePullPolicy` - Policy for when to pull images. See [core/v1 Container.imagePullPolicy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core) for further information. Default: `"IfNotPresent"`. -* `imagePullSecrets` - List of secrets to use when pulling images. See [apps/v1 Deployment.spec.template.spec.imagePullSecrets](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) for further information. Default: `[]`. -* `labels` - Label names and values to add to objects in the Helm release. Default: `{}`. -* `logging.development` - Enable "debug mode" in logging module. May be useful during development. Default: `false`. -* `logging.disableCaller` - Disable annotating log messages with calling function's file name and line number. Default: `true`. -* `logging.disableStacktrace` - Disable stacktrace captures for all message levels. Default: `true`. -* `logging.encoding` - Logging module encoding mode. Possible values: `console`, `json`. Default: `console`. -* `logging.encoderConfig.callerKey` - Name of the caller field. Default: `"caller"`. -* `logging.encoderConfig.levelEncoder` - Level encoder name. Possible values: `capital`, `capitalColor`, `color`; otherwise the level name will be encoded as lowercase. Default: `"capital"`. -* `logging.encoderConfig.levelKey` - Name of the level field. Default: `"level"`. -* `logging.encoderConfig.messageKey` - Name of the message field. Default: `"message"`. -* `logging.encoderConfig.nameKey` - Name of the logger name field. Default: `"logger"`. -* `logging.encoderConfig.stacktraceKey` - Name of the stacktrace field. Default: `"stacktrace"`. -* `logging.encoderConfig.timeEncoder` - Time encoder name. Possible values: `iso8601`, `millis`, `nano`, `rfc3339`, `rfc3339nano`; otherwise the time will be encoded in epoch format. Default: `"iso8601"`. -* `logging.encoderConfig.timeKey` - Name of the time field. Default: `"time"`. -* `logging.errorOutputPaths` - List of paths to output internal errors from the logging module. Possible values: `stderr`, `stdout`; otherwise a valid file path. Default: `["stderr"]`. -* `logging.level` - Minimum message level to include in the log. Possible values: `debug`, `info`, `warn`, `error`, `panic`, `fatal`. Default: `info`. -* `logging.outputPaths` - List of additional output paths. Possible values: `stderr`, `stdout`; otherwise a valid file path. Default: `["stdout"]`. -* `logging.sampling.initial` - Limit of initial messages per second to accept. Default: `100`. -* `logging.sampling.thereafter` - Limit of messages per second to accept after initial phase. Default: `100`. -* `nameOverride` - Override the Helm chart name. Name will be truncated if longer than 63 characters. Default: `.Chart.Name`. -* `pod.annotations` - Annotation to apply to deployed pod. Default: `{}`. -* `pod.hostNetwork` - Request host network for pod. See [core/v1 Pod.spec.hostNetwork](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) for futher information. Default: `false`. -* `pod.labels` - Labels to apply to deployed pod. Default: `{}`. -* `pod.nodeSelector` - Node selector labels. Default: `{"kubernetes.io/os": "linux"}` -* `pod.priorityClassName` - Pod priority class. See [core/v1 Pod.spec.priorityClassName](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) for futher information. Default: `"system-cluster-critical"`. -* `pod.replicas` - Number of instances to create. Default: `1`. -* `pod.securityContext` - Pod security context configuration. See documentation for [core/v1 Pod.spec.securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core) for available properties. Default: `{"fsGroup": 1000}`. -* `pod.updateStrategy` - Deployment update strategy configuration. See documentation for [apps/v1 Deployment.spec.strategy](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#deploymentstrategy-v1-apps) for available properties. Default: `{"type": "Recreate"}`. -* `rbac.create` - Enable creation of RBAC objects. Helm release may fail is RBAC objects already exist. Default: `true`. -* `serviceAccount.annotations` - Annotation names and values to add to service account. Default: `{}`. -* `serviceAccount.create` - Enable creation of service account. Helm release may fail if service account already exists. Default: `true`. -* `serviceAccount.name` - Name of the service account. If `serviceAccount.create` is enabled then the default will be generated from the release name and chart name. If `serviceAccount.create` is disabled then the default is `"default"`. -* `webhook.env` - List of environment variables to set in the webhook container. See [core/v1 Pod.spec.containers.env](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core) Default: `[]`. -* `webhook.image` - Image repository for the webhook controller. -* `webhook.logLevel` - Override the global logging level for the webhook container. Default: `""`. -* `webhook.port` - List on port. Default: `8443`. -* `webhook.resources` - Resource requests and limits for webhook container. See [core/v1 ResourceRequests](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#resourcerequirements-v1-core) for further information. Default: `{"requests":{"cpu": 1, "memory": "1Gi"}, "limits":{"cpu": 1, "memory": "1Gi"}}` -* `webhook.securityContext` - Controller container security context configuration. See [core/v1 Pod.spec.securityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core) for further information. Default: `{}`. diff --git a/stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml b/stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml deleted file mode 100644 index 95bb491e7..000000000 --- a/stable/aws-node-termination-handler-2/crds/node.k8s.aws_terminators.yaml +++ /dev/null @@ -1,171 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.8.0 - creationTimestamp: null - name: terminators.node.k8s.aws -spec: - group: node.k8s.aws - names: - kind: Terminator - listKind: TerminatorList - plural: terminators - singular: terminator - categories: - - all - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: Terminator is the Schema for the terminators API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TerminatorSpec defines the desired state of Terminator - type: object - properties: - matchLabels: - description: Action will only be taken if the target node has all the matching labels and values. - type: object - additionalProperties: - type: string - sqs: - description: AWS SQS queue configuration. - type: object - required: - - queueURL - properties: - queueURL: - description: | - The URL of the Amazon SQS queue from which messages are received. - - * Queue URLs and names are case-sensitive. - - * QueueURL is a required field - type: string - drain: - description: Configuration for the cordon and drain actions. - type: object - properties: - force: - description: Enable termination of pods without a controller. - type: boolean - default: true - gracePeriodSeconds: - description: Wait time for pods to terminate. If negative then the pod's configured gracetime will be used. - type: integer - default: -1 - ignoreAllDaemonSets: - description: Enable ignoring pods managed by a DaemonSet. - type: boolean - default: true - deleteEmptyDirData: - description: Enable termination of pods with local data that will be deleted. - type: boolean - default: true - timeoutSeconds: - description: Wait time before failing the action. If zero, then wait forever. - type: integer - default: 120 - events: - description: Specify what action should be taken when a particular message type is received. - type: object - properties: - autoScalingTermination: - type: string - enum: - - CordonAndDrain - - Cordon - - NoAction - default: CordonAndDrain - rebalanceRecommendation: - type: string - enum: - - CordonAndDrain - - Cordon - - NoAction - default: CordonAndDrain - scheduledChange: - type: string - enum: - - CordonAndDrain - - Cordon - - NoAction - default: CordonAndDrain - spotInterruption: - type: string - enum: - - CordonAndDrain - - Cordon - - NoAction - default: CordonAndDrain - stateChange: - type: string - enum: - - CordonAndDrain - - Cordon - - NoAction - default: CordonAndDrain - webhook: - description: Send notification of handled events. - type: object - properties: - url: - description: URL to send notifications. - type: string - proxyURL: - description: Proxy URL to use to send notifications. - type: string - headers: - description: HTTP headers to include when sending notifications. - type: array - items: - type: object - properties: - name: - description: Header name. - type: string - value: - description: Header value. - type: string - required: - - name - - value - default: - - name: "Content-Type" - value: "application/json" - template: - description: | - Used to generate the request payload. Template used to generate webhook request body. - The template may reference fields EventID, Kind, InstanceID, NodeName, and StartTime. - See https://pkg.go.dev/text/template documentation for template format examples and explanation. - type: string - default: '{"text":"[NTH][Instance Interruption] EventID: {{ .EventID }} - Kind: {{ .Kind }} - Instance: {{ .InstanceID }} - Node: {{ .NodeName }} - Start Time: {{ .StartTime }}"}' - status: - description: TerminatorStatus defines the observed state of Terminator - type: object - type: object - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/stable/aws-node-termination-handler-2/templates/_helpers.tpl b/stable/aws-node-termination-handler-2/templates/_helpers.tpl deleted file mode 100644 index 0b8b71feb..000000000 --- a/stable/aws-node-termination-handler-2/templates/_helpers.tpl +++ /dev/null @@ -1,65 +0,0 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "aws-node-termination-handler.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "aws-node-termination-handler.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "aws-node-termination-handler.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "aws-node-termination-handler.labels" -}} -helm.sh/chart: {{ include "aws-node-termination-handler.chart" . | quote }} -{{ include "aws-node-termination-handler.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service | quote }} -{{- with .Values.labels }} -{{ toYaml . }} -{{- end }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "aws-node-termination-handler.selectorLabels" -}} -app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . | quote }} -app.kubernetes.io/instance: {{ .Release.Name | quote }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "aws-node-termination-handler.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "aws-node-termination-handler.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/stable/aws-node-termination-handler-2/templates/clusterrole.yaml b/stable/aws-node-termination-handler-2/templates/clusterrole.yaml deleted file mode 100644 index d84f4d8ed..000000000 --- a/stable/aws-node-termination-handler-2/templates/clusterrole.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -rules: - - apiGroups: ["node.k8s.aws"] - resources: ["terminators"] - verbs: ["get", "list", "watch"] - - - apiGroups: ["node.k8s.aws"] - resources: ["terminators/status"] - verbs: ["create", "delete", "patch", "get", "list", "watch"] - - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "patch", "update", "watch"] - - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] - - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["get", "list", "watch"] - - - apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] - - - apiGroups: ["apps", "extensions"] - resources: ["daemonsets"] - verbs: ["get"] - - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - {{- if .Values.emitKubernetesEvents }} - - apiGroups: [""] - resources: ["events"] - verbs: ["create", "patch"] - {{- end }} -{{- end -}} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml b/stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml deleted file mode 100644 index 0cc179f5a..000000000 --- a/stable/aws-node-termination-handler-2/templates/clusterrole_binding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.create -}} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "aws-node-termination-handler.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "aws-node-termination-handler.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/configmap_logging.yaml b/stable/aws-node-termination-handler-2/templates/configmap_logging.yaml deleted file mode 100644 index 8608e7dbe..000000000 --- a/stable/aws-node-termination-handler-2/templates/configmap_logging.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config-logging - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -data: - zap-logger-config: {{ toJson .Values.logging | quote }} -{{- with .Values.controller.logLevel }} - loglevel.controller: {{ . | quote }} -{{- end }} -{{- with .Values.webhook.logLevel }} - loglevel.webhook: {{ . | quote }} -{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/deployment.yaml b/stable/aws-node-termination-handler-2/templates/deployment.yaml deleted file mode 100644 index 5369e4342..000000000 --- a/stable/aws-node-termination-handler-2/templates/deployment.yaml +++ /dev/null @@ -1,154 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - replicas: {{ .Values.pod.replicas }} - {{- with .Values.pod.updateStrategy }} - strategy: - {{- toYaml . | nindent 8 }} - {{- end }} - selector: - matchLabels: - {{- include "aws-node-termination-handler.selectorLabels" . | nindent 12 }} - template: - metadata: - labels: - {{- include "aws-node-termination-handler.selectorLabels" . | nindent 16 }} - {{- with .Values.pod.labels }} - {{- toYaml . | nindent 16 }} - {{- end }} - {{- with .Values.pod.annotations }} - annotations: - {{- toYaml . | nindent 16 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 16 }} - {{- end }} - serviceAccountName: {{ include "aws-node-termination-handler.serviceAccountName" . }} - {{- with .Values.pod.securityContext }} - securityContext: - {{- toYaml . | nindent 16 }} - {{- end }} - {{- with .Values.pod.priorityClassName }} - priorityClassName: {{ . | quote }} - {{- end }} - {{- with .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ . }} - {{- end }} - {{- if .Values.pod.hostNetwork }} - hostNetwork: true - {{- end }} - {{- with .Values.pod.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 16 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 16 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 16 }} - {{- end }} - containers: - - name: controller - image: {{ .Values.controller.image }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - {{- with .Values.controller.securityContext }} - securityContext: - {{- toYaml . | nindent 22 }} - {{- end }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.aws.region }} - - name: AWS_REGION - value: {{ . | quote}} - {{- end }} - {{- with .Values.controller.env }} - {{- toYaml . | nindent 22 }} - {{- end }} - ports: - - name: http-metrics - containerPort: 8080 - protocol: TCP - - name: http-probes - containerPort: 8081 - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: http-probes - readinessProbe: - httpGet: - path: /readyz - port: http-probes - {{- with .Values.controller.resources }} - resources: - {{- toYaml . | nindent 22 }} - {{- end }} - - name: webhook - image: {{ .Values.webhook.image }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - {{- with .Values.webhook.securityContext }} - securityContext: - {{- toYaml . | nindent 22 }} - {{- end }} - env: - - name: SERVICE_PORT - value: {{ .Values.webhook.port | quote }} - - name: SERVICE_NAME - value: {{ include "aws-node-termination-handler.fullname" . }} - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - {{- with .Values.aws.region }} - - name: AWS_REGION - value: {{ . | quote}} - {{- end }} - {{- with .Values.webhook.env }} - {{- toYaml . | nindent 26 }} - {{- end }} - ports: - - name: https-webhook - containerPort: {{ .Values.webhook.port }} - protocol: TCP - livenessProbe: - httpGet: - port: https-webhook - scheme: HTTPS - path: /healthz - readinessProbe: - httpGet: - port: https-webhook - scheme: HTTPS - path: /readyz - {{- with .Values.webhook.resources }} - resources: - {{- toYaml . | nindent 22 }} - {{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/role.yaml b/stable/aws-node-termination-handler-2/templates/role.yaml deleted file mode 100644 index 9384be97c..000000000 --- a/stable/aws-node-termination-handler-2/templates/role.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.rbac.create -}} -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -rules: - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "delete", "get", "list", "patch", "watch", "update"] - - - apiGroups: [""] - resources: ["events"] - verbs: ["get", "list", "watch"] - - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] - - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch"] - - - apiGroups: [""] - resources: ["secrets"] - resourceNames: ["{{ include "aws-node-termination-handler.fullname" . }}-cert"] - verbs: ["get", "list", "watch", "update"] - - - apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: ["create", "get", "patch", "update", "watch"] - -{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/role_binding.yaml b/stable/aws-node-termination-handler-2/templates/role_binding.yaml deleted file mode 100644 index 24ffbf062..000000000 --- a/stable/aws-node-termination-handler-2/templates/role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "aws-node-termination-handler.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "aws-node-termination-handler.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} diff --git a/stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml b/stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml deleted file mode 100644 index da7a9253c..000000000 --- a/stable/aws-node-termination-handler-2/templates/secret_webhook_cert.