add Windows node support

Dockerfile.windows

@@ -0,0 +1,31 @@
+ARG WINDOWS_VERSION=1903
+
+# Build the manager binary
+FROM --platform=windows/amd64 golang:1.14 as builder
+
+## GOLANG env
+ENV GO111MODULE="on" CGO_ENABLED="0" GOOS="windows" GOARCH="amd64"
+ARG GOPROXY="https://proxy.golang.org,direct"
+
+# Copy go.mod and download dependencies
+WORKDIR /node-termination-handler
+COPY go.mod .
+COPY go.sum .
+RUN go mod download
+
+# Build
+COPY . .
+RUN go build -a -tags nth${GOOS} -o build/node-termination-handler cmd/node-termination-handler.go
+
+# In case the target is build for testing:
+# $ docker build  --target=builder -t test .
+ENTRYPOINT ["/node-termination-handler/build/node-termination-handler"]
+
+# Copy the controller-manager into a thin image
+FROM mcr.microsoft.com/windows/nanoserver:${WINDOWS_VERSION}
+WORKDIR /
+COPY --from=builder /windows/system32/netapi32.dll /windows/system32/
+COPY --from=builder /node-termination-handler/build/node-termination-handler .
+COPY THIRD_PARTY_LICENSES .
+ENTRYPOINT ["/node-termination-handler"]
+

Makefile

@@ -80,6 +80,9 @@ sync-readme-to-dockerhub:
 unit-test: create-build-dir
 	go test -bench=. ${MAKEFILE_PATH}/... -v -coverprofile=coverage.txt -covermode=atomic -outputdir=${BUILD_DIR_PATH}
 
+unit-test-linux:
+	${MAKEFILE_PATH}/scripts/run-unit-tests-in-docker
+
 build: create-build-dir compile
 
 helm-tests: helm-sync-test helm-version-sync-test

config/helm/aws-node-termination-handler/README.md

@@ -72,12 +72,20 @@ Parameter | Description | Default
 `taintNode` | If true, nodes will be tainted when an interruption event occurs. Currently used taint keys are `aws-node-termination-handler/scheduled-maintenance` and `aws-node-termination-handler/spot-itn` | `false`
 `jsonLogging` | If true, use JSON-formatted logs instead of human readable logs. | `false`
 `affinity` | node/pod affinities | None
+`linuxAffinity` | Linux node/pod affinities | None
+`windowsAffinity` | Windows node/pod affinities | None
 `podAnnotations` | annotations to add to each pod | `{}`
+`linuxPodAnnotations` | Linux annotations to add to each pod | `{}`
+`windowsPodAnnotations` | Windows annotations to add to each pod | `{}`
 `podLabels` | labels to add to each pod | `{}`
+`linuxPodLabels` | labels to add to each Linux pod | `{}`
+`windowsPodLabels` | labels to add to each Windows pod | `{}`
 `priorityClassName` | Name of the priorityClass | `system-node-critical`
 `resources` | Resources for the pods | `requests.cpu: 50m, requests.memory: 64Mi, limits.cpu: 100m, limits.memory: 128Mi`
-`dnsPolicy` | DaemonSet DNS policy | `ClusterFirstWithHostNet`
-`nodeSelector` | Tells the daemon set where to place the node-termination-handler pods. For example: `lifecycle: "Ec2Spot"`, `on-demand: "false"`, `aws.amazon.com/purchaseType: "spot"`, etc. Value must be a valid yaml expression. | `{}`
+`dnsPolicy` | DaemonSet DNS policy | Linux: `ClusterFirstWithHostNet`, Windows: `ClusterFirst`
+`nodeSelector` | Tells the all daemon sets where to place the node-termination-handler pods. For example: `lifecycle: "Ec2Spot"`, `on-demand: "false"`, `aws.amazon.com/purchaseType: "spot"`, etc. Value must be a valid yaml expression. | `{}`
+`linuxNodeSelector` | Tells the Linux daemon set where to place the node-termination-handler pods. For example: `lifecycle: "Ec2Spot"`, `on-demand: "false"`, `aws.amazon.com/purchaseType: "spot"`, etc. Value must be a valid yaml expression. | `{}`
+`windowsNodeSelector` | Tells the Windows daemon set where to place the node-termination-handler pods. For example: `lifecycle: "Ec2Spot"`, `on-demand: "false"`, `aws.amazon.com/purchaseType: "spot"`, etc. Value must be a valid yaml expression. | `{}`
 `tolerations` | list of node taints to tolerate | `[ {"operator": "Exists"} ]`
 `rbac.create` | if `true`, create and use RBAC resources | `true`
 `rbac.pspEnabled` | If `true`, create and use a restricted pod security policy | `false`
@@ -86,9 +94,10 @@ Parameter | Description | Default
 `serviceAccount.annotations` | Specifies the annotations for ServiceAccount       | `{}`
 `procUptimeFile` | (Used for Testing) Specify the uptime file | `/proc/uptime`
 `securityContext.runAsUserID` | User ID to run the container | `1000`
-`securityContext.runAsGroupID` | Group ID to run the container | `1000`
-`nodeSelectorTermsOs` | Operating System Node Selector Key | `beta.kubernetes.io/os`
-`nodeSelectorTermsArch` | CPU Architecture Node Selector Key | `beta.kubernetes.io/arch`
+`securityContext.runAsGroupID` | Group ID to run the container | `1000` 
+`nodeSelectorTermsOs` | Operating System Node Selector Key | >=1.14: `kubernetes.io/os`, <1.14: `beta.kubernetes.io/os`
+`nodeSelectorTermsArch` | CPU Architecture Node Selector Key | >=1.14: `kubernetes.io/arch`, <1.14: `beta.kubernetes.io/arch`
+`targetNodeOs | Space separated list of node OS's to target, e.g. "linux", "windows", "linux windows".  Note: Windows support is experimental. | `"linux"`
 `enablePrometheusServer` | If true, start an http server exposing `/metrics` endpoint for prometheus. | `false`
 `prometheusServerPort` | Replaces the default HTTP port for exposing prometheus metrics. | `9092`
 

