| # Copyright 2018 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # https://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # This file contains Kubernetes YAML files for the most important prow |
| # components. Don't edit resources in this file. Instead, pull them out into |
| # their own files. |
| --- |
| apiVersion: v1 |
| kind: ConfigMap |
| metadata: |
| name: plugins |
| data: |
| plugins.yaml: "" |
| --- |
| apiVersion: apiextensions.k8s.io/v1beta1 |
| kind: CustomResourceDefinition |
| metadata: |
| name: prowjobs.prow.k8s.io |
| spec: |
| group: prow.k8s.io |
| version: v1 |
| names: |
| kind: ProwJob |
| singular: prowjob |
| plural: prowjobs |
| scope: Namespaced |
| validation: |
| openAPIV3Schema: |
| properties: |
| spec: |
| properties: |
| max_concurrency: |
| type: integer |
| minimum: 0 |
| type: |
| type: string |
| enum: |
| - "presubmit" |
| - "postsubmit" |
| - "periodic" |
| - "batch" |
| status: |
| properties: |
| state: |
| type: string |
| enum: |
| - "triggered" |
| - "pending" |
| - "success" |
| - "failure" |
| - "aborted" |
| - "error" |
| anyOf: |
| - not: |
| properties: |
| state: |
| type: string |
| enum: |
| - "success" |
| - "failure" |
| - "error" |
| - "aborted" |
| - required: |
| - completionTime |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: plank |
| labels: |
| app: plank |
| spec: |
| replicas: 1 # Do not scale up. |
| template: |
| metadata: |
| labels: |
| app: plank |
| spec: |
| serviceAccountName: plank |
| containers: |
| - name: plank |
| image: gcr.io/k8s-prow/plank:v20181203-6a1345b |
| args: |
| - --dry-run=false |
| - --github-token-path= |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: sinker |
| labels: |
| app: sinker |
| spec: |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: sinker |
| spec: |
| serviceAccountName: sinker |
| containers: |
| - name: sinker |
| image: gcr.io/k8s-prow/sinker:v20181203-6a1345b |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: deck |
| labels: |
| app: deck |
| spec: |
| replicas: 2 |
| strategy: |
| type: RollingUpdate |
| rollingUpdate: |
| maxSurge: 1 |
| maxUnavailable: 1 |
| template: |
| metadata: |
| labels: |
| app: deck |
| spec: |
| serviceAccountName: deck |
| terminationGracePeriodSeconds: 30 |
| containers: |
| - name: deck |
| image: gcr.io/k8s-prow/deck:v20181203-6a1345b |
| ports: |
| - name: http |
| containerPort: 8080 |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: deck |
| spec: |
| selector: |
| app: deck |
| ports: |
| - port: 80 |
| targetPort: 8080 |
| type: NodePort |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: horologium |
| labels: |
| app: horologium |
| spec: |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: horologium |
| spec: |
| serviceAccountName: horologium |
| terminationGracePeriodSeconds: 30 |
| containers: |
| - name: horologium |
| image: gcr.io/k8s-prow/horologium:v20181203-6a1345b |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Ingress |
| metadata: |
| name: ing |
| spec: |
| rules: |
| - http: |
| paths: |
| - path: /* |
| backend: |
| serviceName: deck |
| servicePort: 80 |
| ### Cluster rbac rules |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "deck" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "deck" |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - pods/log |
| verbs: |
| - get |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - get |
| - list |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "deck" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "deck" |
| subjects: |
| - kind: ServiceAccount |
| name: "deck" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "horologium" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "horologium" |
| rules: |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - create |
| - list |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "horologium" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "horologium" |
| subjects: |
| - kind: ServiceAccount |
| name: "horologium" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "plank" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "plank" |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - pods |
| verbs: |
| - create |
| - delete |
| - list |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - create |
| - list |
| - update |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "plank" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "plank" |
| subjects: |
| - kind: ServiceAccount |
| name: "plank" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "sinker" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "sinker" |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - pods |
| verbs: |
| - delete |
| - list |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - delete |
| - list |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "sinker" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "sinker" |
| subjects: |
| - kind: ServiceAccount |
| name: "sinker" |