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }}-cert - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -data: {} # Injected by webhook diff --git a/stable/aws-node-termination-handler-2/templates/service.yaml b/stable/aws-node-termination-handler-2/templates/service.yaml deleted file mode 100644 index 7089aa08a..000000000 --- a/stable/aws-node-termination-handler-2/templates/service.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} -spec: - type: ClusterIP - selector: - {{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }} - ports: - - name: http-metrics - port: 8080 - protocol: TCP - targetPort: http-metrics - - name: http-probes - port: 8081 - protocol: TCP - targetPort: http-probes - - name: https-webhook - port: 443 - protocol: TCP - targetPort: https-webhook diff --git a/stable/aws-node-termination-handler-2/templates/serviceaccount.yaml b/stable/aws-node-termination-handler-2/templates/serviceaccount.yaml deleted file mode 100644 index 277d755bb..000000000 --- a/stable/aws-node-termination-handler-2/templates/serviceaccount.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "aws-node-termination-handler.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- if (or .Values.annotations .Values.serviceAccount.annotations "") }} - annotations: - {{- with .Values.annotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.serviceAccount.annotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/templates/webhooks.yaml b/stable/aws-node-termination-handler-2/templates/webhooks.yaml deleted file mode 100644 index db41d3e84..000000000 --- a/stable/aws-node-termination-handler-2/templates/webhooks.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: defaulting.webhook.terminators.k8s.aws - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - {{- toYaml . | nindent 8 }} - {{- end }} -webhooks: - - name: defaulting.webhook.terminators.k8s.aws - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - failurePolicy: Fail - sideEffects: None - rules: - - apiGroups: ["k8s.aws"] - apiVersions: ["v1alpha1"] - resources: ["terminators", "terminators/status"] - operations: ["CREATE", "UPDATE"] ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validation.webhook.terminators.k8s.aws - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 8 }} - {{- with .Values.annotations }} - {{- toYaml . | nindent 8 }} - {{- end }} -webhooks: - - name: validation.webhook.terminators.k8s.aws - admissionReviewVersions: ["v1"] - clientConfig: - service: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - failurePolicy: Fail - sideEffects: None - rules: - - apiGroups: ["k8s.aws"] - apiVersions: ["v1alpha1"] - resources: ["terminators", "terminators/status"] - operations: ["CREATE", "DELETE", "UPDATE"] \ No newline at end of file diff --git a/stable/aws-node-termination-handler-2/values.yaml b/stable/aws-node-termination-handler-2/values.yaml deleted file mode 100644 index f137c473c..000000000 --- a/stable/aws-node-termination-handler-2/values.yaml +++ /dev/null @@ -1,167 +0,0 @@ -# Annotation names and values to add to objects in the Helm release. -annotations: {} - -aws: - # AWS region name (e.g. "us-east-1") to use when making API calls. - region: "" - -controller: - # Environment variables. - env: [] - # Example: - # - name: AWS_REGION - # . value: eu-west-1 - - # Image to deploy. - image: "public.ecr.aws/aws-ec2/aws-node-termination-handler-2/controller:v2.0.0-beta" - - # Override global logging level. - logLevel: "" - - # Additional security context configuration for the controller pod. - securityContext: {} - - # Resources for the controller pod. - resources: - requests: - cpu: 1 - memory: 1Gi - limits: - cpu: 1 - memory: 1Gi - -# Override the Helm release name. Name will be truncated if longer than 63 characters. -fullnameOverride: "" - -# Policy on when to pull image. -# See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#container-v1-core -imagePullPolicy: IfNotPresent - -# Secrets for accessing image. -# See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core -imagePullSecrets: [] - -# Label names and values to add to objects in the Helm release. -labels: {} - -# Global logging configuration. -logging: - # Enable "debug mode" in logging module. May be useful during development. - development: false - # Disable annotating log messages with calling function's file name and line number. - disableCaller: true - # Disable stacktrace captures for all message levels. - disableStacktrace: true - # Logging module encoding mode. Possible values: `console`, `json`. - encoding: console - encoderConfig: - # Name of the caller field. - callerKey: caller - # Level encoder name. Possible values: `capital`, `capitalColor`, `color`; otherwise the level name - # will be encoded as lowercase. - levelEncoder: capital - # Name of the level field. - levelKey: level - # Name of the message field. - messageKey: message - # Name of the name field. - nameKey: logger - # Name of the stacktrace field. - stacktraceKey: stacktrace - # Time encoder name. Possible values: `iso8601`, `millis`, `nano`, `rfc3339`, `rfc3339nano`; - # otherwise the time will be encoded in epoch format. - timeEncoder: iso8601 - # Name of the time field. - timeKey: time - # List of paths to output internal errors from the logging module. Possible values: `stderr`, `stdout`; - # otherwise a valid file path. - errorOutputPaths: - - stderr - # Minimum message level to include in the log. Possible values: `debug`, `info`, `warn`, `error`, `panic`, - # `fatal`. - level: info - # List of additional output paths. Possible values: `stderr`, `stdout`; otherwise a valid file path. - outputPaths: - - stdout - sampling: - # Limit of initial messages per second to accept. - initial: 100 - # Limit of messages per second to accept after initial phase. - thereafter: 100 - -# Override the Helm chart name. Name will be truncated if longer than 63 characters. -nameOverride: "" - -pod: - # Annotations to apply to deployed pods. - annotations: {} - - # Request host network for pod. - hostNetwork: false - - # Labels to apply to deployed pods. - labels: {} - - # Node selector labels. - nodeSelector: - kubernetes.io/os: linux - - # Pod priority class. - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core - priorityClassName: "system-cluster-critical" - - # Number of instances to create. - replicas: 1 - - # Pod security group configuration. - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podsecuritycontext-v1-core - securityContext: - fsGroup: 1000 - - # Deployment update strategy configuration. - # See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#deploymentstrategy-v1-apps - updateStrategy: - type: Recreate - -rbac: - # Create the RBAC objects. May fail if RBAC objects already exist. - create: true - -serviceAccount: - # Create the service account. May fail if service account already exists. - create: true - - # Name of service account. If empty then a name will be generated. - name: "" - - # Annotations to add to the service account. - annotations: {} - # "eks.amazonaws.com/role-arn": - -webhook: - # Environment variables. - env: [] - # Example: - # - name: AWS_REGION - # . value: eu-west-1 - - # Image to deploy. - image: "public.ecr.aws/aws-ec2/aws-node-termination-handler-2/webhook:v2.0.0-beta" - - # Override global logging level. - logLevel: "" - - # Listen on port. - port: 8443 - - # Resources for the webhook pod. - resources: - requests: - cpu: 100m - memory: 50Mi - limits: - cpu: 100m - memory: 50Mi - - # Additional security context configuration for the webhook pod. - securityContext: {} diff --git a/stable/aws-node-termination-handler/.helmignore b/stable/aws-node-termination-handler/.helmignore deleted file mode 100644 index 69a523141..000000000 --- a/stable/aws-node-termination-handler/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -example-values*.yaml diff --git a/stable/aws-node-termination-handler/Chart.yaml b/stable/aws-node-termination-handler/Chart.yaml deleted file mode 100644 index b486f647f..000000000 --- a/stable/aws-node-termination-handler/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: aws-node-termination-handler -description: A Helm chart for the AWS Node Termination Handler. -type: application -version: 0.21.0 -appVersion: 1.19.0 -kubeVersion: ">= 1.16-0" -keywords: - - aws - - eks - - ec2 - - node-termination - - spot -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/aws-node-termination-handler/ - - https://github.com/aws/eks-charts/ -maintainers: - - name: Brandon Wagner - url: https://github.com/bwagner5 - email: bwagner5@users.noreply.github.com - - name: Jillian Kuentz - url: https://github.com/jillmon - email: jillmon@users.noreply.github.com diff --git a/stable/aws-node-termination-handler/README.md b/stable/aws-node-termination-handler/README.md deleted file mode 100644 index 2fe7d3911..000000000 --- a/stable/aws-node-termination-handler/README.md +++ /dev/null @@ -1,176 +0,0 @@ -# AWS Node Termination Handler - -AWS Node Termination Handler Helm chart for Kubernetes. For more information on this project see the project repo at [github.com/aws/aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler). - -## Prerequisites - -- _Kubernetes_ >= v1.16 - -## Installing the Chart - -Before you can install the chart you will need to add the `aws` repo to [Helm](https://helm.sh/). - -```shell -helm repo add eks https://aws.github.io/eks-charts/ -``` - -After you've installed the repo you can install the chart, the following command will install the chart with the release name `aws-node-termination-handler` and the default configuration to the `kube-system` namespace. - -```shell -helm upgrade --install --namespace kube-system aws-node-termination-handler eks/aws-node-termination-handler -``` - -To install the chart on an EKS cluster where the AWS Node Termination Handler is already installed, you can run the following command. - -```shell -helm upgrade --install --namespace kube-system aws-node-termination-handler eks/aws-node-termination-handler --recreate-pods --force -``` - -If you receive an error similar to the one below simply rerun the above command. - -> Error: release aws-node-termination-handler failed: "aws-node-termination-handler" already exists - -To uninstall the `aws-node-termination-handler` chart installation from the `kube-system` namespace run the following command. - -```shell -helm delete --namespace kube-system aws-node-termination-handler -``` - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. These values are split up into the [common configuration](#common-configuration) shared by all AWS Node Termination Handler modes, [queue configuration](#queue-processor-mode-configuration) used when AWS Node Termination Handler is in in queue-processor mode, and [IMDS configuration](#imds-mode-configuration) used when AWS Node Termination Handler is in IMDS mode; for more information about the different modes see the project [README](https://github.com/aws/aws-node-termination-handler/blob/main/README.md). - -### Common Configuration - -The configuration in this table applies to all AWS Node Termination Handler modes. - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | -| `image.repository` | Image repository. | `public.ecr.aws/aws-ec2/aws-node-termination-handler` | -| `image.tag` | Image tag. | `v{{ .Chart.AppVersion}}` | -| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets. | `[]` | -| `nameOverride` | Override the `name` of the chart. | `""` | -| `fullnameOverride` | Override the `fullname` of the chart. | `""` | -| `serviceAccount.create` | If `true`, create a new service account. | `true` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | `nil` | -| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | -| `rbac.create` | If `true`, create the RBAC resources. | `true` | -| `rbac.pspEnabled` | If `true`, create a pod security policy resource. Note: `PodSecurityPolicy`s will not be created when Kubernetes version is 1.25 or later. | `true` | -| `customLabels` | Labels to add to all resource metadata. | `{}` | -| `podLabels` | Labels to add to the pod. | `{}` | -| `podAnnotations` | Annotations to add to the pod. | `{}` | -| `podSecurityContext` | Security context for the pod. | _See values.yaml_ | -| `securityContext` | Security context for the _aws-node-termination-handler_ container. | _See values.yaml_ | -| `terminationGracePeriodSeconds` | The termination grace period for the pod. | `nil` | -| `resources` | Resource requests and limits for the _aws-node-termination-handler_ container. | `{}` | -| `nodeSelector` | Expressions to select a node by it's labels for pod assignment. In IMDS mode this has a higher priority than `daemonsetNodeSelector` (for backwards compatibility) but shouldn't be used. | `{}` | -| `affinity` | Affinity settings for pod assignment. In IMDS mode this has a higher priority than `daemonsetAffinity` (for backwards compatibility) but shouldn't be used. | `{}` | -| `tolerations` | Tolerations for pod assignment. In IMDS mode this has a higher priority than `daemonsetTolerations` (for backwards compatibility) but shouldn't be used. | `[]` | -| `extraEnv` | Additional environment variables for the _aws-node-termination-handler_ container. | `[]` | -| `probes` | The Kubernetes liveness probe configuration. | _See values.yaml_ | -| `logLevel` | Sets the log level (`info`,`debug`, or `error`) | `info` | -| `logFormatVersion` | Sets the log format version. Available versions: 1, 2. Version 1 refers to the format that has been used through v1.17.3. Version 2 offers more detail for the "event kind" and "reason", especially when operating in Queue Processor mode. | `1` | -| `jsonLogging` | If `true`, use JSON-formatted logs instead of human readable logs. | `false` | -| `enablePrometheusServer` | If `true`, start an http server exposing `/metrics` endpoint for _Prometheus_. | `false` | -| `prometheusServerPort` | Replaces the default HTTP port for exposing _Prometheus_ metrics. | `9092` | -| `dryRun` | If `true`, only log if a node would be drained. | `false` | -| `cordonOnly` | If `true`, nodes will be cordoned but not drained when an interruption event occurs. | `false` | -| `taintNode` | If `true`, nodes will be tainted when an interruption event occurs. Currently used taint keys are `aws-node-termination-handler/scheduled-maintenance`, `aws-node-termination-handler/spot-itn`, `aws-node-termination-handler/asg-lifecycle-termination` and `aws-node-termination-handler/rebalance-recommendation`. | `false` | -| `excludeFromLoadBalancers` | If `true`, nodes will be marked for exclusion from load balancers before they are cordoned. This applies the `node.kubernetes.io/exclude-from-external-load-balancers` label to enable the ServiceNodeExclusion feature gate. The label will not be modified or removed for nodes that already have it. | `false` | -| `deleteLocalData` | If `true`, continue even if there are pods using local data that will be deleted when the node is drained. | `true` | -| `ignoreDaemonSets` | If `true`, skip terminating daemon set managed pods. | `true` | -| `podTerminationGracePeriod` | The time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used, which defaults to 30 seconds if not specified for the pod. | `-1` | -| `nodeTerminationGracePeriod` | Period of time in seconds given to each node to terminate gracefully. Node draining will be scheduled based on this value to optimize the amount of compute time, but still safely drain the node before an event. | `120` | -| `emitKubernetesEvents` | If `true`, Kubernetes events will be emitted when interruption events are received and when actions are taken on Kubernetes nodes. In IMDS Processor mode a default set of annotations with all the node metadata gathered from IMDS will be attached to each event. More information [here](https://github.com/aws/aws-node-termination-handler/blob/main/docs/kubernetes_events.md). | `false` | -| `completeLifecycleActionDelaySeconds` | Pause after draining the node before completing the EC2 Autoscaling lifecycle action. This may be helpful if Pods on the node have Persistent Volume Claims. | -1 | -| `kubernetesEventsExtraAnnotations` | A comma-separated list of `key=value` extra annotations to attach to all emitted Kubernetes events (e.g. `first=annotation,sample.annotation/number=two"`). | `""` | -| `webhookURL` | Posts event data to URL upon instance interruption action. | `""` | -| `webhookURLSecretName` | Pass the webhook URL as a Secret using the key `webhookurl`. | `""` | -| `webhookHeaders` | Replace the default webhook headers (e.g. `{"Content-type":"application/json"}`). | `""` | -| `webhookProxy` | Uses the specified HTTP(S) proxy for sending webhook data. | `""` | -| `webhookTemplate` | Replaces the default webhook message template (e.g. `{"text":"[NTH][Instance Interruption] EventID: {{ .EventID }} - Kind: {{ .Kind }} - Instance: {{ .InstanceID }} - Node: {{ .NodeName }} - Description: {{ .Description }} - Start Time: {{ .StartTime }}"}`). | `""` | -| `webhookTemplateConfigMapName` | Pass the webhook template file as a configmap. | "``" | -| `webhookTemplateConfigMapKey` | Name of the Configmap key storing the template file. | `""` | -| `enableSqsTerminationDraining` | If `true`, this turns on queue-processor mode which drains nodes when an SQS termination event is received. | `false` | - -### Queue-Processor Mode Configuration - -The configuration in this table applies to AWS Node Termination Handler in queue-processor mode. - -| Parameter | Description | Default | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | -| `replicas` | The number of replicas in the deployment when using queue-processor mode (NOTE: increasing replicas may cause duplicate webhooks since pods are stateless). | `1` | -| `strategy` | Specify the update