blob: 756942e25f8194084247fdd23a308d9351ada5f6 [file] [log] [blame]
# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# This file contains Kubernetes YAML files for the most important prow
# components. Don't edit resources in this file. Instead, pull them out into
# their own files.
---
apiVersion: v1
kind: ConfigMap
metadata:
name: plugins
data:
plugins.yaml: ""
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: prowjobs.prow.k8s.io
spec:
group: prow.k8s.io
version: v1
names:
kind: ProwJob
singular: prowjob
plural: prowjobs
scope: Namespaced
validation:
openAPIV3Schema:
properties:
spec:
properties:
max_concurrency:
type: integer
minimum: 0
type:
type: string
enum:
- "presubmit"
- "postsubmit"
- "periodic"
- "batch"
status:
properties:
state:
type: string
enum:
- "triggered"
- "pending"
- "success"
- "failure"
- "aborted"
- "error"
anyOf:
- not:
properties:
state:
type: string
enum:
- "success"
- "failure"
- "error"
- "aborted"
- required:
- completionTime
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: plank
labels:
app: plank
spec:
replicas: 1 # Do not scale up.
template:
metadata:
labels:
app: plank
spec:
serviceAccountName: plank
containers:
- name: plank
image: gcr.io/k8s-prow/plank:v20181203-6a1345b
args:
- --dry-run=false
- --github-token-path=
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
volumes:
- name: config
configMap:
name: config
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: sinker
labels:
app: sinker
spec:
replicas: 1
template:
metadata:
labels:
app: sinker
spec:
serviceAccountName: sinker
containers:
- name: sinker
image: gcr.io/k8s-prow/sinker:v20181203-6a1345b
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
volumes:
- name: config
configMap:
name: config
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: deck
labels:
app: deck
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: deck
spec:
serviceAccountName: deck
terminationGracePeriodSeconds: 30
containers:
- name: deck
image: gcr.io/k8s-prow/deck:v20181203-6a1345b
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
volumes:
- name: config
configMap:
name: config
---
apiVersion: v1
kind: Service
metadata:
name: deck
spec:
selector:
app: deck
ports:
- port: 80
targetPort: 8080
type: NodePort
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: horologium
labels:
app: horologium
spec:
replicas: 1
template:
metadata:
labels:
app: horologium
spec:
serviceAccountName: horologium
terminationGracePeriodSeconds: 30
containers:
- name: horologium
image: gcr.io/k8s-prow/horologium:v20181203-6a1345b
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
volumes:
- name: config
configMap:
name: config
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: ing
spec:
rules:
- http:
paths:
- path: /*
backend:
serviceName: deck
servicePort: 80
### Cluster rbac rules
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "deck"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "deck"
rules:
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- get
- list
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "deck"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "deck"
subjects:
- kind: ServiceAccount
name: "deck"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "horologium"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "horologium"
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- create
- list
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "horologium"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "horologium"
subjects:
- kind: ServiceAccount
name: "horologium"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "plank"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "plank"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- list
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- create
- list
- update
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "plank"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "plank"
subjects:
- kind: ServiceAccount
name: "plank"
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: "sinker"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "sinker"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- list
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- delete
- list
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: "sinker"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "sinker"
subjects:
- kind: ServiceAccount
name: "sinker"