kube-aws / kube-spot-termination-notice-handler Goto Github PK

What do you think to integrate this with https://github.com/pusher/k8s-spot-rescheduler/?

As we generate images based both on the kubectl version (directly tied to the Kubernetes release version) and the version of this tool, we need to decide how many versions of Kubernetes we should support.
I mean the MINOR version numbers - so, for example, LATEST is currently 1.13.4, LATEST-1 is 1.12.6 - at time of writing.

My suggestion is to support LATEST, LATEST-1, LATEST-2 at their highest PATCH version level.

This would involve creating version branches for the MINOR k8s, and applying tags in these branches, after backporting new features.
We would create branches 1.13, 1.12, and 1.11 and figure out the easiest way to port changes to them.

Thoughts?

Hi,

We would like to use the detaching feature.

1. We use kubectl annotate serviceaccount to provide a service-account for spot-termination-handler pod.
2. It provides AWS_ROLE_ARN & AWS_WEB_IDENTITY_TOKEN_FILE environment variables.

$ env | grep AWS
AWS_ROLE_ARN=arn:aws:iam::XXXXXXXXXX:role/XXXXXXXXXXXX-eu-west-1-kube-system-spot-termination-handler
AWS_WEB_IDENTITY_TOKEN_FILE=/var/run/secrets/eks.amazonaws.com/serviceaccount/token

3. AWS cli version 1.16.199 installed in the docker image kubeaws/kube-spot-termination-notice-handler:1.13.7-1 does not support resolving credentials via STS AssumeRoleWithWebIdentity.
   There is an error:

An error occurred (AccessDenied) when calling the DescribeAutoScalingInstances operation: User: arn:aws:sts::XXXXXXXXXXX:assumed-role/XXXXXX-eks-worker-eu-west-1/i-xxxxxxxx is not authorized to perform: autoscaling:DescribeAutoScalingInstances

AWS cli ignores AWS_ROLE_ARN & AWS_WEB_IDENTITY_TOKEN_FILE.
This feature was introduced only in the version 1.16.210 - https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst#116210

Could you please upgrade the aws cli (with version >1.16.210) and build a new docker image.

Additionally, it would be great to have an option to add rbac.serviceAccountAnnotations to the Helm Chart as was done for cluster-autoscaler, for example:
https://github.com/helm/charts/blob/master/stable/cluster-autoscaler/templates/serviceaccount.yaml#L10

In this case we can replace running kubectl annotate serviceaccount and restarting pods manually with setting annotations as Helm values:

--set rbac.serviceAccountAnnotations."eks\.amazonaws\.com/role-arn"=${TF_STATE[cluster_autoscaler_iam_role]} \

Thank you.

Best regards,
Mikalai

Not really an issue but noticed when deploying this that the most recent image is not actually in docker hub. I created my own image for the time being but wanted to note that it's not building these images on tag.

https://hub.docker.com/r/kubeaws/kube-spot-termination-notice-handler/tags

I want to know if this repo is available when using managed node groups, also when this tool gracefully terminate the pods, how it handle the pvc which pods attached to

This might be a stupid but short question. In the script and dockerfile I don't see anyplace where the user enters the credentials of the cluster, yet still kubectl is able to drain a node. What kind of authentication is behind this? Is it using some intrinsic k8s feature? Please educate me.

Thanks.

The Helm Chart repo stable/k8s-spot-termination-handler is deprecated now.
Is there any new location to fetch the Chart from?

Hi,

We removed most of IAM policy from instance role of worker node since EKS support IAM roles for service account and some apps like cluster-autoscaler already support it.

but we got below error log

[k8s-spot-termination-handler] An error occurred (AccessDenied) when calling the DescribeAutoScalingInstances operation: User: arn:aws:sts::xxxxx:assumed-role/sxxxx/i-xxxx is not authorized to perform: autoscaling:DescribeAutoScalingInstances

I think this is because we turned the ASG detach feature, so I'm wondering if spot-termination-handler support IAM roles for service account ? If not, what are the minimum required IAM policies for it so I can added it back to instance role? It would be appreciated if you can document on README,

Thanks.

I think there's a permissions issue - maybe I don't have the right access level to set up the automatic build?

Can someone with access to the Settings for this repo please check if there's an integration with Docker set up? Alternatively, bump my access so I can fix it. 😃

We need one set up to trigger the builds.
See https://hub.docker.com/r/kubeaws/kube-spot-termination-notice-handler/~/settings/automated-builds/

This project is active? if yes, I would like to contribute. saw the version is quite older.

Let me know if need help here or I should use another tool

thanks!

Hi,

Due to --force drain - application is closing connection in Nginx containers ( Using all spot instances for Kubernetes cluster )

I would like to remove --force from below command in entrypoint.sh.

kubectl drain "${NODE_NAME}" --force --ignore-daemonsets --delete-local-data --grace-period="${GRACE_PERIOD}"

please let me know possible solution.

Thanks

Hi Team,

Please add suport for MS Teams notification WebHook

https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using

Thanks in advance

Is your feature request related to a problem? Please describe.
ARM support for AWS gravtion2 processors

Describe the solution you'd like
should be able to be achieved within the build pipeline with the following:

docker buildx install
docker buildx create --use
docker buildx build --platform linux/amd64,linux/arm64 . -t kubeaws/kube-spot-termination-notice-handler:latest --push

Acceptance Criteria

• A latest image is generated from the master branch, on commit.
• A version-tagged image is generated when a tag is made to the git repo.
• The README is updated to indicate where the image repository is.

Hello,
the last commit was 3 years ago so I was wondering if this projet is still alive ?
Also I have seen there is a project call aws node termination handler that seem pretty similar to this one.
What are your recommandation around this project ?

I'm running spot fleets currently and testing out the commands that will detach the ASG seems to work. I'm curious if there was something behind the scenes that I was unaware of that would cause problems?

Many of our pods use local storage but can still be drained. We should be able to (optionally?) specify the --delete-local-storage option on drain

Now that AWS has https://github.com/aws/aws-node-termination-handler available, should we start contributing to that?
I like that theirs is in Golang, but we have more features...