strategy for the deployment. | `{}` | -| `podDisruptionBudget` | Limit the disruption for controller pods, requires at least 2 controller replicas. | `{}` | -| `serviceMonitor.create` | If `true`, create a ServiceMonitor. This requires `enablePrometheusServer: true`. | `false` | -| `serviceMonitor.namespace` | Override ServiceMonitor _Helm_ release namespace. | `nil` | -| `serviceMonitor.labels` | Additional ServiceMonitor metadata labels. | `{}` | -| `serviceMonitor.interval` | _Prometheus_ scrape interval. | `30s` | -| `serviceMonitor.sampleLimit` | Number of scraped samples accepted. | `5000` | -| `priorityClassName` | Name of the PriorityClass to use for the Deployment. | `system-cluster-critical` | -| `awsRegion` | If specified, use the AWS region for AWS API calls, else NTH will try to find the region through the `AWS_REGION` environment variable, IMDS, or the specified queue URL. | `""` | -| `queueURL` | Listens for messages on the specified SQS queue URL. | `""` | -| `workers` | The maximum amount of parallel event processors to handle concurrent events. | `10` | -| `checkTagBeforeDraining` | If `true`, check that the instance is tagged with the `managedTag` before draining the node. | `true` | -| `managedTag` | The node tag to check if `checkTagBeforeDraining` is `true`. | `aws-node-termination-handler/managed` | -| `checkASGTagBeforeDraining` | [DEPRECATED](Use `checkTagBeforeDraining` instead) If `true`, check that the instance is tagged with the `managedAsgTag` before draining the node. If `false`, disables calls ASG API. | `true` | -| `managedAsgTag` | [DEPRECATED](Use `managedTag` instead) The node tag to check if `checkASGTagBeforeDraining` is `true`. -| `useProviderId` | If `true`, fetch node name through Kubernetes node spec ProviderID instead of AWS event PrivateDnsHostname. | `false` | - -### IMDS Mode Configuration - -The configuration in this table applies to AWS Node Termination Handler in IMDS mode. - -| Parameter | Description | Default | -| -------------------------------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------| -| `targetNodeOs` | Space separated list of node OS's to target (e.g. `"linux"`, `"windows"`, `"linux windows"`). Windows support is **EXPERIMENTAL**. | `"linux"` | -| `linuxPodLabels` | Labels to add to each Linux pod. | `{}` | -| `windowsPodLabels` | Labels to add to each Windows pod. | `{}` | -| `linuxPodAnnotations` | Annotations to add to each Linux pod. | `{}` | -| `windowsPodAnnotations` | Annotations to add to each Windows pod. | `{}` | -| `updateStrategy` | Update strategy for the all DaemonSets. | _See values.yaml_ | -| `daemonsetPriorityClassName` | Name of the PriorityClass to use for all DaemonSets. | `system-node-critical` | -| `podMonitor.create` | If `true`, create a PodMonitor. This requires `enablePrometheusServer: true`. | `false` | -| `podMonitor.namespace` | Override PodMonitor _Helm_ release namespace. | `nil` | -| `podMonitor.labels` | Additional PodMonitor metadata labels | `{}` | -| `podMonitor.interval` | _Prometheus_ scrape interval. | `30s` | -| `podMonitor.sampleLimit` | Number of scraped samples accepted. | `5000` | -| `useHostNetwork` | If `true`, enables `hostNetwork` for the Linux DaemonSet. NOTE: setting this to `false` may cause issues accessing IMDSv2 if your account is not configured with an IP hop count of 2 see [Metrics Endpoint Considerations](#metrics-endpoint-considerations) | `true` | -| `dnsPolicy` | If specified, this overrides `linuxDnsPolicy` and `windowsDnsPolicy` with a single policy. | `""` | -| `dnsConfig` | If specified, this sets the dnsConfig: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config | `{}` | -| `linuxDnsPolicy` | DNS policy for the Linux DaemonSet. | `""` | -| `windowsDnsPolicy` | DNS policy for the Windows DaemonSet. | `""` | -| `daemonsetNodeSelector` | Expressions to select a node by it's labels for DaemonSet pod assignment. For backwards compatibility the `nodeSelector` value has priority over this but shouldn't be used. | `{}` | -| `linuxNodeSelector` | Override `daemonsetNodeSelector` for the Linux DaemonSet. | `{}` | -| `windowsNodeSelector` | Override `daemonsetNodeSelector` for the Windows DaemonSet. | `{}` | -| `daemonsetAffinity` | Affinity settings for DaemonSet pod assignment. For backwards compatibility the `affinity` has priority over this but shouldn't be used. | `{}` | -| `linuxAffinity` | Override `daemonsetAffinity` for the Linux DaemonSet. | `{}` | -| `windowsAffinity` | Override `daemonsetAffinity` for the Windows DaemonSet. | `{}` | -| `daemonsetTolerations` | Tolerations for DaemonSet pod assignment. For backwards compatibility the `tolerations` has priority over this but shouldn't be used. | `[]` | -| `linuxTolerations` | Override `daemonsetTolerations` for the Linux DaemonSet. | `[]` | -| `windowsTolerations` | Override `daemonsetTolerations` for the Linux DaemonSet. | `[]` | -| `enableProbesServer` | If `true`, start an http server exposing `/healthz` endpoint for probes. | `false` | -| `metadataTries` | The number of times to try requesting metadata. | `3` | -| `enableSpotInterruptionDraining` | If `true`, drain nodes when the spot interruption termination notice is received. Only used in IMDS mode. | `true` | -| `enableScheduledEventDraining` | If `true`, drain nodes before the maintenance window starts for an EC2 instance scheduled event. Only used in IMDS mode. | `true` | -| `enableRebalanceMonitoring` | If `true`, cordon nodes when the rebalance recommendation notice is received. If you'd like to drain the node in addition to cordoning, then also set `enableRebalanceDraining`. Only used in IMDS mode. | `false` | -| `enableRebalanceDraining` | If `true`, drain nodes when the rebalance recommendation notice is received. Only used in IMDS mode. | `false` | - -### Testing Configuration - -The configuration in this table applies to AWS Node Termination Handler testing and is **NOT RECOMMENDED** FOR PRODUCTION DEPLOYMENTS. - -| Parameter | Description | Default | -| --------------------- | --------------------------------------------------------------------------------- | -------------- | -| `awsEndpoint` | (Used for testing) If specified, use the provided AWS endpoint to make API calls. | `""` | -| `awsSecretAccessKey` | (Used for testing) Pass-thru environment variable. | `nil` | -| `awsAccessKeyID` | (Used for testing) Pass-thru environment variable. | `nil` | -| `instanceMetadataURL` | (Used for testing) If specified, use the provided metadata URL. | `""` | -| `procUptimeFile` | (Used for Testing) Specify the uptime file. | `/proc/uptime` | - -## Metrics Endpoint Considerations - -AWS Node Termination HAndler in IMDS mode runs as a DaemonSet with `useHostNetwork: true` by default. If the Prometheus server is enabled with `enablePrometheusServer: true` nothing else will be able to bind to the configured port (by default `prometheusServerPort: 9092`) in the root network namespace. Therefore, it will need to have a firewall/security group configured on the nodes to block access to the `/metrics` endpoint. - -You can switch NTH in IMDS mode to run w/ `useHostNetwork: false`, but you will need to make sure that IMDSv1 is enabled or IMDSv2 IP hop count will need to be incremented to 2 (see the [IMDSv2 documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html). diff --git a/stable/aws-node-termination-handler/example-values-imds-linux.yaml b/stable/aws-node-termination-handler/example-values-imds-linux.yaml deleted file mode 100644 index c0df26ca0..000000000 --- a/stable/aws-node-termination-handler/example-values-imds-linux.yaml +++ /dev/null @@ -1,5 +0,0 @@ -enableSqsTerminationDraining: false - -targetNodeOs: linux - -enableProbesServer: true diff --git a/stable/aws-node-termination-handler/example-values-imds-windows.yaml b/stable/aws-node-termination-handler/example-values-imds-windows.yaml deleted file mode 100644 index 193978eae..000000000 --- a/stable/aws-node-termination-handler/example-values-imds-windows.yaml +++ /dev/null @@ -1,5 +0,0 @@ -enableSqsTerminationDraining: false - -targetNodeOs: windows - -enableProbesServer: true diff --git a/stable/aws-node-termination-handler/example-values-queue.yaml b/stable/aws-node-termination-handler/example-values-queue.yaml deleted file mode 100644 index fd204ab5e..000000000 --- a/stable/aws-node-termination-handler/example-values-queue.yaml +++ /dev/null @@ -1,13 +0,0 @@ -serviceAccount: - annotations: - eks.amazonaws.com/role-arn: arn:aws:iam::99999999:role/nth-role - -resources: - requests: - cpu: 100m - memory: 128Mi - limits: - cpu: 500m - memory: 256Mi - -enableSqsTerminationDraining: true diff --git a/stable/aws-node-termination-handler/templates/NOTES.txt b/stable/aws-node-termination-handler/templates/NOTES.txt deleted file mode 100644 index d0aaf70c6..000000000 --- a/stable/aws-node-termination-handler/templates/NOTES.txt +++ /dev/null @@ -1,8 +0,0 @@ -*********************************************************************** -* AWS Node Termination Handler * -*********************************************************************** - Chart version: {{ .Chart.Version }} - App version: {{ .Chart.AppVersion }} - Image tag: {{ include "aws-node-termination-handler.image" . }} - Mode : {{ if .Values.enableSqsTerminationDraining }}Queue Processor{{ else }}IMDS{{ end }} -*********************************************************************** diff --git a/stable/aws-node-termination-handler/templates/_helpers.tpl b/stable/aws-node-termination-handler/templates/_helpers.tpl deleted file mode 100644 index 3513d2a97..000000000 --- a/stable/aws-node-termination-handler/templates/_helpers.tpl +++ /dev/null @@ -1,124 +0,0 @@ -{{/* vim: set filetype=mustache: */}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "aws-node-termination-handler.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "aws-node-termination-handler.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Equivalent to "aws-node-termination-handler.fullname" except that "-win" indicator is appended to the end. -Name will not exceed 63 characters. -*/}} -{{- define "aws-node-termination-handler.fullnameWindows" -}} -{{- include "aws-node-termination-handler.fullname" . | trunc 59 | trimSuffix "-" | printf "%s-win" -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "aws-node-termination-handler.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "aws-node-termination-handler.labels" -}} -{{ include "aws-node-termination-handler.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/part-of: {{ .Release.Name }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -helm.sh/chart: {{ include "aws-node-termination-handler.chart" . }} -{{- with .Values.customLabels }} -{{ toYaml . }} -{{- end }} -{{- end -}} - -{{/* -Deployment labels -*/}} -{{- define "aws-node-termination-handler.labelsDeployment" -}} -{{ include "aws-node-termination-handler.labels" . }} -app.kubernetes.io/component: deployment -{{- end -}} - -{{/* -Daemonset labels -*/}} -{{- define "aws-node-termination-handler.labelsDaemonset" -}} -{{ include "aws-node-termination-handler.labels" . }} -app.kubernetes.io/component: daemonset -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "aws-node-termination-handler.selectorLabels" -}} -app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Selector labels for the deployment -*/}} -{{- define "aws-node-termination-handler.selectorLabelsDeployment" -}} -{{ include "aws-node-termination-handler.selectorLabels" . }} -app.kubernetes.io/component: deployment -{{- end -}} - -{{/* -Selector labels for the daemonset -*/}} -{{- define "aws-node-termination-handler.selectorLabelsDaemonset" -}} -{{ include "aws-node-termination-handler.selectorLabels" . }} -app.kubernetes.io/component: daemonset -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "aws-node-termination-handler.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "aws-node-termination-handler.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -The image to use -*/}} -{{- define "aws-node-termination-handler.image" -}} -{{- printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) .Values.image.tag) }} -{{- end }} - -{{/* Get PodDisruptionBudget API Version */}} -{{- define "aws-node-termination-handler.pdb.apiVersion" -}} - {{- if and (.Capabilities.APIVersions.Has "policy/v1") (semverCompare ">= 1.21-0" .Capabilities.KubeVersion.Version) -}} - {{- print "policy/v1" -}} - {{- else -}} - {{- print "policy/v1beta1" -}} - {{- end -}} -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/clusterrole.yaml b/stable/aws-node-termination-handler/templates/clusterrole.yaml deleted file mode 100644 index 43c2b030b..000000000 --- a/stable/aws-node-termination-handler/templates/clusterrole.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} -rules: -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update -- apiGroups: - - "" - resources: - - pods - verbs: - - list - - get -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -- apiGroups: - - extensions - resources: - - daemonsets - verbs: - - get -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get -{{- if .Values.emitKubernetesEvents }} -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -{{- end }} -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/clusterrolebinding.yaml b/stable/aws-node-termination-handler/templates/clusterrolebinding.yaml deleted file mode 100644 index 1058df1b1..000000000 --- a/stable/aws-node-termination-handler/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ include "aws-node-termination-handler.fullname" . }} -subjects: - - kind: ServiceAccount - name: {{ template "aws-node-termination-handler.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/daemonset.linux.yaml b/stable/aws-node-termination-handler/templates/daemonset.linux.yaml deleted file mode 100644 index 95e4b50f5..000000000 --- a/stable/aws-node-termination-handler/templates/daemonset.linux.yaml +++ /dev/null @@ -1,210 +0,0 @@ -{{- if and (not .Values.enableSqsTerminationDraining) (lower .Values.targetNodeOs | contains "linux") -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labelsDaemonset" . | nindent 4 }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "aws-node-termination-handler.selectorLabelsDaemonset" . | nindent 6 }} - kubernetes.io/os: linux - template: - metadata: - labels: - {{- include "aws-node-termination-handler.selectorLabelsDaemonset" . | nindent 8 }} - kubernetes.io/os: linux - k8s-app: aws-node-termination-handler - {{- with (mergeOverwrite (dict) .Values.podLabels .Values.linuxPodLabels) }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or .Values.podAnnotations .Values.linuxPodAnnotations }} - annotations: - {{- toYaml (mergeOverwrite (dict) .Values.podAnnotations .Values.linuxPodAnnotations) | nindent 8 }} - {{- end }} - spec: - {{- with .Values.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "aws-node-termination-handler.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.daemonsetPriorityClassName }} - priorityClassName: {{ . }} - {{- end }} - {{- with .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ . }} - {{- end }} - hostNetwork: {{ .Values.useHostNetwork }} - dnsPolicy: {{ default .Values.linuxDnsPolicy .Values.dnsPolicy }} - {{- with .Values.dnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: aws-node-termination-handler - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: {{ include "aws-node-termination-handler.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_PROBES_SERVER - value: {{ .Values.enableProbesServer | quote }} - - name: PROBES_SERVER_PORT - value: {{ .Values.probes.httpGet.port | quote }} - - name: PROBES_SERVER_ENDPOINT - value: {{ .Values.probes.httpGet.path | quote }} - - name: LOG_LEVEL - value: {{ .Values.logLevel | quote }} - - name: JSON_LOGGING - value: {{ .Values.jsonLogging | quote }} - - name: LOG_FORMAT_VERSION - value: {{ .Values.logFormatVersion | quote }} - - name: ENABLE_PROMETHEUS_SERVER - value: {{ .Values.enablePrometheusServer | quote }} - - name: PROMETHEUS_SERVER_PORT - value: {{ .Values.prometheusServerPort | quote }} - {{- with .Values.instanceMetadataURL }} - - name: INSTANCE_METADATA_URL - value: {{ . | quote }} - {{- end }} - - name: METADATA_TRIES - value: {{ .Values.metadataTries | quote }} - - name: DRY_RUN - value: {{ .Values.dryRun | quote }} - - name: CORDON_ONLY - value: {{ .Values.cordonOnly | quote }} - - name: TAINT_NODE - value: {{ .Values.taintNode | quote }} - - name: EXCLUDE_FROM_LOAD_BALANCERS - value: {{ .Values.excludeFromLoadBalancers | quote }} - - name: DELETE_LOCAL_DATA - value: {{ .Values.deleteLocalData | quote }} - - name: IGNORE_DAEMON_SETS - value: {{ .Values.ignoreDaemonSets | quote }} - - name: POD_TERMINATION_GRACE_PERIOD - value: {{ .Values.podTerminationGracePeriod | quote }} - - name: NODE_TERMINATION_GRACE_PERIOD - value: {{ .Values.nodeTerminationGracePeriod | quote }} - - name: EMIT_KUBERNETES_EVENTS - value: {{ .Values.emitKubernetesEvents | quote }} - {{- with .Values.kubernetesEventsExtraAnnotations }} - - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS - value: {{ . | quote }} - {{- end }} - {{- if or .Values.webhookURL .Values.webhookURLSecretName }} - - name: WEBHOOK_URL - {{- if .Values.webhookURLSecretName }} - valueFrom: - secretKeyRef: - name: {{ .Values.webhookURLSecretName }} - key: webhookurl - {{- else }} - value: {{ .Values.webhookURL | quote }} - {{- end }} - {{- end }} - {{- with .Values.webhookHeaders }} - - name: WEBHOOK_HEADERS - value: {{ . | quote }} - {{- end }} - {{- with .Values.webhookProxy }} - - name: WEBHOOK_PROXY - value: {{ . | quote }} - {{- end }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - - name: WEBHOOK_TEMPLATE_FILE - value: {{ print "/config/" .Values.webhookTemplateConfigMapKey | quote }} - {{- else if .Values.webhookTemplate }} - - name: WEBHOOK_TEMPLATE - value: {{ .Values.webhookTemplate | quote }} - {{- end }} - - name: ENABLE_SPOT_INTERRUPTION_DRAINING - value: {{ .Values.enableSpotInterruptionDraining | quote }} - - name: ENABLE_SCHEDULED_EVENT_DRAINING - value: {{ .Values.enableScheduledEventDraining | quote }} - - name: ENABLE_REBALANCE_MONITORING - value: {{ .Values.enableRebalanceMonitoring | quote }} - - name: ENABLE_REBALANCE_DRAINING - value: {{ .Values.enableRebalanceDraining | quote }} - - name: ENABLE_SQS_TERMINATION_DRAINING - value: "false" - - name: UPTIME_FROM_FILE - value: {{ .Values.procUptimeFile | quote }} - {{- with .Values.