| # Copyright 2018 Google LLC |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # https://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # This file contains Kubernetes YAML files for the most important prow |
| # components. Don't edit resources in this file. Instead, pull them out into |
| # their own files. |
| --- |
| apiVersion: v1 |
| kind: ConfigMap |
| metadata: |
| name: plugins |
| data: |
| plugins.yaml: "" |
| --- |
| apiVersion: apiextensions.k8s.io/v1beta1 |
| kind: CustomResourceDefinition |
| metadata: |
| name: prowjobs.prow.k8s.io |
| spec: |
| group: prow.k8s.io |
| version: v1 |
| names: |
| kind: ProwJob |
| singular: prowjob |
| plural: prowjobs |
| scope: Namespaced |
| validation: |
| openAPIV3Schema: |
| properties: |
| spec: |
| properties: |
| max_concurrency: |
| type: integer |
| minimum: 0 |
| type: |
| type: string |
| enum: |
| - "presubmit" |
| - "postsubmit" |
| - "periodic" |
| - "batch" |
| status: |
| properties: |
| state: |
| type: string |
| enum: |
| - "triggered" |
| - "pending" |
| - "success" |
| - "failure" |
| - "aborted" |
| - "error" |
| anyOf: |
| - not: |
| properties: |
| state: |
| type: string |
| enum: |
| - "success" |
| - "failure" |
| - "error" |
| - "aborted" |
| - required: |
| - completionTime |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: plank |
| labels: |
| app: plank |
| spec: |
| replicas: 1 # Do not scale up. |
| template: |
| metadata: |
| labels: |
| app: plank |
| spec: |
| serviceAccountName: plank |
| containers: |
| - name: plank |
| image: gcr.io/k8s-prow/plank:v20181203-6a1345b |
| args: |
| - --dry-run=false |
| - --github-token-path= |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: sinker |
| labels: |
| app: sinker |
| spec: |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: sinker |
| spec: |
| serviceAccountName: sinker |
| containers: |
| - name: sinker |
| image: gcr.io/k8s-prow/sinker:v20181203-6a1345b |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: deck |
| labels: |
| app: deck |
| spec: |
| replicas: 2 |
| strategy: |
| type: RollingUpdate |
| rollingUpdate: |
| maxSurge: 1 |
| maxUnavailable: 1 |
| template: |
| metadata: |
| labels: |
| app: deck |
| spec: |
| serviceAccountName: deck |
| terminationGracePeriodSeconds: 30 |
| containers: |
| - name: deck |
| image: gcr.io/k8s-prow/deck:v20181203-6a1345b |
| ports: |
| - name: http |
| containerPort: 8080 |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: deck |
| spec: |
| selector: |
| app: deck |
| ports: |
| - port: 80 |
| targetPort: 8080 |
| type: NodePort |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: horologium |
| labels: |
| app: horologium |
| spec: |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: horologium |
| spec: |
| serviceAccountName: horologium |
| terminationGracePeriodSeconds: 30 |
| containers: |
| - name: horologium |
| image: gcr.io/k8s-prow/horologium:v20181203-6a1345b |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Ingress |
| metadata: |
| name: ing |
| spec: |
| rules: |
| - http: |
| paths: |
| - path: /* |
| backend: |
| serviceName: deck |
| servicePort: 80 |
| --- |
| # start gerrit |
| kind: PersistentVolumeClaim |
| apiVersion: v1 |
| metadata: |
| labels: |
| app: gerrit |
| name: gerrit-storage |
| spec: |
| accessModes: |
| - ReadWriteOnce |
| resources: |
| requests: |
| storage: 1Gi |
| # volumeName: added automatically after volume creation |
| # See https://cloud.google.com/kubernetes-engine/docs/concepts/persistent-volumes |
| --- |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: gerrit |
| labels: |
| app: gerrit |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app: gerrit |
| template: |
| metadata: |
| labels: |
| app: gerrit |
| spec: |
| serviceAccountName: gerrit |
| terminationGracePeriodSeconds: 30 |
| containers: |
| - name: gerrit |
| image: gcr.io/k8s-prow/gerrit:v20181203-6a1345b |
| args: |
| - --config-path=/etc/config/config.yaml |
| - --gerrit-projects=https://kunit-review.googlesource.com=linux |
| - --last-sync-fallback=/store/gerrit |
| volumeMounts: |
| - name: config |
| mountPath: /etc/config |
| readOnly: true |
| - name: gerrit-volume |
| mountPath: /store |
| volumes: |
| - name: config |
| configMap: |
| name: config |
| - name: gerrit-volume |
| persistentVolumeClaim: |
| claimName: gerrit-storage |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: crier |
| labels: |
| app: crier |
| spec: |
| replicas: 1 |
| template: |
| metadata: |
| labels: |
| app: crier |
| spec: |
| serviceAccountName: crier |
| terminationGracePeriodSeconds: 30 |
| containers: |
| - name: crier |
| image: gcr.io/k8s-prow/crier:v20181203-6a1345b |
| args: |
| - --gerrit-workers=1 |
| - --gerrit-projects=https://kunit-review.googlesource.com=linux |
| ### Cluster rbac rules |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "deck" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "deck" |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - pods/log |
| verbs: |
| - get |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - get |
| - list |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "deck" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "deck" |
| subjects: |
| - kind: ServiceAccount |
| name: "deck" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "horologium" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "horologium" |
| rules: |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - create |
| - list |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "horologium" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "horologium" |
| subjects: |
| - kind: ServiceAccount |
| name: "horologium" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "plank" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "plank" |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - pods |
| verbs: |
| - create |
| - delete |
| - list |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - create |
| - list |
| - update |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "plank" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "plank" |
| subjects: |
| - kind: ServiceAccount |
| name: "plank" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "sinker" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "sinker" |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - pods |
| verbs: |
| - delete |
| - list |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - delete |
| - list |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "sinker" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "sinker" |
| subjects: |
| - kind: ServiceAccount |
| name: "sinker" |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: "gerrit" |
| --- |
| kind: Role |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "gerrit" |
| rules: |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - prowjobs |
| verbs: |
| - create |
| - list |
| --- |
| kind: RoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "gerrit" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: Role |
| name: "gerrit" |
| subjects: |
| - kind: ServiceAccount |
| name: "gerrit" |
| --- |
| kind: ServiceAccount |
| apiVersion: v1 |
| metadata: |
| name: "crier" |
| --- |
| kind: ClusterRole |
| apiVersion: rbac.authorization.k8s.io/v1 |
| metadata: |
| # "namespace" omitted since ClusterRoles are not namespaced |
| name: crier |
| rules: |
| - apiGroups: |
| - "prow.k8s.io" |
| resources: |
| - "prowjobs" |
| verbs: |
| - "get" |
| - "watch" |
| - "list" |
| --- |
| kind: ClusterRoleBinding |
| apiVersion: rbac.authorization.k8s.io/v1beta1 |
| metadata: |
| name: "crier" |
| namespace: "default" |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: "crier" |
| subjects: |
| - kind: ServiceAccount |
| name: "crier" |
| namespace: "default" |