add windows support

Signed-off-by: Maksim Paskal <[email protected]>

.github/workflows.old/release.yaml

@@ -0,0 +1,37 @@
+on:
+  push:
+    tags:
+    - v*
+
+permissions:
+  contents: write
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Remove Git Tags with Charts
+      run: git tag -d $(git tag -l "helm-chart-*")
+    - name: Set up Go
+      uses: actions/setup-go@v2
+      with:
+        go-version: '1.21'
+    - name: Login to Docker Hub
+      uses: docker/login-action@v1
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-buildx-action@v2
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v2
+      with:
+        distribution: goreleaser
+        version: latest
+        args: release --rm-dist
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yaml

@@ -1,37 +1,97 @@
-on:
-  push:
-    tags:
-    - v*
+on: pull_request
 
-permissions:
-  contents: write
+# on:
+#   push:
+#     tags:
+#     - v*
+
+# permissions:
+#   contents: write
+
+env:
+  IMAGE: paskalmaksim/aks-node-termination-handler:test-${{ github.run_id }}
+  #${{github.ref_name}}
 
 jobs:
-  goreleaser:
+  build:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - name: Remove Git Tags with Charts
-      run: git tag -d $(git tag -l "helm-chart-*")
     - name: Set up Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v4
       with:
         go-version: '1.21'
-    - name: Login to Docker Hub
-      uses: docker/login-action@v1
+    - name: Run GoReleaser
+      uses: goreleaser/goreleaser-action@v5
+      with:
+        distribution: goreleaser
+        version: latest
+        #args: release --clean
+        args: build --clean --skip=validate --snapshot
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    - run: cp Dockerfile ./dist/aks-node-termination-handler_linux_amd64_v1/Dockerfile
+    - run: cp Dockerfile ./dist/aks-node-termination-handler_linux_arm64/Dockerfile
+    - run: cp Dockerfile.windows ./dist/aks-node-termination-handler_windows_amd64_v1/Dockerfile
+    - run: tar -cvf release.tar ./dist
+    - uses: actions/upload-artifact@v4
+      with:
+        name: release
+        retention-days: 1
+        path: release.tar
+
+  publish-linux-amd64:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - uses: actions/download-artifact@v4
+    - run: tar xvf ./release/release.tar
+    - run: "docker build --pull --push --platform linux/amd64 -t ${{ env.IMAGE }}-linux-amd64 ."
+      working-directory: ./dist/aks-node-termination-handler_linux_amd64_v1
+
+  publish-linux-arm64:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+    - uses: docker/login-action@v3
       with:
         username: ${{ secrets.DOCKER_USERNAME }}
         password: ${{ secrets.DOCKER_PASSWORD }}
     - uses: docker/setup-qemu-action@v2
     - uses: docker/setup-buildx-action@v2
-    - name: Run GoReleaser
-      uses: goreleaser/goreleaser-action@v2
+    - uses: actions/download-artifact@v4
+    - run: tar xvf ./release/release.tar
+    - run: "docker build --pull --push --platform linux/arm64 -t ${{ env.IMAGE }}-linux-arm64 ."
+      working-directory: ./dist/aks-node-termination-handler_linux_arm64
+
+  publish-windows:
+    runs-on: windows-latest
+    needs: build
+    steps:
+    - uses: docker/login-action@v3
       with:
-        distribution: goreleaser
-        version: latest
-        args: release --rm-dist
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - uses: actions/download-artifact@v4
+    - run: tar xvf ./release/release.tar
+    - run: "docker build --pull --platform windows/amd64 -t ${{ env.IMAGE }}-windows-amd64 ."
+      working-directory: ./dist/aks-node-termination-handler_windows_amd64_v1
+    - run: docker push ${{ env.IMAGE }}-windows-amd64
+
+  publish-manifest:
+    runs-on: ubuntu-latest
+    needs: [publish-linux-amd64, publish-linux-arm64, publish-windows]
+    steps:
+    - uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - run: docker manifest create ${{ env.IMAGE }} ${{ env.IMAGE }}-linux-amd64 ${{ env.IMAGE }}-linux-arm64 ${{ env.IMAGE }}-windows-amd64
+    - run: docker manifest push ${{ env.IMAGE }}

.goreleaser.yml

@@ -4,38 +4,6 @@ release:
     ## Docker Images
     - `paskalmaksim/{{.ProjectName}}:latest`
     - `paskalmaksim/{{.ProjectName}}:{{ .Tag }}`
-docker_manifests:
-- name_template: paskalmaksim/{{.ProjectName}}:latest
-  image_templates:
-  - paskalmaksim/{{.ProjectName}}:{{.Tag}}-amd64
-  - paskalmaksim/{{.ProjectName}}:{{.Tag}}-arm64
-- name_template: paskalmaksim/{{.ProjectName}}:{{.Tag}}
-  image_templates:
-  - paskalmaksim/{{.ProjectName}}:{{.Tag}}-amd64
-  - paskalmaksim/{{.ProjectName}}:{{.Tag}}-arm64
-dockers:
-- use: buildx
-  goos: linux
-  goarch: amd64
-  image_templates:
-  - paskalmaksim/{{.ProjectName}}:{{.Tag}}-amd64
-  build_flag_templates:
-  - "--platform=linux/amd64"
-  - "--label=org.opencontainers.image.created={{.Date}}"
-  - "--label=org.opencontainers.image.title={{.ProjectName}}"
-  - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-  - "--label=org.opencontainers.image.version={{.Version}}"
-- use: buildx
-  goos: linux
-  goarch: arm64
-  image_templates:
-  - paskalmaksim/{{.ProjectName}}:{{.Tag}}-arm64
-  build_flag_templates:
-  - "--platform=linux/arm64/v8"
-  - "--label=org.opencontainers.image.created={{.Date}}"
-  - "--label=org.opencontainers.image.title={{.ProjectName}}"
-  - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-  - "--label=org.opencontainers.image.version={{.Version}}"
 builds:
 - dir: ./cmd/
   env:
@@ -46,6 +14,7 @@ builds:
   - -s -w -X github.com/maksim-paskal/aks-node-termination-handler/pkg/config.gitVersion={{.Version}}-{{.ShortCommit}}-{{.Timestamp}}
   goos:
   - linux
+  - windows
   goarch:
   - amd64
   - arm64