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if or .Values.enablePrometheusServer .Values.enableProbesServer }} - ports: - {{- if .Values.enableProbesServer }} - - name: liveness-probe - protocol: TCP - containerPort: {{ .Values.probes.httpGet.port }} - {{- end }} - {{- if .Values.enablePrometheusServer }} - - name: http-metrics - protocol: TCP - containerPort: {{ .Values.prometheusServerPort }} - {{- end }} - {{- end }} - {{- if .Values.enableProbesServer }} - livenessProbe: - {{- toYaml .Values.probes | nindent 12 }} - {{- end }} - {{- with .Values.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - volumeMounts: - - name: uptime - mountPath: {{ .Values.procUptimeFile }} - readOnly: true - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - - name: webhook-template - mountPath: /config/ - {{- end }} - volumes: - - name: uptime - hostPath: - path: {{ .Values.procUptimeFile | default "/proc/uptime" }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - - name: webhook-template - configMap: - name: {{ .Values.webhookTemplateConfigMapName }} - {{- end }} - nodeSelector: - kubernetes.io/os: linux - {{- with default .Values.daemonsetNodeSelector (default .Values.nodeSelector .Values.linuxNodeSelector) }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or .Values.daemonsetAffinity (or .Values.affinity .Values.linuxAffinity) }} - affinity: - {{- toYaml (default .Values.daemonsetAffinity (default .Values.affinity .Values.linuxAffinity)) | nindent 8 }} - {{- end }} - {{- if or .Values.daemonsetTolerations (or .Values.tolerations .Values.linuxTolerations) }} - tolerations: - {{- toYaml (default .Values.daemonsetTolerations (default .Values.tolerations .Values.linuxTolerations )) | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/daemonset.windows.yaml b/stable/aws-node-termination-handler/templates/daemonset.windows.yaml deleted file mode 100644 index 8a9db7bfc..000000000 --- a/stable/aws-node-termination-handler/templates/daemonset.windows.yaml +++ /dev/null @@ -1,204 +0,0 @@ -{{- if and (not .Values.enableSqsTerminationDraining) (lower .Values.targetNodeOs | contains "windows") -}} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "aws-node-termination-handler.fullnameWindows" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labelsDaemonset" . | nindent 4 }} -spec: - {{- with .Values.updateStrategy }} - updateStrategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "aws-node-termination-handler.selectorLabelsDaemonset" . | nindent 6 }} - kubernetes.io/os: windows - template: - metadata: - labels: - {{- include "aws-node-termination-handler.selectorLabelsDaemonset" . | nindent 8 }} - kubernetes.io/os: windows - k8s-app: aws-node-termination-handler - {{- with (mergeOverwrite (dict) .Values.podLabels .Values.windowsPodLabels) }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or .Values.podAnnotations .Values.windowsPodAnnotations }} - annotations: - {{- toYaml (mergeOverwrite (dict) .Values.podAnnotations .Values.windowsPodAnnotations) | nindent 8 }} - {{- end }} - spec: - {{- with .Values.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "aws-node-termination-handler.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.daemonsetPriorityClassName }} - priorityClassName: {{ . }} - {{- end }} - {{- with .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ . }} - {{- end }} - hostNetwork: false - dnsPolicy: {{ default .Values.windowsDnsPolicy .Values.dnsPolicy }} - {{- with .Values.dnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: aws-node-termination-handler - {{- with unset .Values.securityContext "runAsUser" }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: {{ include "aws-node-termination-handler.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_PROBES_SERVER - value: {{ .Values.enableProbesServer | quote }} - - name: PROBES_SERVER_PORT - value: {{ .Values.probes.httpGet.port | quote }} - - name: PROBES_SERVER_ENDPOINT - value: {{ .Values.probes.httpGet.path | quote }} - - name: LOG_LEVEL - value: {{ .Values.logLevel | quote }} - - name: JSON_LOGGING - value: {{ .Values.jsonLogging | quote }} - - name: LOG_FORMAT_VERSION - value: {{ .Values.logFormatVersion | quote }} - - name: ENABLE_PROMETHEUS_SERVER - value: {{ .Values.enablePrometheusServer | quote }} - - name: PROMETHEUS_SERVER_PORT - value: {{ .Values.prometheusServerPort | quote }} - {{- with .Values.instanceMetadataURL }} - - name: INSTANCE_METADATA_URL - value: {{ . | quote }} - {{- end }} - - name: METADATA_TRIES - value: {{ .Values.metadataTries | quote }} - - name: DRY_RUN - value: {{ .Values.dryRun | quote }} - - name: CORDON_ONLY - value: {{ .Values.cordonOnly | quote }} - - name: TAINT_NODE - value: {{ .Values.taintNode | quote }} - - name: EXCLUDE_FROM_LOAD_BALANCERS - value: {{ .Values.excludeFromLoadBalancers | quote }} - - name: DELETE_LOCAL_DATA - value: {{ .Values.deleteLocalData | quote }} - - name: IGNORE_DAEMON_SETS - value: {{ .Values.ignoreDaemonSets | quote }} - - name: POD_TERMINATION_GRACE_PERIOD - value: {{ .Values.podTerminationGracePeriod | quote }} - - name: NODE_TERMINATION_GRACE_PERIOD - value: {{ .Values.nodeTerminationGracePeriod | quote }} - - name: EMIT_KUBERNETES_EVENTS - value: {{ .Values.emitKubernetesEvents | quote }} - {{- with .Values.kubernetesEventsExtraAnnotations }} - - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS - value: {{ . | quote }} - {{- end }} - {{- if or .Values.webhookURL .Values.webhookURLSecretName }} - - name: WEBHOOK_URL - {{- if .Values.webhookURLSecretName }} - valueFrom: - secretKeyRef: - name: {{ .Values.webhookURLSecretName }} - key: webhookurl - {{- else }} - value: {{ .Values.webhookURL | quote }} - {{- end }} - {{- end }} - {{- with .Values.webhookHeaders }} - - name: WEBHOOK_HEADERS - value: {{ . | quote }} - {{- end }} - {{- with .Values.webhookProxy }} - - name: WEBHOOK_PROXY - value: {{ . | quote }} - {{- end }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - - name: WEBHOOK_TEMPLATE_FILE - value: {{ print "/config/" .Values.webhookTemplateConfigMapKey | quote }} - {{- else if .Values.webhookTemplate }} - - name: WEBHOOK_TEMPLATE - value: {{ .Values.webhookTemplate | quote }} - {{- end }} - - name: ENABLE_SPOT_INTERRUPTION_DRAINING - value: {{ .Values.enableSpotInterruptionDraining | quote }} - - name: ENABLE_SCHEDULED_EVENT_DRAINING - value: {{ .Values.enableScheduledEventDraining | quote }} - - name: ENABLE_REBALANCE_MONITORING - value: {{ .Values.enableRebalanceMonitoring | quote }} - - name: ENABLE_REBALANCE_DRAINING - value: {{ .Values.enableRebalanceDraining | quote }} - - name: ENABLE_SQS_TERMINATION_DRAINING - value: "false" - {{- with .Values.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if or .Values.enablePrometheusServer .Values.enableProbesServer }} - ports: - {{- if .Values.enableProbesServer }} - - name: liveness-probe - protocol: TCP - containerPort: {{ .Values.probes.httpGet.port }} - hostPort: {{ .Values.probes.httpGet.port }} - {{- end }} - {{- if .Values.enablePrometheusServer }} - - name: http-metrics - protocol: TCP - containerPort: {{ .Values.prometheusServerPort }} - hostPort: {{ .Values.prometheusServerPort }} - {{- end }} - {{- end }} - {{- if .Values.enableProbesServer }} - livenessProbe: - {{- toYaml .Values.probes | nindent 12 }} - {{- end }} - {{- with .Values.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - volumeMounts: - - name: webhook-template - mountPath: /config/ - {{- end }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - volumes: - - name: webhook-template - configMap: - name: {{ .Values.webhookTemplateConfigMapName }} - {{- end }} - nodeSelector: - kubernetes.io/os: windows - {{- with default .Values.daemonsetNodeSelector (default .Values.nodeSelector .Values.windowsNodeSelector) }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if or .Values.daemonsetAffinity (or .Values.affinity .Values.windowsAffinity) }} - affinity: - {{- toYaml (default .Values.daemonsetAffinity (default .Values.affinity .Values.windowsAffinity )) | nindent 8 }} - {{- end }} - {{- if or .Values.daemonsetTolerations (or .Values.tolerations .Values.windowsTolerations) }} - tolerations: - {{- toYaml (default .Values.daemonsetTolerations (default .Values.tolerations .Values.windowsTolerations )) | nindent 8 }} - {{- end }} -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/deployment.yaml b/stable/aws-node-termination-handler/templates/deployment.yaml deleted file mode 100644 index 3024e42f5..000000000 --- a/stable/aws-node-termination-handler/templates/deployment.yaml +++ /dev/null @@ -1,211 +0,0 @@ -{{- if .Values.enableSqsTerminationDraining }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labelsDeployment" . | nindent 4 }} -spec: - replicas: {{ .Values.replicas }} - {{- with .Values.strategy }} - strategy: - {{- toYaml . | nindent 4 }} - {{- end }} - selector: - matchLabels: - {{- include "aws-node-termination-handler.selectorLabelsDeployment" . | nindent 6 }} - template: - metadata: - labels: - {{- include "aws-node-termination-handler.selectorLabelsDeployment" . | nindent 8 }} - k8s-app: aws-node-termination-handler - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.image.pullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "aws-node-termination-handler.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }} - {{- with .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ . }} - {{- end }} - {{- with .Values.dnsConfig }} - dnsConfig: - {{- toYaml . | nindent 8 }} - {{- end }} - containers: - - name: aws-node-termination-handler - {{- with .Values.securityContext }} - securityContext: - {{- toYaml . | nindent 12 }} - {{- end }} - image: {{ include "aws-node-termination-handler.image" . }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_PROBES_SERVER - value: "true" - - name: PROBES_SERVER_PORT - value: {{ .Values.probes.httpGet.port | quote }} - - name: PROBES_SERVER_ENDPOINT - value: {{ .Values.probes.httpGet.path | quote }} - - name: LOG_LEVEL - value: {{ .Values.logLevel | quote }} - - name: JSON_LOGGING - value: {{ .Values.jsonLogging | quote }} - - name: LOG_FORMAT_VERSION - value: {{ .Values.logFormatVersion | quote }} - - name: ENABLE_PROMETHEUS_SERVER - value: {{ .Values.enablePrometheusServer | quote }} - - name: PROMETHEUS_SERVER_PORT - value: {{ .Values.prometheusServerPort | quote }} - # [DEPRECATED] Use CHECK_TAG_BEFORE_DRAINING instead - - name: CHECK_ASG_TAG_BEFORE_DRAINING - value: {{ .Values.checkASGTagBeforeDraining | quote }} - - name: CHECK_TAG_BEFORE_DRAINING - value: {{ .Values.checkTagBeforeDraining | quote }} - # [DEPRECATED] Use MANAGED_TAG instead - - name: MANAGED_ASG_TAG - value: {{ .Values.managedAsgTag | quote }} - - name: MANAGED_TAG - value: {{ .Values.managedTag | quote }} - - name: USE_PROVIDER_ID - value: {{ .Values.useProviderId | quote }} - - name: DRY_RUN - value: {{ .Values.dryRun | quote }} - - name: CORDON_ONLY - value: {{ .Values.cordonOnly | quote }} - - name: TAINT_NODE - value: {{ .Values.taintNode | quote }} - - name: EXCLUDE_FROM_LOAD_BALANCERS - value: {{ .Values.excludeFromLoadBalancers | quote }} - - name: DELETE_LOCAL_DATA - value: {{ .Values.deleteLocalData | quote }} - - name: IGNORE_DAEMON_SETS - value: {{ .Values.ignoreDaemonSets | quote }} - - name: POD_TERMINATION_GRACE_PERIOD - value: {{ .Values.podTerminationGracePeriod | quote }} - - name: NODE_TERMINATION_GRACE_PERIOD - value: {{ .Values.nodeTerminationGracePeriod | quote }} - - name: EMIT_KUBERNETES_EVENTS - value: {{ .Values.emitKubernetesEvents | quote }} - - name: COMPLETE_LIFECYCLE_ACTION_DELAY_SECONDS - value: {{ .Values.completeLifecycleActionDelaySeconds | quote }} - {{- with .Values.kubernetesEventsExtraAnnotations }} - - name: KUBERNETES_EVENTS_EXTRA_ANNOTATIONS - value: {{ . | quote }} - {{- end }} - {{- if or .Values.webhookURL .Values.webhookURLSecretName }} - - name: WEBHOOK_URL - {{- if .Values.webhookURLSecretName }} - valueFrom: - secretKeyRef: - name: {{ .Values.webhookURLSecretName }} - key: webhookurl - {{- else }} - value: {{ .Values.webhookURL | quote }} - {{- end }} - {{- end }} - {{- with .Values.webhookHeaders }} - - name: WEBHOOK_HEADERS - value: {{ . | quote }} - {{- end }} - {{- with .Values.webhookProxy }} - - name: WEBHOOK_PROXY - value: {{ . | quote }} - {{- end }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - - name: WEBHOOK_TEMPLATE_FILE - value: {{ print "/config/" .Values.webhookTemplateConfigMapKey | quote }} - {{- else if .Values.webhookTemplate }} - - name: WEBHOOK_TEMPLATE - value: {{ .Values.webhookTemplate | quote }} - {{- end }} - - name: ENABLE_SQS_TERMINATION_DRAINING - value: "true" - {{- with .Values.awsRegion }} - - name: AWS_REGION - value: {{ . | quote }} - {{- end }} - {{- with .Values.awsEndpoint }} - - name: AWS_ENDPOINT - value: {{ . | quote }} - {{- end }} - {{- if and .Values.awsAccessKeyID .Values.awsSecretAccessKey }} - - name: AWS_ACCESS_KEY_ID - value: {{ .Values.awsAccessKeyID | quote }} - - name: AWS_SECRET_ACCESS_KEY - value: {{ .Values.awsSecretAccessKey | quote }} - {{- end }} - - name: QUEUE_URL - value: {{ .Values.queueURL | quote }} - - name: WORKERS - value: {{ .Values.workers | quote }} - {{- with .Values.extraEnv }} - {{- toYaml . | nindent 12 }} - {{- end }} - ports: - - name: liveness-probe - protocol: TCP - containerPort: {{ .Values.probes.httpGet.port }} - {{- if .Values.enablePrometheusServer }} - - name: http-metrics - protocol: TCP - containerPort: {{ .Values.prometheusServerPort }} - {{- end }} - livenessProbe: - {{- toYaml .Values.probes | nindent 12 }} - {{- with .Values.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - volumeMounts: - - name: webhook-template - mountPath: /config/ - {{- end }} - {{- if and .Values.webhookTemplateConfigMapName .Values.webhookTemplateConfigMapKey }} - volumes: - - name: webhook-template - configMap: - name: {{ .Values.webhookTemplateConfigMapName }} - {{- end }} - nodeSelector: - kubernetes.io/os: linux - {{- with .Values.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/stable/aws-node-termination-handler/templates/pdb.yaml b/stable/aws-node-termination-handler/templates/pdb.yaml deleted file mode 100644 index 7f43ab299..000000000 --- a/stable/aws-node-termination-handler/templates/pdb.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and .Values.enableSqsTerminationDraining (and .Values.podDisruptionBudget (gt (int .Values.replicas) 1)) }} -apiVersion: {{ include "aws-node-termination-handler.pdb.apiVersion" . }} -kind: PodDisruptionBudget -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "aws-node-termination-handler.selectorLabelsDeployment" . | nindent 6 }} - {{- toYaml .Values.podDisruptionBudget | nindent 2 }} -{{- end }} diff --git a/stable/aws-node-termination-handler/templates/podmonitor.yaml b/stable/aws-node-termination-handler/templates/podmonitor.yaml deleted file mode 100644 index e214d12ca..000000000 --- a/stable/aws-node-termination-handler/templates/podmonitor.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and (not .Values.enableSqsTerminationDraining) (and .Values.enablePrometheusServer .Values.podMonitor.create) -}} -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: {{ template "aws-node-termination-handler.fullname" . }} - namespace: {{ default .Release.Namespace .Values.podMonitor.namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} - {{- with .Values.podMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: app.kubernetes.io/name - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - podMetricsEndpoints: - - port: http-metrics - path: /metrics - {{- with .Values.podMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.podMonitor.sampleLimit }} - sampleLimit: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "aws-node-termination-handler.selectorLabelsDaemonset" . | nindent 6 }} -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/psp.yaml b/stable/aws-node-termination-handler/templates/psp.yaml deleted file mode 100644 index c84d69f39..000000000 --- a/stable/aws-node-termination-handler/templates/psp.yaml +++ /dev/null @@ -1,70 +0,0 @@ -{{- if and (.Values.rbac.pspEnabled) (semverCompare "<1.25-0" .Capabilities.KubeVersion.GitVersion) }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "aws-node-termination-handler.fullname" . }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: {{ .Values.useHostNetwork }} - hostPID: false -{{- if and (and (not .Values.enableSqsTerminationDraining) .Values.useHostNetwork ) (or .Values.enablePrometheusServer .Values.enableProbesServer) }} - hostPorts: -{{- if .Values.enablePrometheusServer }} - - min: {{ .Values.prometheusServerPort }} - max: {{ .Values.prometheusServerPort }} -{{- end }} -{{- if .Values.enableProbesServer }} - - min: {{ .Values.probes.httpGet.port }} - max: {{ .Values.probes.httpGet.port }} -{{- end }} -{{- end }} - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "aws-node-termination-handler.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "aws-node-termination-handler.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "aws-node-termination-handler.fullname" . }}-psp - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "aws-node-termination-handler.