config/helm/aws-node-termination-handler/templates/_helpers.tpl

@@ -24,6 +24,14 @@ If release name contains chart name it will be used as a full name.
 {{- end -}}
 {{- end -}}
 
+{{/*
+Equivalent to "aws-node-termination-handler.fullname" except that "-win" indicator is appended to the end.
+Name will not exceed 63 characters.
+*/}}
+{{- define "aws-node-termination-handler.fullname.windows" -}}
+{{- include "aws-node-termination-handler.fullname" . | trunc 59 | trimSuffix "-" | printf "%s-win" -}}
+{{- end -}}
+
 {{/*
 Common labels
 */}}
@@ -55,3 +63,41 @@ Create the name of the service account to use
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Get the default node selector term prefix.
+
+In 1.14 "beta.kubernetes.io" was deprecated and is scheduled for removal in 1.18.
+See https://v1-14.docs.kubernetes.io/docs/setup/release/notes/#deprecations
+*/}}
+{{- define "aws-node-termination-handler.defaultNodeSelectorTermsPrefix" -}}
+    {{- semverCompare "<1.14" .Capabilities.KubeVersion.Version | ternary "beta.kubernetes.io" "kubernetes.io" -}}
+{{- end -}}
+
+{{/*
+Get the default node selector OS term.
+*/}}
+{{- define "aws-node-termination-handler.defaultNodeSelectorTermsOs" -}}
+    {{- list (include "aws-node-termination-handler.defaultNodeSelectorTermsPrefix" .) "os" | join "/" -}}
+{{- end -}}
+
+{{/*
+Get the default node selector Arch term.
+*/}}
+{{- define "aws-node-termination-handler.defaultNodeSelectorTermsArch" -}}
+    {{- list (include "aws-node-termination-handler.defaultNodeSelectorTermsPrefix" .) "arch" | join "/" -}}
+{{- end -}}
+
+{{/*
+Get the node selector OS term.
+*/}}
+{{- define "aws-node-termination-handler.nodeSelectorTermsOs" -}}
+    {{- or .Values.nodeSelectorTermsOs (include "aws-node-termination-handler.defaultNodeSelectorTermsOs" .) -}}
+{{- end -}}
+
+{{/*
+Get the node selector Arch term.
+*/}}
+{{- define "aws-node-termination-handler.nodeSelectorTermsArch" -}}
+    {{- or .Values.nodeSelectorTermsArch (include "aws-node-termination-handler.defaultNodeSelectorTermsArch" .) -}}
+{{- end -}}

config/helm/aws-node-termination-handler/templates/daemonset.yaml → config/helm/aws-node-termination-handler/templates/daemonset.linux.yaml

