--- apiVersion: apps/v1 kind: DaemonSet metadata: labels: addonmanager.kubernetes.io/mode: Reconcile k8s-app: node-termination-handler namespace: kube-system name: node-termination-handler spec: selector: matchLabels: k8s-app: node-termination-handler updateStrategy: type: RollingUpdate template: metadata: labels: k8s-app: node-termination-handler annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: priorityClassName: system-node-critical # Necessary to reboot node hostPID: true affinity: nodeAffinity: # Restrict to GPU nodes or preemptible nodes requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: cloud.google.com/gke-accelerator operator: Exists - matchExpressions: - key: cloud.google.com/gke-preemptible operator: Exists volumes: - name: klet-service-account hostPath: path: /var/lib/kubelet - name: klet-ca-crt hostPath: path: /etc/srv/kubernetes tolerations: # Run regardless of any existing taints. - effect: NoSchedule operator: Exists - effect: NoExecute operator: Exists containers: - image: k8s.gcr.io/gke-node-termination-handler@sha256:aca12d17b222dfed755e28a44d92721e477915fb73211d0a0f8925a1fa847cca name: node-termination-handler command: ["./node-termination-handler"] args: ["--logtostderr", "--exclude-pods=$(POD_NAME):$(POD_NAMESPACE)", "-v=10", "--kubeconfig=/var/lib/kubelet/kubeconfig", "--taint=cloud.google.com/impending-node-termination::NoSchedule"] securityContext: capabilities: # Necessary to reboot node add: ["SYS_BOOT"] env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace resources: limits: cpu: 50m memory: 30Mi volumeMounts: - name: klet-service-account mountPath: /var/lib/kubelet - name: klet-ca-crt mountPath: /etc/srv/kubernetes