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "aws-node-termination-handler.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/aws-node-termination-handler/templates/service.yaml b/stable/aws-node-termination-handler/templates/service.yaml deleted file mode 100644 index 19f7b067b..000000000 --- a/stable/aws-node-termination-handler/templates/service.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and .Values.enableSqsTerminationDraining .Values.enablePrometheusServer -}} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labelsDeployment" . | nindent 4 }} -spec: - type: ClusterIP - selector: - {{- include "aws-node-termination-handler.selectorLabelsDeployment" . | nindent 4 }} - ports: - - name: http-metrics - port: {{ .Values.prometheusServerPort }} - targetPort: http-metrics - protocol: TCP -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/serviceaccount.yaml b/stable/aws-node-termination-handler/templates/serviceaccount.yaml deleted file mode 100644 index 08f3dc5f8..000000000 --- a/stable/aws-node-termination-handler/templates/serviceaccount.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "aws-node-termination-handler.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/stable/aws-node-termination-handler/templates/servicemonitor.yaml b/stable/aws-node-termination-handler/templates/servicemonitor.yaml deleted file mode 100644 index d5fe14795..000000000 --- a/stable/aws-node-termination-handler/templates/servicemonitor.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if and .Values.enableSqsTerminationDraining (and .Values.enablePrometheusServer .Values.serviceMonitor.create) -}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "aws-node-termination-handler.fullname" . }} - namespace: {{ default .Release.Namespace .Values.serviceMonitor.namespace }} - labels: - {{- include "aws-node-termination-handler.labels" . | nindent 4 }} - {{- with .Values.serviceMonitor.labels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - jobLabel: app.kubernetes.io/name - namespaceSelector: - matchNames: - - {{ .Release.Namespace }} - endpoints: - - port: http-metrics - path: /metrics - {{- with .Values.serviceMonitor.interval }} - interval: {{ . }} - {{- end }} - {{- with .Values.serviceMonitor.sampleLimit }} - sampleLimit: {{ . }} - {{- end }} - selector: - matchLabels: - {{- include "aws-node-termination-handler.selectorLabelsDeployment" . | nindent 6 }} -{{- end -}} diff --git a/stable/aws-node-termination-handler/values.yaml b/stable/aws-node-termination-handler/values.yaml deleted file mode 100644 index ea7b7f77d..000000000 --- a/stable/aws-node-termination-handler/values.yaml +++ /dev/null @@ -1,295 +0,0 @@ -# Default values for aws-node-termination-handler. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -image: - repository: public.ecr.aws/aws-ec2/aws-node-termination-handler - # Overrides the image tag whose default is {{ printf "v%s" .Chart.AppVersion }} - tag: "" - pullPolicy: IfNotPresent - pullSecrets: [] - -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. If namenot set and create is true, a name is generated using fullname template - name: - annotations: {} - # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME - -rbac: - # Specifies whether RBAC resources should be created - create: true - # Specifies if PodSecurityPolicy resources should be created. PodSecurityPolicy will not be created when Kubernetes version is 1.25 or later. - pspEnabled: true - -customLabels: {} - -podLabels: {} - -podAnnotations: {} - -podSecurityContext: - fsGroup: 1000 - -securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - runAsUser: 1000 - runAsGroup: 1000 - -terminationGracePeriodSeconds: - -resources: {} - -nodeSelector: {} - -affinity: {} - -tolerations: [] - -# Extra environment variables -extraEnv: [] - -# Liveness probe settings -probes: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 5 - -# Set the log level -logLevel: info - -# Set the log format version -logFormatVersion: 1 - -# Log messages in JSON format -jsonLogging: false - -enablePrometheusServer: false -prometheusServerPort: 9092 - -# dryRun tells node-termination-handler to only log calls to kubernetes control plane -dryRun: false - -# Cordon but do not drain nodes upon spot interruption termination notice. -cordonOnly: false - -# Taint node upon spot interruption termination notice. -taintNode: false - -# Exclude node from load balancer before cordoning via the ServiceNodeExclusion feature gate. -excludeFromLoadBalancers: false - -# deleteLocalData tells kubectl to continue even if there are pods using -# emptyDir (local data that will be deleted when the node is drained). -deleteLocalData: true - -# ignoreDaemonSets causes kubectl to skip Daemon Set managed pods. -ignoreDaemonSets: true - -# podTerminationGracePeriod is time in seconds given to each pod to terminate gracefully. If negative, the default value specified in the pod will be used. -podTerminationGracePeriod: -1 - -# nodeTerminationGracePeriod specifies the period of time in seconds given to each NODE to terminate gracefully. Node draining will be scheduled based on this value to optimize the amount of compute time, but still safely drain the node before an event. -nodeTerminationGracePeriod: 120 - -# emitKubernetesEvents If true, Kubernetes events will be emitted when interruption events are received and when actions are taken on Kubernetes nodes. In IMDS Processor mode a default set of annotations with all the node metadata gathered from IMDS will be attached to each event -emitKubernetesEvents: false - -# completeLifecycleActionDelaySeconds will pause for the configured duration after draining the node before completing the EC2 Autoscaling lifecycle action. This may be helpful if Pods on the node have Persistent Volume Claims. -completeLifecycleActionDelaySeconds: -1 - -# kubernetesEventsExtraAnnotations A comma-separated list of key=value extra annotations to attach to all emitted Kubernetes events -# Example: "first=annotation,sample.annotation/number=two" -kubernetesEventsExtraAnnotations: "" - -# webhookURL if specified, posts event data to URL upon instance interruption action. -webhookURL: "" - -# Webhook URL will be fetched from the secret store using the given name. -webhookURLSecretName: "" - -# webhookHeaders if specified, replaces the default webhook headers. -webhookHeaders: "" - -# webhookProxy if specified, uses this HTTP(S) proxy configuration. -webhookProxy: "" - -# webhookTemplate if specified, replaces the default webhook message template. -webhookTemplate: "" - -# webhook template file will be fetched from given config map name -# if specified, replaces the default webhook message with the content of the template file -webhookTemplateConfigMapName: "" - -# template file name stored in configmap -webhookTemplateConfigMapKey: "" - -# enableSqsTerminationDraining If true, this turns on queue-processor mode which drains nodes when an SQS termination event is received -enableSqsTerminationDraining: false - -# --------------------------------------------------------------------------------------------------------------------- -# Queue Processor Mode -# --------------------------------------------------------------------------------------------------------------------- - -# The number of replicas in the NTH deployment when using queue-processor mode (NOTE: increasing this may cause duplicate webhooks since NTH pods are stateless) -replicas: 1 - -# Specify the update strategy for the deployment -strategy: {} - -# podDisruptionBudget specifies the disruption budget for the controller pods. -# Disruption budget will be configured only when the replicaCount is greater than 1 -podDisruptionBudget: {} -# maxUnavailable: 1 - -serviceMonitor: - # Specifies whether ServiceMonitor should be created - # this needs enableSqsTerminationDraining: true - # and enablePrometheusServer: true - create: false - # Specifies whether the ServiceMonitor should be created in a different namespace than - # the Helm release - namespace: - # Additional labels to add to the metadata - labels: {} - # The Prometheus scrape interval - interval: 30s - # The number of scraped samples that will be accepted - sampleLimit: 5000 - -priorityClassName: system-cluster-critical - -# If specified, use the AWS region for AWS API calls -awsRegion: "" - -# Listens for messages on the specified SQS queue URL -queueURL: "" - -# The maximum amount of parallel event processors to handle concurrent events -workers: 10 - -# [DEPRECATED] Use checkTagBeforeDraining instead -checkASGTagBeforeDraining: true - -# If true, check that the instance is tagged with "aws-node-termination-handler/managed" as the key before draining the node -checkTagBeforeDraining: true - -# [DEPRECATED] Use managedTag instead -managedAsgTag: "aws-node-termination-handler/managed" - -# The tag to ensure is on a node if checkTagBeforeDraining is true -managedTag: "aws-node-termination-handler/managed" - -# If true, fetch node name through Kubernetes node spec ProviderID instead of AWS event PrivateDnsHostname. -useProviderId: false - -# --------------------------------------------------------------------------------------------------------------------- -# IMDS Mode -# --------------------------------------------------------------------------------------------------------------------- - -# Create node OS specific daemonset(s). (e.g. "linux", "windows", "linux windows") -targetNodeOs: linux - -linuxPodLabels: {} -windowsPodLabels: {} - -linuxPodAnnotations: {} -windowsPodAnnotations: {} - -# K8s DaemonSet update strategy. -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - -daemonsetPriorityClassName: system-node-critical - -podMonitor: - # Specifies whether PodMonitor should be created - # this needs enableSqsTerminationDraining: false - # and enablePrometheusServer: true - create: false - # Specifies whether the PodMonitor should be created in a different namespace than - # the Helm release - namespace: - # Additional labels to add to the metadata - labels: {} - # The Prometheus scrape interval - interval: 30s - # The number of scraped samples that will be accepted - sampleLimit: 5000 - -# Determines if NTH uses host networking for Linux when running the DaemonSet (only IMDS mode; queue-processor never runs with host networking) -# If you have disabled IMDSv1 and are relying on IMDSv2, you'll need to increase the IP hop count to 2 before switching this to false -# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html -useHostNetwork: true - -# Daemonset DNS policy -dnsPolicy: "" -dnsConfig: {} -linuxDnsPolicy: ClusterFirstWithHostNet -windowsDnsPolicy: ClusterFirst - -daemonsetNodeSelector: {} -linuxNodeSelector: {} -windowsNodeSelector: {} - -daemonsetAffinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "eks.amazonaws.com/compute-type" - operator: NotIn - values: - - fargate -linuxAffinity: {} -windowsAffinity: {} - -daemonsetTolerations: - - operator: Exists -linuxTolerations: [] -windowsTolerations: [] - -# If the probes server is running. -enableProbesServer: false - -# Total number of times to try making the metadata request before failing. -metadataTries: 3 - -# enableSpotInterruptionDraining If false, do not drain nodes when the spot interruption termination notice is received. Only used in IMDS mode. -enableSpotInterruptionDraining: true - -# enableScheduledEventDraining If false, do not drain nodes before the maintenance window starts for an EC2 instance scheduled event. Only used in IMDS mode. -enableScheduledEventDraining: true - -# enableRebalanceMonitoring If true, cordon nodes when the rebalance recommendation notice is received. Only used in IMDS mode. -enableRebalanceMonitoring: false - -# enableRebalanceDraining If true, drain nodes when the rebalance recommendation notice is received. Only used in IMDS mode. -enableRebalanceDraining: false - -# --------------------------------------------------------------------------------------------------------------------- -# Testing -# --------------------------------------------------------------------------------------------------------------------- - -# (TESTING USE): If specified, use the provided AWS endpoint to make API calls. -awsEndpoint: "" - -# (TESTING USE): These should only be used for testing w/ localstack! -awsAccessKeyID: -awsSecretAccessKey: - -# (TESTING USE): Override the default metadata URL (default: http://169.254.169.254:80) -instanceMetadataURL: "" - -# (TESTING USE): Mount path for uptime file -procUptimeFile: /proc/uptime From 042326c466065fc649d5b06af22c24f9362f4f82 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 3 Oct 2024 09:29:27 -0500 Subject: [PATCH 2/3] chore: Remove manifests for deprecated `csi-secrets-store-provider-aws` chart (#1167) --- README.md | 16 ++--- .../.helmignore | 23 ------- .../csi-secrets-store-provider-aws/Chart.lock | 6 -- .../csi-secrets-store-provider-aws/Chart.yaml | 25 ------- .../csi-secrets-store-provider-aws/README.md | 53 --------------- .../templates/NOTES.txt | 4 -- .../templates/_helpers.tpl | 52 -------------- .../templates/clusterrole.yaml | 20 ------ .../templates/clusterrolebinding.yaml | 15 ----- .../templates/daemonset.yaml | 67 ------------------- .../templates/podsecuritypolicy.yaml | 24 ------- .../templates/role.yaml | 14 ---- .../templates/rolebinding.yaml | 16 ----- .../templates/serviceaccount.yaml | 8 --- .../values.yaml | 42 ------------ 15 files changed, 5 insertions(+), 380 deletions(-) delete mode 100644 stable/csi-secrets-store-provider-aws/.helmignore delete mode 100644 stable/csi-secrets-store-provider-aws/Chart.lock delete mode 100644 stable/csi-secrets-store-provider-aws/Chart.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/README.md delete mode 100644 stable/csi-secrets-store-provider-aws/templates/NOTES.txt delete mode 100644 stable/csi-secrets-store-provider-aws/templates/_helpers.tpl delete mode 100644 stable/csi-secrets-store-provider-aws/templates/clusterrole.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/templates/clusterrolebinding.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/templates/daemonset.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/templates/podsecuritypolicy.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/templates/role.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/templates/rolebinding.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/templates/serviceaccount.yaml delete mode 100644 stable/csi-secrets-store-provider-aws/values.yaml diff --git a/README.md b/README.md index 2ed6f90e8..1e0139865 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ -![EKS Charts](https://github.com/aws/eks-charts/actions/workflows/ci.yaml/badge.svg) - -## EKS Charts +# EKS Charts Add the EKS repository to Helm: @@ -24,10 +22,6 @@ helm repo add eks https://aws.github.io/eks-charts > [!WARNING] > This Helm chart is now deprecated. Please see the current chart located in the [aws-node-termination-handler](https://github.com/aws/aws-node-termination-handler/tree/main/config/helm/aws-node-termination-handler) repository which is now published on [Public ECR](https://gallery.ecr.aws/aws-ec2/helm/aws-node-termination-handler) -### AWS Calico - -**This Helm chart is deprecated**. To install Calico network policy enforcement on AWS, follow the EKS [user guide](https://docs.aws.amazon.com/eks/latest/userguide/calico.html). - ### AWS CloudWatch Metrics * [aws-cloudwatch-metrics](stable/aws-cloudwatch-metrics): A helm chart for CloudWatch Agent to Collect Cluster Metrics @@ -50,9 +44,8 @@ helm repo add eks https://aws.github.io/eks-charts ### AWS Secrets Manager and Config Provider for Secret Store CSI Driver -**This Helm chart is deprecated, please switch to which is reviewed, owned and maintained by AWS.** - -* [csi-secrets-store-provider-aws](stable/csi-secrets-store-provider-aws): A helm chart for [AWS Secrets Manager and Config Provider](https://github.com/aws/secrets-store-csi-driver-provider-aws) +> [!WARNING] +> This Helm chart is deprecated, please switch to [AWS Secrets Manager and Config Provider](https://github.com/aws/secrets-store-csi-driver-provider-aws) which is reviewed, owned and maintained by AWS ### Amazon EC2 Metadata Mock @@ -62,7 +55,8 @@ helm repo add eks https://aws.github.io/eks-charts * [cni-metrics-helper](stable/cni-metrics-helper): A helm chart for [CNI Metrics Helper](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/cmd/cni-metrics-helper/README.md) -### EKS EFA Plugin +### EKS EFA K8s Device Plugin + * [aws-efa-k8s-device-plugin](stable/aws-efa-k8s-device-plugin): A helm chart for the [Elastic Fabric Adapter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/efa.html) plugin, which automatically discovers and mounts EFA devices into pods that request them ## License diff --git a/stable/csi-secrets-store-provider-aws/.helmignore b/stable/csi-secrets-store-provider-aws/.helmignore deleted file mode 100644 index 0e8a0eb36..000000000 --- a/stable/csi-secrets-store-provider-aws/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/stable/csi-secrets-store-provider-aws/Chart.lock b/stable/csi-secrets-store-provider-aws/Chart.lock deleted file mode 100644 index 62ce1cf66..000000000 --- a/stable/csi-secrets-store-provider-aws/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: secrets-store-csi-driver - repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - version: 1.1.2 -digest: sha256:f06286259a5edd280b6f4d93a244eb9c116b1d0fe855354edf304ae1c8e30543 -generated: "2022-05-12T09:01:11.009668+02:00" diff --git a/stable/csi-secrets-store-provider-aws/Chart.yaml b/stable/csi-secrets-store-provider-aws/Chart.yaml deleted file mode 100644 index a3430c110..000000000 --- a/stable/csi-secrets-store-provider-aws/Chart.