@@ -1,3 +1,4 @@
+{{- if (lower .Values.targetNodeOs | contains "linux") -}}
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -6,56 +7,69 @@ metadata:
   labels:
 {{ include "aws-node-termination-handler.labels" . | indent 4 }}
 spec:
+  {{- if (or .Values.updateStrategy .Values.linuxUpdateStrategy) }}
   updateStrategy:
-{{ toYaml .Values.updateStrategy | indent 4 }}
+    {{- with .Values.updateStrategy }}
+      {{- toYaml . | indent 4 }}
+    {{- end }}
+    {{- with .Values.linuxUpdateStrategy }}
+      {{- toYaml . | indent 4 }}
+    {{- end }}
+  {{- end }}
   selector:
     matchLabels:
       app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
       app.kubernetes.io/instance: {{ .Release.Name }}
+      {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
   template:
     metadata:
-      {{- if .Values.podAnnotations }}
+      {{- if (or .Values.podAnnotations .Values.linuxPodAnnotations) }}
       annotations:
-      {{- range $key, $value := .Values.podAnnotations }}
+      {{- range $key, $value := (mergeOverwrite (dict) .Values.podAnnotations .Values.linuxPodAnnotations) }}
         {{ $key }}: {{ $value | quote }}
       {{- end }}
       {{- end }}
       labels:
         app.kubernetes.io/name: {{ include "aws-node-termination-handler.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
         k8s-app: aws-node-termination-handler
-      {{- range $key, $value := .Values.podLabels }}
+        {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
+      {{- range $key, $value := (mergeOverwrite (dict) .Values.podLabels .Values.linuxPodLabels) }}
         {{ $key }}: {{ $value | quote }}
       {{- end }}
     spec:
       volumes:
         - name: "uptime"
           hostPath:
-            path: "{{ .Values.procUptimeFile }}"
-      priorityClassName: "{{ .Values.priorityClassName }}"
+            path: {{ .Values.procUptimeFile | default "/proc/uptime" | quote }}
+      priorityClassName: {{ .Values.priorityClassName | quote }}
       affinity:
         nodeAffinity:
-          # NOTE(jaypipes): Change when we complete
-          # https://github.com/aws/aws-node-termination-handler/issues/8
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
               - matchExpressions:
-                  - key: {{ .Values.nodeSelectorTermsOs | default "beta.kubernetes.io/os" | quote }}
-                    operator: In
-                    values:
-                      - linux
-                  - key: {{ .Values.nodeSelectorTermsArch | default "beta.kubernetes.io/arch" | quote }}
-                    operator: In
-                    values:
-                      - amd64
-                      - arm
-                      - arm64
+                - key: {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . | quote }}
+                  operator: In
+                  values:
+                    - linux
+                - key: {{ include "aws-node-termination-handler.nodeSelectorTermsArch" . | quote }}
+                  operator: In
+                  values:
+                    - amd64
+                    - arm64
+                    - arm
+        {{- with .Values.affinity }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.linuxAffinity }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       serviceAccountName: {{ template "aws-node-termination-handler.serviceAccountName" . }}
       hostNetwork: true
-      dnsPolicy: {{ .Values.dnsPolicy }}
+      dnsPolicy: {{ .Values.dnsPolicy | default "ClusterFirstWithHostNet" | quote }}
       containers:
         - name: {{ include "aws-node-termination-handler.name" . }}
-          image: {{ .Values.image.repository}}:{{ .Values.image.tag }}
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
             readOnlyRootFilesystem: true
@@ -65,7 +79,7 @@ spec:
             allowPrivilegeEscalation: false
           volumeMounts:
             - name: "uptime"
-              mountPath: "/proc/uptime"
+              mountPath: {{ .Values.procUptimeFile | default "/proc/uptime" | quote }}
               readOnly: true
           env:
           - name: NODE_NAME
@@ -125,27 +139,30 @@ spec:
             value: {{ .Values.jsonLogging | quote }}
           - name: WEBHOOK_PROXY
             value: {{ .Values.webhookProxy | quote }}
+          - name: UPTIME_FROM_FILE
+            value: {{ .Values.procUptimeFile | quote }}
           - name: ENABLE_PROMETHEUS_SERVER
             value: {{ .Values.enablePrometheusServer | quote }}
           - name: PROMETHEUS_SERVER_PORT
             value: {{ .Values.prometheusServerPort | quote }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
       nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        {{ include "aws-node-termination-handler.nodeSelectorTermsOs" . }}: linux
+        {{- with .Values.nodeSelector }}
+          {{- . | nindent 8 }}
+        {{- end }}
+        {{- with .Values.linuxNodeSelector }}
+          {{- . | nindent 8 }}
+        {{- end }}
       {{- if .Values.image.pullSecrets }}
       imagePullSecrets:
       {{- range .Values.image.pullSecrets }}
         - name: {{ . }}
       {{- end }}
       {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
     {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+{{- end -}}