Closed t0ny-peng closed 4 years ago
The README suggests deploying the app via helm helm install stable/k8s-spot-termination-handler
.
The pod itself runs under a serviceaccount with the k8s permission to create pod/eviction resources, which is what is required for the kubectl drain node
command.
If you inspect the helm chart, you'll find what I'm talking about :)
@edify42 Thanks Ted. That's really helpful.
This might be a stupid but short question. In the script and dockerfile I don't see anyplace where the user enters the credentials of the cluster, yet still
kubectl
is able to drain a node. What kind of authentication is behind this? Is it using some intrinsic k8s feature? Please educate me.Thanks.