Dockerfile.windows

@@ -0,0 +1,8 @@
+FROM mcr.microsoft.com/windows/nanoserver:ltsc2022
+
+WORKDIR /app/
+
+COPY ./aks-node-termination-handler.exe /app/aks-node-termination-handler.exe
+USER ContainerUser
+
+ENTRYPOINT [ "/app/aks-node-termination-handler.exe" ]

Makefile

@@ -1,4 +1,4 @@
-KUBECONFIG=$(HOME)/.kube/azure-stage
+KUBECONFIG=$(HOME)/.kube/azure-test-win-cluster
 tag=dev
 image=paskalmaksim/aks-node-termination-handler:$(tag)
 telegramToken=1072104160:AAH2sFpHELeH5oxMmd-tsVjgTuzoYO6hSLM
@@ -24,7 +24,7 @@ deploy:
 	--install \
 	--namespace kube-system \
 	./charts/aks-node-termination-handler \
-	--set image=paskalmaksim/aks-node-termination-handler:dev \
+	--set image=paskalmaksim/aks-node-termination-handler:test-7706773297 \
 	--set imagePullPolicy=Always \
 	--set priorityClassName=system-node-critical \
 	--set args[0]=-telegram.token=${telegramToken} \

README.SPOT.md

@@ -0,0 +1,33 @@
+```bash
+az aks create \
+--subscription <ID> \
+--resource-group <RG> \
+--name test-win-cluster \
+--node-count 1 \
+--generate-ssh-keys \
+--windows-admin-username azure \
+--windows-admin-password 'rEplAcePassw0rd1031$' \
+--vm-set-type VirtualMachineScaleSets \
+--network-plugin azure
+
+az aks nodepool add \
+--subscription <ID> \
+--resource-group <RG> \
+--cluster-name test-win-cluster \
+--os-type Windows \
+--priority Spot \
+--eviction-policy Delete \
+--spot-max-price -1 \
+--enable-cluster-autoscaler \
+--name spot01 \
+--min-count 1 \
+--max-count 3
+
+rm ~/.kube/azure-test-win-cluster
+
+az aks get-credentials \
+--subscription <ID> \
+--resource-group <RG> \
+--name test-win-cluster \
+--file=~/.kube/azure-test-win-cluster
+```

README.md

@@ -38,7 +38,7 @@ az aks create \
 --min-count 1 \
 --max-count 3
 
-# Create nodepool with Spot Virtual Machines and autoscaling
+# Create Linux nodepool with Spot Virtual Machines and autoscaling
 az aks nodepool add \
 --resource-group test-aks-group-eastus \
 --cluster-name MyManagedCluster \
@@ -51,6 +51,19 @@ az aks nodepool add \
 --min-count 0 \
 --max-count 10
 
+# Create Windows nodepool with Spot Virtual Machines and autoscaling
+az aks nodepool add \
+--resource-group test-aks-group-eastus \
+--cluster-name MyManagedCluster \
+--os-type Windows \
+--priority Spot \
+--eviction-policy Delete \
+--spot-max-price -1 \
+--enable-cluster-autoscaler \
+--name spot01 \
+--min-count 1 \
+--max-count 3
+
 # Get config to connect to cluster
 az aks get-credentials \
 --resource-group test-aks-group-eastus \

charts/aks-node-termination-handler/templates/daemonset.yaml

@@ -50,15 +50,7 @@ spec:
         image: {{ .Values.image }}
         imagePullPolicy: {{ .Values.imagePullPolicy }}
         securityContext:
-          runAsNonRoot: true
-          runAsUser: 30523
-          runAsGroup: 30523
-          privileged: false
-          readOnlyRootFilesystem: true
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
+{{ toYaml .Values.securityContext | indent 10 }}
         args:
         {{- range .Values.args }}
         - {{ . }}

charts/aks-node-termination-handler/values.yaml

@@ -29,6 +29,17 @@ extraVolumeMounts: []
 metrics:
   addAnnotations: true
 
+securityContext:
+  runAsNonRoot: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  windowsOptions:
+    runAsUserName: "ContainerUser"
+
 tolerations:
 - key: "kubernetes.azure.com/scalesetpriority"
   operator: "Equal"
@@ -42,7 +53,6 @@ nodeSelector: {}
 
 resources:
   limits:
-    cpu: 20m
     memory: 100Mi
   requests:
     cpu: 20m