[helm] Add PDB and update label patterns (#463)

Author: stevehipwell

config/helm/aws-node-termination-handler/README.md

@@ -99,6 +99,7 @@ Parameter | Description | Default
 `managedAsgTag` | The tag to ensure is on a node if checkASGTagBeforeDraining is true | `aws-node-termination-handler/managed`
 `workers` | The maximum amount of parallel event processors | `10`
 `replicas` | The number of replicas in the NTH deployment when using queue-processor mode (NOTE: increasing replicas may cause duplicate webhooks since NTH pods are stateless) | `1`
+`podDisruptionBudget` | Limit the disruption for controller pods, requires at least 2 controller replicas | `{}`
 
 ### AWS Node Termination Handler - IMDS Mode Configuration
 

config/helm/aws-node-termination-handler/templates/_helpers.tpl

@@ -36,16 +36,22 @@ Name will not exceed 63 characters.
 Common labels
 */}}
 {{- define "aws-node-termination-handler.labels" -}}
-app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
 helm.sh/chart: {{ include "aws-node-termination-handler.chart" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-k8s-app: aws-node-termination-handler
+{{ include "aws-node-termination-handler.selectorLabels" . }}
 {{- if .Chart.AppVersion }}
 app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
 {{- end }}
 app.kubernetes.io/managed-by: {{ .Release.Service }}
 {{- end -}}
 
+{{/*
+Selector labels
+*/}}
+{{- define "aws-node-termination-handler.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
 {{/*
 Create chart name and version as used by the chart label.
 */}}

config/helm/aws-node-termination-handler/templates/daemonset.linux.yaml

@@ -5,7 +5,7 @@ metadata:
   name: {{ include "aws-node-termination-handler.fullname" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
 spec:
   {{- if (or .Values.updateStrategy .Values.linuxUpdateStrategy) }}
   updateStrategy:
@@ -18,8 +18,7 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }}
       {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
   template:
     metadata:
@@ -30,8 +29,7 @@ spec:
       {{- end }}
       {{- end }}
       labels:
-        app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }}
         k8s-app: aws-node-termination-handler
         {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
       {{- range $key, $value := (mergeOverwrite (dict) .Values.podLabels .Values.linuxPodLabels) }}

config/helm/aws-node-termination-handler/templates/daemonset.windows.yaml

@@ -5,7 +5,7 @@ metadata:
   name: {{ include "aws-node-termination-handler.fullname.windows" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
 spec:
   {{- if (or .Values.updateStrategy .Values.windowsUpdateStrategy) }}
   updateStrategy:
@@ -18,8 +18,7 @@ spec:
   {{- end }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }}
       {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: windows
   template:
     metadata:
@@ -30,8 +29,7 @@ spec:
       {{- end }}
       {{- end }}
       labels:
-        app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }}
         k8s-app: aws-node-termination-handler
         {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: windows
       {{- range $key, $value := (mergeOverwrite (dict) .Values.podLabels .Values.windowsPodLabels) }}

config/helm/aws-node-termination-handler/templates/deployment.yaml

@@ -5,13 +5,12 @@ metadata:
   name: {{ include "aws-node-termination-handler.fullname" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
 spec:
   replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
-      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }}
       {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
   template:
     metadata:
@@ -20,8 +19,7 @@ spec:
         {{ $key }}: {{ $value | quote }}
       {{- end }}
       labels:
-        app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
-        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- include "aws-node-termination-handler.selectorLabels" . | nindent 8 }}
         k8s-app: aws-node-termination-handler
         {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
       {{- range $key, $value := .Values.podLabels }}

config/helm/aws-node-termination-handler/templates/pdb.yaml

@@ -0,0 +1,13 @@
+{{- if and .Values.enableSqsTerminationDraining (and .Values.podDisruptionBudget (gt (int .Values.replicas) 1)) }}
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "aws-node-termination-handler.fullname" . }}
+  labels:
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }}
+  {{- toYaml .Values.podDisruptionBudget | nindent 2 }}
+{{- end }}

config/helm/aws-node-termination-handler/templates/podmonitor.yaml

@@ -9,10 +9,10 @@ metadata:
   namespace: {{ .Release.Namespace }}
   {{- end }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
-{{- with .Values.podMonitor.labels }}
-{{ toYaml . | indent 4 }}
-{{- end }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
+  {{- with .Values.podMonitor.labels }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
   jobLabel: {{ include "aws-node-termination-handler.name" . }}
   namespaceSelector:
@@ -25,5 +25,5 @@ spec:
   sampleLimit: {{ .Values.podMonitor.sampleLimit }}
   selector:
     matchLabels:
-      app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
+      {{- include "aws-node-termination-handler.selectorLabels" . | nindent 6 }}
 {{- end }}

config/helm/aws-node-termination-handler/templates/psp.yaml

@@ -4,7 +4,7 @@ kind: PodSecurityPolicy
 metadata:
   name: {{ template "aws-node-termination-handler.fullname" . }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
   annotations:
     seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
 spec:
@@ -38,7 +38,7 @@ metadata:
   name: {{ template "aws-node-termination-handler.fullname" . }}-psp
   namespace: {{ .Release.Namespace }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
 rules:
   - apiGroups: ['policy']
     resources: ['podsecuritypolicies']
@@ -52,7 +52,7 @@ metadata:
   name: {{ template "aws-node-termination-handler.fullname" . }}-psp
   namespace: {{ .Release.Namespace }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role

config/helm/aws-node-termination-handler/templates/serviceaccount.yaml

@@ -6,8 +6,8 @@ metadata:
   namespace: {{ .Release.Namespace }}
 {{- with .Values.serviceAccount.annotations }}
   annotations:
-{{ toYaml . | indent 4 }}
+    {{- toYaml . | nindent 4 }}
 {{- end }}
   labels:
-{{ include "aws-node-termination-handler.labels" . | indent 4 }}
+    {{- include "aws-node-termination-handler.labels" . | nindent 4 }}
 {{- end -}}

config/helm/aws-node-termination-handler/values.yaml

@@ -219,3 +219,8 @@ workers: 10
 
 # The number of replicas in the NTH deployment when using queue-processor mode (NOTE: increasing this may cause duplicate webhooks since NTH pods are stateless)
 replicas: 1
+
+# podDisruptionBudget specifies the disruption budget for the controller pods.
+# Disruption budget will be configured only when the replicaCount is greater than 1
+podDisruptionBudget: {}
+#  maxUnavailable: 1