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: v2 -name: csi-secrets-store-provider-aws -version: 0.0.4 -appVersion: 1.0.r2-6-gee95299-2022.04.14.21.07 -kubeVersion: ">=1.17.0-0" -deprecated: true -description: This Helm chart is deprecated, please switch to https://aws.github.io/secrets-store-csi-driver-provider-aws/ -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - "https://github.com/aws/secrets-store-csi-driver-provider-aws" -home: "https://github.com/aws/secrets-store-csi-driver-provider-aws" -# I put my name because I did not know who else to insert but -# more than willingly I pass the burden and honors to someone else. -maintainers: - - name: Pierluigi Lenoci - email: pierluigi.lenoci@gmail.com -dependencies: -- name: secrets-store-csi-driver - repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts - version: 1.1 - condition: secrets-store-csi-driver.install -keywords: - - eks - - secrets-store-csi-driver - - csi \ No newline at end of file diff --git a/stable/csi-secrets-store-provider-aws/README.md b/stable/csi-secrets-store-provider-aws/README.md deleted file mode 100644 index 9777aeed3..000000000 --- a/stable/csi-secrets-store-provider-aws/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# csi-secrets-store-provider-aws - -**This Helm chart is deprecated, please switch to https://aws.github.io/secrets-store-csi-driver-provider-aws/ which is reviewed, owned and maintained by AWS.** - ------------------ - -AWS Secrets Manager and Config Provider for Secret Store CSI Driver allows you to get secret contents stored in AWS Key Management Service instance and use the Secrets Store CSI driver interface to mount them into Kubernetes pods. - -### Prerequisites - -- [Helm3](https://helm.sh/docs/intro/quickstart/#install-helm) - -### Installing the Chart - -- This chart installs the [secrets-store-csi-driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) and the AWS Secrets Manager and Config Provider for Secret Store CSI Driver - -```shell -helm repo add eks https://aws.github.io/eks-charts -helm install eks/csi-secrets-store-provider-aws --generate-name --namespace kube-system -``` - -### Create the access policy - -Follow the [Usage](https://github.com/aws/secrets-store-csi-driver-provider-aws#usage) guide. - -### Configuration - -The following table lists the configurable parameters of the csi-secrets-store-provider-aws chart and their default values. - -> Refer to [doc](https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/main/charts/secrets-store-csi-driver/README.md) for configurable parameters of the secrets-store-csi-driver chart. - -| Parameter | Description | Default | -| --- | --- | --- | -| `nameOverride` | String to override the name template with a string | `""` | -| `fullnameOverride` | String to override the fullname template with a string | `""` | -| `imagePullSecrets` | Secrets to be used when pulling images | `[]` | -| `image.registry` | Image registry | `public.ecr.aws` | -| `image.repository` | Image repository | `aws-secrets-manager/secrets-store-csi-driver-provider-aws` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.tag`| Image tag | `.Chart.AppVersion` | -| `priorityClassName` | Indicates the importance of a Pod relative to other Pods | `""` | -| `nodeSelector` | Node Selector for the daemonset on nodes | `{}` | -| `tolerations` | Tolerations for the daemonset on nodes | `[]` | -| `ports` | Liveness and readyness tcp probe port | `8989` | -| `privileged` | Privileged security context | `false` -| `resources`| Resource limit for provider pods on nodes | `requests.cpu: 50m`
`requests.memory: 100Mi`
`limits.cpu: 50m`
`limits.memory: 100Mi` | -| `podLabels`| Additional pod labels | `{}` | -| `podAnnotations` | Additional pod annotations| `{}` | -| `updateStrategy` | Configure a custom update strategy for the daemonset on nodes | `RollingUpdate`| -| `secrets-store-csi-driver.install` | Secrets Store CSI Driver chart install | `true` -| `rbac.install` | Install default service account | true | -| `rbac.pspEnabled` | Pod Security Pods | false | -| `rbac.serviceAccount.name` | Service account to be used. If not set and serviceAccount.create is true a name is generated using the fullname template. | | diff --git a/stable/csi-secrets-store-provider-aws/templates/NOTES.txt b/stable/csi-secrets-store-provider-aws/templates/NOTES.txt deleted file mode 100644 index 7646f9507..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/NOTES.txt +++ /dev/null @@ -1,4 +0,0 @@ -{{ $.Chart.Name }} has been installed. Check its status by running: - kubectl --namespace {{ .Release.Namespace }} get ds - -Visit https://github.com/aws/eks-charts/tree/master/stable/csi-secrets-store-provider-aws diff --git a/stable/csi-secrets-store-provider-aws/templates/_helpers.tpl b/stable/csi-secrets-store-provider-aws/templates/_helpers.tpl deleted file mode 100644 index 9dcef6d3b..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/_helpers.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "sscdpa.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "sscdpa.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Standard labels for helm resources -*/}} -{{- define "sscdpa.labels" -}} -labels: - app.kubernetes.io/instance: "{{ .Release.Name }}" - app.kubernetes.io/managed-by: "{{ .Release.Service }}" - app.kubernetes.io/name: "{{ template "sscdpa.name" . }}" - app.kubernetes.io/version: "{{ .Chart.AppVersion }}" - app: {{ template "sscdpa.name" . }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -{{- end -}} - -{{/* -Name of the service account to use -*/}} -{{- define "sscdpa.serviceAccountName" -}} - {{ default (include "sscdpa.fullname" .) .Values.rbac.serviceAccount.name }} -{{- end -}} - -{{/* -Name of the pod security policy to use -*/}} -{{- define "sscdpa.psp.fullname" -}} -{{- printf "%s-psp" (include "sscdpa.fullname" .) -}} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/clusterrole.yaml b/stable/csi-secrets-store-provider-aws/templates/clusterrole.yaml deleted file mode 100644 index 9fa7951b3..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.rbac.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "sscdpa.fullname" . }}-cluster-role -{{ include "sscdpa.labels" . | indent 2 }} -rules: - - apiGroups: [""] - resources: ["serviceaccounts/token"] - verbs: ["create"] - - apiGroups: [""] - resources: ["serviceaccounts"] - verbs: ["get"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get"] - - apiGroups: [""] - resources: ["nodes"] - verbs: ["get"] -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/clusterrolebinding.yaml b/stable/csi-secrets-store-provider-aws/templates/clusterrolebinding.yaml deleted file mode 100644 index 882cc8f63..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Values.rbac.install }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "sscdpa.fullname" . }}-cluster-role-binding -{{ include "sscdpa.labels" . | indent 2 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "sscdpa.fullname" . }}-cluster-role -subjects: - - kind: ServiceAccount - name: {{ template "sscdpa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/daemonset.yaml b/stable/csi-secrets-store-provider-aws/templates/daemonset.yaml deleted file mode 100644 index dee0c24aa..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/daemonset.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ template "sscdpa.fullname" . }} - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -spec: - updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} - selector: - matchLabels: - app: {{ template "sscdpa.name" . }} - template: - metadata: -{{ include "sscdpa.labels" . | indent 6 }} -{{- if .Values.podLabels }} -{{- toYaml .Values.podLabels | nindent 8 }} -{{- end }} -{{- if .Values.podAnnotations }} - annotations: -{{- toYaml .Values.podAnnotations | nindent 8 }} -{{- end }} - spec: - {{- if .Values.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.imagePullSecrets | indent 8 }} - {{- end }} - serviceAccountName: {{ template "sscdpa.serviceAccountName" . }} - hostNetwork: true - containers: - - name: provider-aws-installer - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - --provider-volume=/etc/kubernetes/secrets-store-csi-providers - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- if .Values.privileged }} - securityContext: - privileged: true - {{- end }} - volumeMounts: - - mountPath: "/etc/kubernetes/secrets-store-csi-providers" - name: provider-vol - - name: mountpoint-dir - mountPath: /var/lib/kubelet/pods - mountPropagation: HostToContainer - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName | quote }} - {{- end }} - volumes: - - name: provider-vol - hostPath: - path: "/etc/kubernetes/secrets-store-csi-providers" - - name: mountpoint-dir - hostPath: - path: /var/lib/kubelet/pods - type: DirectoryOrCreate - nodeSelector: - kubernetes.io/os: linux -{{- if .Values.nodeSelector }} -{{- toYaml .Values.nodeSelector | nindent 8 }} -{{- end }} -{{- with .Values.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/podsecuritypolicy.yaml b/stable/csi-secrets-store-provider-aws/templates/podsecuritypolicy.yaml deleted file mode 100644 index 4f4ea873b..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/podsecuritypolicy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "sscdpa.psp.fullname" . }} -{{ include "sscdpa.labels" . | indent 2 }} -spec: - seLinux: - rule: RunAsAny - privileged: true - volumes: - - hostPath - - secret - hostNetwork: true - hostPorts: - - min: 0 - max: 65535 - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/role.yaml b/stable/csi-secrets-store-provider-aws/templates/role.yaml deleted file mode 100644 index 74a32acd3..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/role.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ template "sscdpa.psp.fullname" . }}-role - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -rules: - - apiGroups: [ 'policy' ] - resources: [ 'podsecuritypolicies' ] - verbs: [ 'use' ] - resourceNames: - - {{ template "sscdpa.psp.fullname" . }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/rolebinding.yaml b/stable/csi-secrets-store-provider-aws/templates/rolebinding.yaml deleted file mode 100644 index 0c292dd74..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "sscdpa.psp.fullname" . }}-role-binding - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ template "sscdpa.psp.fullname" . }}-role -subjects: - - kind: ServiceAccount - name: {{ template "sscdpa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/csi-secrets-store-provider-aws/templates/serviceaccount.yaml b/stable/csi-secrets-store-provider-aws/templates/serviceaccount.yaml deleted file mode 100644 index dd7a2ec20..000000000 --- a/stable/csi-secrets-store-provider-aws/templates/serviceaccount.yaml +++ /dev/null @@ -1,8 +0,0 @@ -{{ if .Values.rbac.install }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "sscdpa.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{ include "sscdpa.labels" . | indent 2 }} -{{ end }} diff --git a/stable/csi-secrets-store-provider-aws/values.yaml b/stable/csi-secrets-store-provider-aws/values.yaml deleted file mode 100644 index 110787c02..000000000 --- a/stable/csi-secrets-store-provider-aws/values.yaml +++ /dev/null @@ -1,42 +0,0 @@ - -imagePullSecrets: [] - -image: - registry: public.ecr.aws - repository: aws-secrets-manager/secrets-store-csi-driver-provider-aws - ## defaults to app.Version - tag: - pullPolicy: IfNotPresent - -nodeSelector: {} -tolerations: [] - -port: 8989 - -privileged: false - -resources: - requests: - cpu: 50m - memory: 100Mi - limits: - cpu: 50m - memory: 100Mi - -podLabels: {} -podAnnotations: {} - -updateStrategy: - type: RollingUpdate - -secrets-store-csi-driver: - install: true - -## Install default service account -rbac: - install: true - pspEnabled: false - serviceAccount: - name: - -priorityClassName: "" From be6dff791a03c20210b5ca7144026687ac4f7b71 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Thu, 3 Oct 2024 13:14:21 -0500 Subject: [PATCH 3/3] chore: Deprecate `amazon-ec2-metadata-mock` to use upstream repo and Public ECR (#1169) --- README.md | 3 +- stable/amazon-ec2-metadata-mock/.helmignore | 22 -- stable/amazon-ec2-metadata-mock/Chart.yaml | 24 -- stable/amazon-ec2-metadata-mock/README.md | 247 ------------------ .../ci/configmap-values.yaml | 3 - .../ci/default-values.yaml | 2 - .../ci/local-image-values.yaml | 5 - .../ci/service-config-values.yaml | 3 - .../templates/NOTES.txt | 5 - .../templates/_helpers.tpl | 103 -------- .../templates/clusterrole.yaml | 7 - .../templates/clusterrolebinding.yaml | 12 - .../templates/deployment.linux.yaml | 160 ------------ .../templates/deployment.windows.yaml | 145 ---------- .../templates/psp.yaml | 60 ----- .../templates/service.yaml | 15 -- .../templates/serviceaccount.yaml | 11 - .../templates/tests/test-aemm-service.yaml | 57 ---- .../templates/tests/test-config-map.yaml | 19 -- stable/amazon-ec2-metadata-mock/values.yaml | 117 --------- 20 files changed, 2 insertions(+), 1018 deletions(-) delete mode 100644 stable/amazon-ec2-metadata-mock/.helmignore delete mode 100644 stable/amazon-ec2-metadata-mock/Chart.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/README.md delete mode 100644 stable/amazon-ec2-metadata-mock/ci/configmap-values.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/ci/default-values.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/ci/local-image-values.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/ci/service-config-values.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/NOTES.txt delete mode 100644 stable/amazon-ec2-metadata-mock/templates/_helpers.tpl delete mode 100644 stable/amazon-ec2-metadata-mock/templates/clusterrole.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/clusterrolebinding.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/deployment.linux.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/deployment.windows.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/psp.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/service.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/serviceaccount.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/tests/test-aemm-service.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/templates/tests/test-config-map.yaml delete mode 100644 stable/amazon-ec2-metadata-mock/values.yaml diff --git a/README.md b/README.md index 1e0139865..0857d9066 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,8 @@ helm repo add eks https://aws.github.io/eks-charts ### Amazon EC2 Metadata Mock -* [amazon-ec2-metadata-mock](stable/amazon-ec2-metadata-mock): A tool to simulate Amazon EC2 instance metadata service for local testing +> [!WARNING] +> This Helm chart is now deprecated. Please see the current chart located in the [amazon-ec2-metadata-mock](https://github.com/aws/amazon-ec2-metadata-mock/tree/main/helm) repository which is now published on [Public ECR](https://gallery.ecr.aws/aws-ec2/helm/amazon-ec2-metadata-mock) ### CNI Metrics Helper diff --git a/stable/amazon-ec2-metadata-mock/.helmignore b/stable/amazon-ec2-metadata-mock/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/stable/amazon-ec2-metadata-mock/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/stable/amazon-ec2-metadata-mock/Chart.yaml b/stable/amazon-ec2-metadata-mock/Chart.yaml deleted file mode 100644 index 890168a1f..000000000 --- a/stable/amazon-ec2-metadata-mock/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -name: amazon-ec2-metadata-mock -description: A Helm chart for Amazon EC2 Metadata Mock -version: 1.11.2 -home: https://github.com/aws/eks-charts -icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png -sources: - - https://github.com/aws/amazon-ec2-metadata-mock - - https://github.com/aws/eks-charts/ -maintainers: - - name: pdk27 - url: https://github.com/pdk27 - email: pdk27@users.noreply.github.com - - name: brycahta - url: https://github.com/brycahta - email: brycahta@users.noreply.github.com -keywords: - - ec2 - - aws-ec2 - - imds - - ec2-instance-metadata - - ec2-instance-metadata-mock - - spot-interruption-mock - - ec2-rebalance-recommendation diff --git a/stable/amazon-ec2-metadata-mock/README.md b/stable/amazon-ec2-metadata-mock/README.md deleted file mode 100644 index c48cd2869..000000000 --- a/stable/amazon-ec2-metadata-mock/README.md +++ /dev/null @@ -1,247 +0,0 @@ -# Amazon EC2 Metadata Mock - -Amazon EC2 Metadata Mock(AEMM) Helm chart for Kubernetes. For more information on this project see the project repo at https://github.com/aws/amazon-ec2-metadata-mock. - -## Prerequisites - -* Kubernetes >= 1.14 - -## Installing the Chart - -The helm chart can be installed from several sources. To install the chart with the release name amazon-ec2-metadata-mock and default configuration, pick a source below: - -#### eks-charts -The chart for this project is hosted in [eks-charts](https://github.com/aws/eks-charts). - -To get started you need to add the eks-charts repo to helm: - -``` -helm repo add eks https://aws.github.io/eks-charts -``` - -Then install with desired configs: - -``` -helm install amazon-ec2-metadata-mock \ - --namespace default -``` - -#### Local chart archive - -Download and Install the chart archive from the latest release -```sh -curl -L https://github.com/aws/amazon-ec2-metadata-mock/releases/download/v1.11.2/amazon-ec2-metadata-mock-1.11.2.tgz -``` - -```sh -helm install amazon-ec2-metadata-mock amazon-ec2-metadata-mock-1.11.2.tgz \ - --namespace default -``` - -#### Unpacked local chart directory - -Download the source code or unpack the archive from latest release and run -```sh -helm install amazon-ec2-metadata-mock ./helm/amazon-ec2-metadata-mock \ - --namespace default -``` ----- -To upgrade an already installed chart named amazon-ec2-metadata-mock: -```sh -helm upgrade amazon-ec2-metadata-mock ./helm/amazon-ec2-metadata-mock \ - --namespace default -``` - -### Installing the Chart with overridden values for AEMM configuration: - -AEMM has an [extensive list of parameters](https://github.com/aws/amazon-ec2-metadata-mock#defaults) that can overridden. For simplicity, a selective list of parameters are configurable using Helm custom `values.yaml` or `--set argument`. To override parameters not listed in `values.yaml` use Kubernetes ConfigMap. - -The [configuration](#configuration) section details the selective list of parameters. Alternatively, to retrieve the same information via helm, run: -```sh -helm show values ./helm/amazon-ec2-metadata-mock -``` - -* Passing a custom values.yaml to helm -```sh -helm install amazon-ec2-metadata-mock ./helm/amazon-ec2-metadata-mock \ - --namespace default -f path/to/myvalues.yaml -``` - -* Passing custom values to Helm via CLI arguments -```sh -helm install amazon-ec2-metadata-mock ./helm/amazon-ec2-metadata-mock \ - --namespace default --set aemm.spot.action="stop",aemm.mockDelaySec=120 -``` - -* Passing a config file to AEMM - - 1. Create a Kubernetes ConfigMap from a custom AEMM configuration file: -See [Readme](https://github.com/aws/amazon-ec2-metadata-mock#configuration) to learn more about AEMM configuration. [Here](https://github.com/aws/amazon-ec2-metadata-mock/blob/main/test/e2e/testdata/output/aemm-config-used.json) is a reference config file to create your own `aemm-config.json` - - Note: - * AEMM's native config `aemm.server.port` needs to be a fixed value (1338) to be able to run AEMM as a K8s service. So, overriding the `aemm.server.port` in the custom config file will work only when AEMM is accessed via the pod directly. To access the AEMM K8s service on a custom port, override `servicePort` (which is a Helm config). - - * The `configMapFileName` is used to mount the configMap on the containers running AEMM. The default file name is `aemm-config.json`. If a non-default file name was used to create the configMap, override `configMapFileName` in order for AEMM to be able to access it. - - ```sh - kubectl create configmap aemm-config-map --from-file path/to/aemm-config.json - ``` - - 2. Create `myvalues.yaml` with overridden value for configMap: -```yaml -configMap: "aemm-config-map" -servicePort: 1550 -``` - - 3. Install AEMM with override: -```sh -helm install amazon-ec2-metadata-mock ./helm/amazon-ec2-metadata-mock \ - --namespace default -f path/to/myvalues.yaml -``` - -## Making a HTTP request to the AEMM server running on a pod - -1. Access AEMM pod / service - i. Set up port-forwarding to access AEMM on your machine: - - ```sh - kubectl get pods --namespace default - ``` - - ```sh - kubectl port-forward pod/ 1338 - ``` - - or - - ``` - kubectl port-forward service/amazon-ec2-metadata-mock-service 1338 - ``` - - ii. Access AEMM from your application using the ClusterIP / DNS of the service or the pod directly. - -2. Make the HTTP request - - ```sh - # From outside the cluster: - - curl http://localhost:1338/latest/meta-data/spot/instance-action - { - "action": "terminate", - "time": "2020-05-04T18:11:37Z" - } - ``` - or - ```sh - # From inside the cluster: - # ClusterIP and port for the service should be available in the application pod's environment, if it was created after the AEMM service. - - curl http://$AMAZON_EC2_METADATA_MOCK_SERVICE_SERVICE_HOST:$AMAZON_EC2_METADATA_MOCK_SERVICE_SERVICE_PORT/latest/meta-data/spot/instance-action - { - "action": "terminate", - "time": "2020-05-04T18:11:37Z" - } - ``` - or - ```sh - # From inside the cluster: - - curl http://amazon-ec2-metadata-mock-service.default.svc.cluster.local:1338/latest/meta-data/spot/instance-action - { - "action": "terminate", - "time": "2020-05-04T18:11:37Z" - } - ``` - -## Uninstalling the Chart - -To uninstall/delete the `amazon-ec2-metadata-mock` release: -```sh -helm uninstall amazon-ec2-metadata-mock -``` -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Contributing to the Chart -While developing, use test/helm/chart-test.sh to test your changes. Preserve and reuse test environment, by using -p and -r options to run tests quickly. -``` -/test/helm/chart-test.sh -h -``` - -Alternatively, the same tests can be run using: -``` -make helm-lint-test # for linting only -make helm-e2e-test # for e2e tests, including linting -``` - -### Versioning -Increment the chart version when one or more files in the helm chart directory changes: -* Increment patch version for readme changes -* Increment minor version for backward compatible changes / new minor version of the app (appVersion) -* Increment major version for incompatible changes / new major version of the app (appVersion) - -## Configuration - -The following tables lists the configurable parameters of the chart and their default values. - -### General -Parameter | Description | Default ---- | --- | --- -`image.repository` | image repository | `public.ecr.aws/aws-ec2/amazon-ec2-metadata-mock` -`image.tag` | image tag | `` -`image.pullPolicy` | image pull policy | `IfNotPresent` -`replicaCount` | defines the number of amazon-ec2-metadata-mock pods to replicate | `1` -`nameOverride` | override for the name of the Helm Chart (default, if not overridden: `amazon-ec2-metadata-mock`) | `""` -`fullnameOverride` | override for the name of the application (default, if not overridden: `amazon-ec2-metadata-mock`) | `""` -`targetNodeOs` | creates node-OS specific deployments (e.g. "linux", "windows", "linux windows") | `linux` -`nodeSelector` | tells both linux and windows deployments where to place the amazon-ec2-metadata-mock pods. | `{}`, meaning every node will receive a pod -`linuxNodeSelector` | tells the linux deployments where to place the amazon-ec2-metadata-mock pods. | `{}`, meaning every linux node will receive a pod -`windowsNodeSelector` | tells the windows deployments where to place the amazon-ec2-metadata-mock pods. | `{}`, meaning every windows node will receive a pod -`podAnnotations` | annotations to add to each pod | `{}` -`linuxAnnotations` | annotations to add to each linux pod | `{}` -`windowsAnnotations` | annotations to add to each windows pod | `{}` -`tolerations` | specifies taints that a pod tolerates so that it can be scheduled to a node with the same taint | `[]` -`linuxTolerations` | specifies taints that a linux pod tolerates so that it can be scheduled to a node with the same taint | `[]` -`windowsTolerations` | specifies taints that a windows pod tolerates so that it can be scheduled to a node with the same taint | `[]` -`updateStrategy` | the update strategy for a Deployment | `RollingUpdate` -`linuxUpdateStrategy` | the update strategy for a linux Deployment | `""` -`windowsUpdateStrategy` | the update strategy for a windows Deployment | `""` -`rbac.pspEnabled` | if `true`, create and use a restricted pod security policy | `false` -`serviceAccount.create` | if `true`, create a new service account | `true` -`serviceAccount.name` | service account to be used | `amazon-ec2-metadata-mock-service-account` -`serviceAccount.annotations` | specifies the annotations for service account | `{}` -`securityContext.runAsUserID` | user ID to run the container | `1000` -`securityContext.runAsGroupID` | group ID to run the container | `1000` -`namespace` | Kubernetes namespace to use for AEMM pods | `default` -`configMap` | name of the Kubernetes ConfigMap to use to pass a config file for AEMM overrides | `""` -`configMapFileName` | name of the file used to create the Kubernetes ConfigMap | `aemm-config.json` -`servicePort` | port to run AEMM K8s Service on | `1338` -`serviceName` | name of the AEMM K8s Service | `amazon-ec2-metadata-mock-service` - -### Helm chart tests -Parameter | Description | Default ---- | --- | --- -`test.image` | test image to use in the test pod | `centos` -`test.imageTag` | test image tag | `latest` -`test.pullPolicy` | test image pull policy | `IfNotPresent` - -### AEMM parameters -A selective list of AEMM parameters are configurable via Helm CLI and values.yaml file. -Use the [Kubernetes ConfigMap option](#installing-the-chart-with-overridden-values-for-aemm-configuration) to configure [other AEMM parameters](https://github.com/aws/amazon-ec2-metadata-mock/blob/main/test/e2e/testdata/output/aemm-config-used.json). - -Parameter | Description | Default in Helm | Default AEMM configuration ---- | --- | --- | --- -`aemm.server.hostname` | hostname to run AEMM on | `""`, in order to listen on all available interfaces e.g. ClusterIP | `0.0.0.0` -`aemm.mockDelaySec` | spot itn delay in seconds, relative to the start time of AEMM | `0` | `0` -`aemm.mockTriggerTime` | spot itn trigger time in RFC3339 format | `""` | `""` -`aemm.mockIPCount` | number of IPs that can receive spot interrupts and/or scheduled events; subsequent requests will return 404 | `""` | `2` -`aemm.imdsv2` | if true, IMDSv2 only works | `false` | `false`, meaning both IMDSv1/v2 work -`aemm.rebalanceDelaySec` | rebalance rec delay in seconds, relative to the start time of AEMM | `0` | `0` -`aemm.rebalanceTriggerTime` | rebalance rec trigger time in RFC3339 format | `""` | `""` -`aemm.spot.action` | action in the spot interruption notice | `""` | `terminate` -`aemm.spot.time` | time in the spot interruption notice | `""` | HTTP request time + 2 minutes -`aemm.spot.rebalanceRecTime` | time in the rebalance recommendation notification | `""` | HTTP request time -`aemm.events.code` | event code in the scheduled event | `""` | `system-reboot` -`aemm.events.notAfter` | the latest end time for the scheduled event | `""` | Start time of AEMM + 7 days -`aemm.events.notBefore` | the earliest start time for the scheduled event | `""` | Start time of AEMM -`aemm.events.notBeforeDeadline` | the deadline for starting the event | `""` | Start time of AEMM + 9 days -`aemm.events.state` | state of the scheduled event | `""` | `active` diff --git a/stable/amazon-ec2-metadata-mock/ci/configmap-values.yaml b/stable/amazon-ec2-metadata-mock/ci/configmap-values.yaml deleted file mode 100644 index 7249f4eb8..000000000 --- a/stable/amazon-ec2-metadata-mock/ci/configmap-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -configMap: "test-aemm-configmap" -configMapFileName: "test-aemm-config.yaml" diff --git a/stable/amazon-ec2-metadata-mock/ci/default-values.yaml b/stable/amazon-ec2-metadata-mock/ci/default-values.yaml deleted file mode 100644 index 224d924a3..000000000 --- a/stable/amazon-ec2-metadata-mock/ci/default-values.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# empty values.yaml file must be present for Helm chart tests to run with default values -# https://github.com/helm/charts/blob/master/test/README.md#providing-custom-test-values diff --git a/stable/amazon-ec2-metadata-mock/ci/local-image-values.yaml b/stable/amazon-ec2-metadata-mock/ci/local-image-values.yaml deleted file mode 100644 index f17292dc6..000000000 --- a/stable/amazon-ec2-metadata-mock/ci/local-image-values.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -image: - repository: "amazon-ec2-metadata-mock" - tag: "test-latest" - pullPolicy: "Never" diff --git a/stable/amazon-ec2-metadata-mock/ci/service-config-values.yaml b/stable/amazon-ec2-metadata-mock/ci/service-config-values.yaml deleted file mode 100644 index e0f3fd8f6..000000000 --- a/stable/amazon-ec2-metadata-mock/ci/service-config-values.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -servicePort: 1550 -serviceName: "my-aemm" diff --git a/stable/amazon-ec2-metadata-mock/templates/NOTES.txt b/stable/amazon-ec2-metadata-mock/templates/NOTES.txt deleted file mode 100644 index 58070c13e..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/NOTES.txt +++ /dev/null @@ -1,5 +0,0 @@ -{{ .Release.Name }} has been {{- if .Release.IsInstall }} installed {{ else }} updated. {{- end}} - -Some useful commands: -kubectl get pods --namespace {{ .Release.Namespace }} -kubectl port-forward service/amazon-ec2-metadata-mock 1338 diff --git a/stable/amazon-ec2-metadata-mock/templates/_helpers.tpl b/stable/amazon-ec2-metadata-mock/templates/_helpers.tpl deleted file mode 100644 index 46de543a5..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/_helpers.tpl +++ /dev/null @@ -1,103 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "amazon-ec2-metadata-mock.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "amazon-ec2-metadata-mock.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Equivalent to "amazon-ec2-metadata-mock.fullname" except that "-win" indicator is appended to the end. -Name will not exceed 63 characters. -*/}} -{{- define "amazon-ec2-metadata-mock.fullname.windows" -}} -{{- include "amazon-ec2-metadata-mock.fullname" . | trunc 59 | trimSuffix "-" | printf "%s-win" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "amazon-ec2-metadata-mock.labels" -}} -app.kubernetes.io/name: {{ include "amazon-ec2-metadata-mock.name" . }} -helm.sh/chart: {{ include "amazon-ec2-metadata-mock.chart" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "amazon-ec2-metadata-mock.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "amazon-ec2-metadata-mock.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "amazon-ec2-metadata-mock.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Get the default node selector term prefix. - -In 1.14 "beta.kubernetes.io" was deprecated and is scheduled for removal in 1.18. -See https://v1-14.docs.kubernetes.io/docs/setup/release/notes/#deprecations -*/}} -{{- define "amazon-ec2-metadata-mock.defaultNodeSelectorTermsPrefix" -}} - {{- $k8sVersion := printf "%s.%s" .Capabilities.KubeVersion.Major .Capabilities.KubeVersion.Minor | replace "+" "" -}} - {{- semverCompare "<1.18" $k8sVersion | ternary "beta.kubernetes.io" "kubernetes.io" -}} -{{- end -}} - -{{/* -Get the default node selector OS term. -*/}} -{{- define "amazon-ec2-metadata-mock.defaultNodeSelectorTermsOs" -}} - {{- list (include "amazon-ec2-metadata-mock.defaultNodeSelectorTermsPrefix" .) "os" | join "/" -}} -{{- end -}} - -{{/* -Get the default node selector Arch term. -*/}} -{{- define "amazon-ec2-metadata-mock.defaultNodeSelectorTermsArch" -}} - {{- list (include "amazon-ec2-metadata-mock.defaultNodeSelectorTermsPrefix" .) "arch" | join "/" -}} -{{- end -}} - -{{/* -Get the node selector OS term. -*/}} -{{- define "amazon-ec2-metadata-mock.nodeSelectorTermsOs" -}} - {{- or .Values.nodeSelectorTermsOs (include "amazon-ec2-metadata-mock.defaultNodeSelectorTermsOs" .) -}} -{{- end -}} - -{{/* -Get the node selector Arch term. -*/}} -{{- define "amazon-ec2-metadata-mock.nodeSelectorTermsArch" -}} - {{- or .Values.nodeSelectorTermsArch (include "amazon-ec2-metadata-mock.defaultNodeSelectorTermsArch" .) -}} -{{- end -}} \ No newline at end of file diff --git a/stable/amazon-ec2-metadata-mock/templates/clusterrole.yaml b/stable/amazon-ec2-metadata-mock/templates/clusterrole.yaml deleted file mode 100644 index 971578b72..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/clusterrole.yaml +++ /dev/null @@ -1,7 +0,0 @@ -# ClusterRole without any permissions for AEMM - -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "amazon-ec2-metadata-mock.fullname" . }} -rules: [] # empty rules array to disallow all permissions for AEMM \ No newline at end of file diff --git a/stable/amazon-ec2-metadata-mock/templates/clusterrolebinding.yaml b/stable/amazon-ec2-metadata-mock/templates/clusterrolebinding.yaml deleted file mode 100644 index 5f920a0cf..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "amazon-ec2-metadata-mock.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ template "amazon-ec2-metadata-mock.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ include "amazon-ec2-metadata-mock.fullname" . }} - apiGroup: rbac.authorization.k8s.io diff --git a/stable/amazon-ec2-metadata-mock/templates/deployment.linux.yaml b/stable/amazon-ec2-metadata-mock/templates/deployment.linux.yaml deleted file mode 100644 index 0972feabd..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/deployment.linux.yaml +++ /dev/null @@ -1,160 +0,0 @@ -{{- if (lower .Values.targetNodeOs | contains "linux") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "amazon-ec2-metadata-mock.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "amazon-ec2-metadata-mock.labels" . | indent 4 }} -spec: - replicas: {{ toYaml .Values.replicaCount }} - strategy: - type: {{ toYaml .Values.updateStrategy }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "amazon-ec2-metadata-mock.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . }}: linux - template: - metadata: - {{- if (or .Values.podAnnotations .Values.linuxPodAnnotations) }} - annotations: - {{- range $key, $value := (mergeOverwrite (dict) .Values.podAnnotations .Values.linuxPodAnnotations) }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "amazon-ec2-metadata-mock.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . }}: linux - spec: - nodeSelector: - {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . }}: linux - {{- with .Values.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.linuxNodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . | quote }} - operator: In - values: - - linux - - key: {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsArch" . | quote }} - operator: In - values: - - amd64 - - arm - - arm64 - tolerations: - {{- with .Values.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.linuxTolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "amazon-ec2-metadata-mock.serviceAccountName" . }} - hostNetwork: false # turn off host network to prevent undesired exposure of AEMM web server - {{- if .Values.configMap }} - volumes: - - name: "aemm-config" - configMap: - name: {{ .Values.configMap }} - {{- end }} - containers: - - name: {{ include "amazon-ec2-metadata-mock.name" . }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if (or .Values.arguments .Values.linuxArguments) }} - args: - {{ range .Values.arguments }} - - {{ . }} - {{ end }} - {{ range .Values.linuxArguments }} - - {{ . }} - {{ end }} - {{- end }} - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: {{ .Values.securityContext.runAsUserID }} - runAsGroup: {{ .Values.securityContext.runAsGroupID }} - allowPrivilegeEscalation: false - {{- if .Values.configMap }} - volumeMounts: - - name: "aemm-config" - mountPath: {{ with $file := .Values.configMapFileName | default "aemm-config.json" }} {{ printf "/%s/%s" "config" $file }} {{ end }} - subPath: {{ .Values.configMapFileName | default "aemm-config.json" }} - readOnly: true - {{- end }} - env: - {{- if .Values.configMap }} - - name: AEMM_CONFIG_FILE - value: {{ with $file := .Values.configMapFileName | default "aemm-config.json" }} {{ printf "/%s/%s" "config" $file }} {{ end }} - {{- end }} - - name: AEMM_SERVER_HOSTNAME # override hostname in order to listen on all available interfaces e.g. ClusterIP - value: {{ .Values.aemm.server.hostname | default "" | quote }} - {{- if .Values.aemm.mockDelaySec }} - - name: AEMM_MOCK_DELAY_SEC - value: {{ .Values.aemm.mockDelaySec | quote }} - {{- end }} - {{- if .Values.aemm.mockTriggerTime }} - - name: AEMM_MOCK_TRIGGER_TIME - value: {{ .Values.aemm.mockTriggerTime | quote }} - {{- end }} - {{- if .Values.aemm.mockIPCount }} - - name: AEMM_MOCK_IP_COUNT - value: {{ .Values.aemm.mockIPCount | quote }} - {{- end }} - {{- if .Values.aemm.imdsv2 }} - - name: AEMM_IMDSV2 - value: {{ .Values.aemm.imdsv2 | quote }} - {{- end }} - {{- if .Values.aemm.rebalanceDelaySec }} - - name: AEMM_REBALANCE_DELAY_SEC - value: {{ .Values.aemm.rebalanceDelaySec | quote }} - {{- end }} - {{- if .Values.aemm.rebalanceTriggerTime }} - - name: AEMM_REBALANCE_TRIGGER_TIME - value: {{ .Values.aemm.rebalanceTriggerTime | quote }} - {{- end }} - {{- if .Values.aemm.events.code }} - - name: AEMM_EVENTS_CODE - value: {{ .Values.aemm.events.code | quote }} - {{- end }} - {{- if .Values.aemm.events.notAfter }} - - name: AEMM_EVENTS_NOT_AFTER - value: {{ .Values.aemm.events.notAfter | quote }} - {{- end }} - {{- if .Values.aemm.events.notBefore }} - - name: AEMM_EVENTS_NOT_BEFORE - value: {{ .Values.aemm.events.notBefore | quote }} - {{- end }} - {{- if .Values.aemm.events.notBeforeDeadline }} - - name: AEMM_EVENTS_NOT_BEFORE_DEADLINE - value: {{ .Values.aemm.events.notBeforeDeadline | quote }} - {{- end }} - {{- if .Values.aemm.events.state }} - - name: AEMM_EVENTS_STATE - value: {{ .Values.aemm.events.state | quote }} - {{- end }} - {{- if .Values.aemm.spot.action }} - - name: AEMM_SPOT_ACTION - value: {{ .Values.aemm.spot.action | quote }} - {{- end }} - {{- if .Values.aemm.spot.time }} - - name: AEMM_SPOT_TIME - value: {{ .Values.aemm.spot.time | quote }} - {{- end }} - {{- if .Values.aemm.spot.rebalanceRecTime }} - - name: AEMM_SPOT_REBALANCE_REC_TIME - value: {{ .Values.aemm.spot.rebalanceRecTime | quote }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} -{{- end -}} \ No newline at end of file diff --git a/stable/amazon-ec2-metadata-mock/templates/deployment.windows.yaml b/stable/amazon-ec2-metadata-mock/templates/deployment.windows.yaml deleted file mode 100644 index 07ad0995b..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/deployment.windows.yaml +++ /dev/null @@ -1,145 +0,0 @@ -{{- if (lower .Values.targetNodeOs | contains "windows") -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "amazon-ec2-metadata-mock.fullname.windows" . }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "amazon-ec2-metadata-mock.labels" . | indent 4 }} -spec: - replicas: {{ toYaml .Values.replicaCount }} - strategy: - type: {{ toYaml .Values.updateStrategy }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "amazon-ec2-metadata-mock.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . }}: windows - template: - metadata: - {{- if (or .Values.podAnnotations .Values.windowsPodAnnotations) }} - annotations: - {{- range $key, $value := (mergeOverwrite (dict) .Values.podAnnotations .Values.windowsPodAnnotations) }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "amazon-ec2-metadata-mock.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . }}: windows - spec: - nodeSelector: - {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . }}: windows - {{- with .Values.nodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.windowsNodeSelector }} - {{- toYaml . | nindent 8 }} - {{- end }} - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsOs" . | quote }} - operator: In - values: - - windows - - key: {{ include "amazon-ec2-metadata-mock.nodeSelectorTermsArch" . | quote }} - operator: In - values: - - amd64 - tolerations: - {{- with .Values.tolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.windowsTolerations }} - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ template "amazon-ec2-metadata-mock.serviceAccountName" . }} - hostNetwork: false # turn off host network to prevent undesired exposure of AEMM web server - {{- if .Values.configMap }} - volumes: - - name: "aemm-config" - configMap: - name: {{ .Values.configMap }} - {{- end }} - containers: - - name: {{ include "amazon-ec2-metadata-mock.name" . }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if (or .Values.arguments .Values.windowsArguments) }} - args: - {{ range .Values.arguments }} - - {{ . }} - {{ end }} - {{ range .Values.windowsArguments }} - - {{ . }} - {{ end }} - {{- end }} - env: - {{- if .Values.configMap }} - - name: AEMM_CONFIG_FILE - value: {{ with $file := .Values.configMapFileName | default "aemm-config.json" }} {{ printf "/%s/%s" "config" $file }} {{ end }} - {{- end }} - - name: AEMM_SERVER_HOSTNAME # override hostname in order to listen on all available interfaces e.g. ClusterIP - value: {{ .Values.aemm.server.hostname | default "" | quote }} - {{- if .Values.aemm.mockDelaySec }} - - name: AEMM_MOCK_DELAY_SEC - value: {{ .Values.aemm.mockDelaySec | quote }} - {{- end }} - {{- if .Values.aemm.mockTriggerTime }} - - name: AEMM_MOCK_TRIGGER_TIME - value: {{ .Values.aemm.mockTriggerTime | quote }} - {{- end }} - {{- if .Values.aemm.mockIPCount }} - - name: AEMM_MOCK_IP_COUNT - value: {{ .Values.aemm.mockIPCount | quote }} - {{- end }} - {{- if .Values.aemm.imdsv2 }} - - name: AEMM_IMDSV2 - value: {{ .Values.aemm.imdsv2 | quote }} - {{- end }} - {{- if .Values.aemm.rebalanceDelaySec }} - - name: AEMM_REBALANCE_DELAY_SEC - value: {{ .Values.aemm.rebalanceDelaySec | quote }} - {{- end }} - {{- if .Values.aemm.rebalanceTriggerTime }} - - name: AEMM_REBALANCE_TRIGGER_TIME - value: {{ .Values.aemm.rebalanceTriggerTime | quote }} - {{- end }} - {{- if .Values.aemm.events.code }} - - name: AEMM_EVENTS_CODE - value: {{ .Values.aemm.events.code | quote }} - {{- end }} - {{- if .Values.aemm.events.notAfter }} - - name: AEMM_EVENTS_NOT_AFTER - value: {{ .Values.aemm.events.notAfter | quote }} - {{- end }} - {{- if .Values.aemm.events.notBefore }} - - name: AEMM_EVENTS_NOT_BEFORE - value: {{ .Values.aemm.events.notBefore | quote }} - {{- end }} - {{- if .Values.aemm.events.notBeforeDeadline }} - - name: AEMM_EVENTS_NOT_BEFORE_DEADLINE - value: {{ .Values.aemm.events.notBeforeDeadline | quote }} - {{- end }} - {{- if .Values.aemm.events.state }} - - name: AEMM_EVENTS_STATE - value: {{ .Values.aemm.events.state | quote }} - {{- end }} - {{- if .Values.aemm.spot.action }} - - name: AEMM_SPOT_ACTION - value: {{ .Values.aemm.spot.action | quote }} - {{- end }} - {{- if .Values.aemm.spot.time }} - - name: AEMM_SPOT_TIME - value: {{ .Values.aemm.spot.time | quote }} - {{- end }} - {{- if .Values.aemm.spot.rebalanceRecTime }} - - name: AEMM_SPOT_REBALANCE_REC_TIME - value: {{ .Values.aemm.spot.rebalanceRecTime | quote }} - {{- end }} - resources: - {{- toYaml .Values.resources | nindent 12 }} -{{- end -}} \ No newline at end of file diff --git a/stable/amazon-ec2-metadata-mock/templates/psp.yaml b/stable/amazon-ec2-metadata-mock/templates/psp.yaml deleted file mode 100644 index 5daeba3e5..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/psp.yaml +++ /dev/null @@ -1,60 +0,0 @@ -{{- if .Values.rbac.pspEnabled }} -apiVersion: policy/v1beta1 -kind: PodSecurityPolicy -metadata: - name: {{ template "amazon-ec2-metadata-mock.fullname" . }} - labels: -{{ include "amazon-ec2-metadata-mock.labels" . | indent 4 }} - annotations: - seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' -spec: - privileged: false - hostIPC: false - hostNetwork: false # turn off host network to prevent undesired exposure of AEMM web server - hostPorts: - - min: 1024 - max: 65535 - hostPID: false - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - allowedCapabilities: - - '*' - fsGroup: - rule: RunAsAny - runAsUser: - rule: RunAsAny - seLinux: - rule: RunAsAny - supplementalGroups: - rule: RunAsAny - volumes: - - '*' ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ template "amazon-ec2-metadata-mock.fullname" . }}-psp - labels: -{{ include "amazon-ec2-metadata-mock.labels" . | indent 4 }} -rules: - - apiGroups: ['policy'] - resources: ['podsecuritypolicies'] - verbs: ['use'] - resourceNames: - - {{ template "amazon-ec2-metadata-mock.fullname" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ template "amazon-ec2-metadata-mock.fullname" . }}-psp - labels: -{{ include "amazon-ec2-metadata-mock.labels" . | indent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "amazon-ec2-metadata-mock.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ template "amazon-ec2-metadata-mock.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end }} diff --git a/stable/amazon-ec2-metadata-mock/templates/service.yaml b/stable/amazon-ec2-metadata-mock/templates/service.yaml deleted file mode 100644 index 35d098b8b..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.serviceName }} - namespace: {{ .Release.Namespace }} - labels: -{{ include "amazon-ec2-metadata-mock.labels" . | indent 4 }} -spec: - type: "ClusterIP" - selector: - app.kubernetes.io/instance: {{ .Release.Name }} - ports: - - protocol: TCP - port: {{ .Values.servicePort | default 1338 }} - targetPort: 1338 diff --git a/stable/amazon-ec2-metadata-mock/templates/serviceaccount.yaml b/stable/amazon-ec2-metadata-mock/templates/serviceaccount.yaml deleted file mode 100644 index 5109084b4..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "amazon-ec2-metadata-mock.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- with .Values.serviceAccount.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} - labels: -{{ include "amazon-ec2-metadata-mock.labels" . | indent 4 }} \ No newline at end of file diff --git a/stable/amazon-ec2-metadata-mock/templates/tests/test-aemm-service.yaml b/stable/amazon-ec2-metadata-mock/templates/tests/test-aemm-service.yaml deleted file mode 100644 index c9adf0975..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/tests/test-aemm-service.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# E2E tests to test the following post Helm chart installation: -## a simple http request to the service -## configmap setup, if set in the values file - -# The tests are run for each *values.yaml file in helm/amazon-ec2-metadata-mock/ci folder. -# https://github.com/helm/charts/blob/master/test/README.md#providing-custom-test-values - -apiVersion: v1 -kind: Pod -metadata: - name: "{{ .Release.Name }}-helm-e2e-test" - annotations: - "helm.sh/hook": "test" - "helm.sh/hook-delete-policy": "before-hook-creation" - "helm.sh/hook-weight": "1" # create config-map first -spec: - restartPolicy: Never - {{- if .Values.configMap }} - volumes: - - name: "aemm-config" - configMap: - name: {{ .Values.configMap }} - {{- end }} - containers: - - name: simple-service-test - imagePullPolicy: "{{ .Values.test.pullPolicy }}" - image: "{{ .Values.test.image }}:{{ .Values.test.imageTag }}" - command: - - "bash" - - "-c" - - | - SERVICE_NAME=$(echo {{ .Values.serviceName }} | tr '-' '_' | tr [:lower:] [:upper:]) - HOST_VAR=$(echo "${SERVICE_NAME}_SERVICE_HOST") - PORT_VAR=$(echo "${SERVICE_NAME}_SERVICE_PORT") - ACTUAL=$(curl http://${!HOST_VAR}:${!PORT_VAR}/latest/meta-data/services/domain) - EXPECTED="amazonaws.com" - [[ "$ACTUAL" == "$EXPECTED" ]] && exit 0 || exit 1 - {{- if .Values.configMap }} - - name: config-map-test - imagePullPolicy: "{{ .Values.test.pullPolicy }}" - image: "{{ .Values.test.image }}:{{ .Values.test.imageTag }}" - volumeMounts: - - name: "aemm-config" - mountPath: "config/{{ .Values.configMapFileName }}" - subPath: {{ .Values.configMapFileName }} - readOnly: true - command: - - "bash" - - "-c" - - | - SERVICE_NAME=$(echo {{ .Values.serviceName }} | tr '-' '_' | tr [:lower:] [:upper:]) - HOST_VAR=$(echo "${SERVICE_NAME}_SERVICE_HOST") - PORT_VAR=$(echo "${SERVICE_NAME}_SERVICE_PORT") - ACTUAL=$(curl http://${!HOST_VAR}:${!PORT_VAR}/latest/meta-data/spot/termination-time) - EXPECTED="1994-05-15T00:00:00Z" - [[ "$ACTUAL" == "$EXPECTED" ]] && exit 0 || exit 1 - {{- end }} diff --git a/stable/amazon-ec2-metadata-mock/templates/tests/test-config-map.yaml b/stable/amazon-ec2-metadata-mock/templates/tests/test-config-map.yaml deleted file mode 100644 index 3df045a40..000000000 --- a/stable/amazon-ec2-metadata-mock/templates/tests/test-config-map.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# Configmap used for E2E testing -# The tests are run for each *values.yaml file in helm/amazon-ec2-metadata-mock/ci folder. - -{{- if .Values.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Values.configMap }} - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/hook": "test" - "helm.sh/hook": "pre-install" - "helm.sh/hook-weight": "-1" # # create config-map before the test pod - "helm.sh/hook-delete-policy": "before-hook-creation" -data: - {{ .Values.configMapFileName }}: | - spot: - time: "1994-05-15T00:00:00Z" -{{- end }} \ No newline at end of file diff --git a/stable/amazon-ec2-metadata-mock/values.yaml b/stable/amazon-ec2-metadata-mock/values.yaml deleted file mode 100644 index a84376829..000000000 --- a/stable/amazon-ec2-metadata-mock/values.yaml +++ /dev/null @@ -1,117 +0,0 @@ -# Default values to be passed into the chart's templates. - -image: - repository: "public.ecr.aws/aws-ec2/amazon-ec2-metadata-mock" - tag: "v1.11.2" - pullPolicy: "IfNotPresent" - -# replicaCount defines the number of pods to replicate -replicaCount: 1 - -# nameOverride overrides the name of the helm chart -nameOverride: "" -# fullnameOverride overrides the name of the application -fullnameOverride: "" - -# targetNodeOs creates node-OS specific deployments (e.g. "linux", "windows", "linux windows") -targetNodeOs: "linux" - -resources: - requests: - memory: "64Mi" - cpu: "50m" - limits: - memory: "128Mi" - cpu: "100m" - -# nodeSelector tells both linux and windows deployments where to place the amazon-ec2-metadata-mock pods -# By default, this value is empty and every node will receive a pod. -nodeSelector: {} -# linuxNodeSelector tells the linux deployments where to place the amazon-ec2-metadata-mock pods -# pods. By default, this value is empty and every linux node will receive a pod. -linuxNodeSelector: {} -# windowsNodeSelector tells the windows deployments where to place the amazon-ec2-metadata-mock pods -# pods. By default, this value is empty and every windows node will receive a pod. -windowsNodeSelector: {} - -nodeSelectorTermsOs: "" -nodeSelectorTermsArch: "" - -# podAnnotations define annotations to add to each pod -podAnnotations: {} -linuxAnnotations: {} -windowsAnnotations: {} - -# tolerations specify taints that a pod tolerates so that it can be scheduled to a node with that taint -tolerations: [] -linuxTolerations: [] -windowsTolerations: [] - -# arguments represent CLI args to use when starting amazon-ec2-metadata-mock -arguments: [] -linuxArguments: [] -windowsArguments: [] - -# updateStrategy represents the update strategy for a Deployment -updateStrategy: "RollingUpdate" -linuxUpdateStrategy: "" -windowsUpdateStrategy: "" - -rbac: - # rbac.pspEnabled, if `true` a restricted pod security policy is created and used - pspEnabled: false - -serviceAccount: - # create represents whether a service account should be created - create: true - # name is the name of the service account to use. If name is not set and create is true, - # a name is generated using fullname template - name: "amazon-ec2-metadata-mock-service-account" - annotations: {} - -securityContext: - runAsUserID: "1000" - runAsGroupID: "1000" - -# configMap represents the name of an EXISTING configMap to use -# configMap can be used to pass a config file with the complete set of AEMM configuration overrides, not just limited to AEMM CLI flags. Learn more in README. -configMap: "" - -# configMapFileName represents the name of the file used to create the configMap. Learn more in README. -# supported file extenstions - https://github.com/spf13/viper/blob/master/viper.go#L328 -configMapFileName: "aemm-config.json" - -# servicePort represents the port to run the AEMM K8s service on. This can be any port of user's choice. -# note: this port is different from the native AEMM config - aemm.server.port which is not supported when AEMM is run as a K8s service. Learn more in README. -servicePort: "1338" - -serviceName: "amazon-ec2-metadata-mock-service" - -# aemm represents all the CLI flag configuration for Amazon EC2 Metadata Mock (AEMM) -# Null / empty values here means that AEMM will run with defaults configured in the tool -# Refer to the readme for descriptions and defaults - https://github.com/aws/amazon-ec2-metadata-mock/blob/main/helm/amazon-ec2-metadata-mock/README.md -aemm: - server: - hostname: "" - mockDelaySec: 0 - mockTriggerTime: "" - mockIPCount: 2 - imdsv2: false - rebalanceDelaySec: 0 - rebalanceTriggerTime: "" - spot: - action: "" - time: "" - rebalanceRecTime: "" - events: - code: "" - notAfter: "" - notBefore: "" - notBeforeDeadline: "" - state: "" - -# test configuration -test: - image: "centos" - imageTag: "latest" - pullPolicy: "IfNotPresent"