Reorganize deployment into independant parts
Provide base deployment and then extra deployments for gerrit and the
mailing list. See kunit/prow-lkml for details on lkml deployment and
kunit/test-infra-prow for details on custom crier for mail reporting.
Change-Id: I9db2e1e3a15b3ba4ad8365edeb5153906c6f1b56
Signed-off-by: Avi Kondareddy <avikr@google.com>
diff --git a/README.md b/README.md
index ac361c8..8e1697e 100644
--- a/README.md
+++ b/README.md
@@ -191,11 +191,25 @@
To deploy in any Kubernetes environment, first read Prow deployment
documentation [here](https://github.com/kubernetes/test-infra/blob/master/prow/\
getting_started_deploy.md) and for further clarification, the Kubernetes
-documentation [here](https://kubernetes.io/docs/setup/). Prow comes with several
+documentation [here](https://kubernetes.io/docs/setup/).
+
+Prow comes with several
[components](https://github.com/kubernetes/test-infra/blob/master/prow/cmd/README.md),
several of which are only necessary for interacting with github webhooks. We
-have included here a [deployment.yaml](deployment.yaml) which includes just the
-components needed to poll gerrit repos. For every new gerrit repo to run
+have included here a [deployment.yaml](deployment/deployment.yaml) which includes just the
+components needed to deploy prow. Applying the configs under
+[deployment/gerrit](deployment/gerrit) will
+deploy the gerrit adapter and the crier reporter for reporting back to gerrit.
+Applying the configs under
+[deployment/lkml](deployment/lkml) will deploy the lkml adapter and the custom
+crier reporter (named mail to allow concurrent deployment with regular crier)
+for handling mail.
+
+For all Deployment objects, please check the source for the corresponding
+component under [prow/cmd](https://github.com/kubernetes/test-infra/tree/master/prow/cmd)
+for arguments to provide the container being deployed.
+
+For every new gerrit repo to run
presubmits on, you will need to update the
[Gerrit](https://github.com/kubernetes/test-infra/tree/master/prow/cmd/gerrit)
component in the deployment accordingly.
diff --git a/deployment.yaml b/deployment/deployment.yaml
similarity index 70%
rename from deployment.yaml
rename to deployment/deployment.yaml
index 596d6d9..756942e 100644
--- a/deployment.yaml
+++ b/deployment/deployment.yaml
@@ -215,83 +215,6 @@
backend:
serviceName: deck
servicePort: 80
----
-# start gerrit
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- labels:
- app: gerrit
- name: gerrit-storage
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
- # volumeName: added automatically after volume creation
- # See https://cloud.google.com/kubernetes-engine/docs/concepts/persistent-volumes
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: gerrit
- labels:
- app: gerrit
-spec:
- replicas: 1
- selector:
- matchLabels:
- app: gerrit
- template:
- metadata:
- labels:
- app: gerrit
- spec:
- serviceAccountName: gerrit
- terminationGracePeriodSeconds: 30
- containers:
- - name: gerrit
- image: gcr.io/k8s-prow/gerrit:v20181203-6a1345b
- args:
- - --config-path=/etc/config/config.yaml
- - --gerrit-projects=https://kunit-review.googlesource.com=linux
- - --last-sync-fallback=/store/gerrit
- volumeMounts:
- - name: config
- mountPath: /etc/config
- readOnly: true
- - name: gerrit-volume
- mountPath: /store
- volumes:
- - name: config
- configMap:
- name: config
- - name: gerrit-volume
- persistentVolumeClaim:
- claimName: gerrit-storage
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: crier
- labels:
- app: crier
-spec:
- replicas: 1
- template:
- metadata:
- labels:
- app: crier
- spec:
- serviceAccountName: crier
- terminationGracePeriodSeconds: 30
- containers:
- - name: crier
- image: gcr.io/k8s-prow/crier:v20181203-6a1345b
- args:
- - --gerrit-workers=1
- - --gerrit-projects=https://kunit-review.googlesource.com=linux
### Cluster rbac rules
---
apiVersion: v1
@@ -435,67 +358,3 @@
subjects:
- kind: ServiceAccount
name: "sinker"
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "gerrit"
----
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
- name: "gerrit"
-rules:
-- apiGroups:
- - "prow.k8s.io"
- resources:
- - prowjobs
- verbs:
- - create
- - list
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
- name: "gerrit"
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: "gerrit"
-subjects:
-- kind: ServiceAccount
- name: "gerrit"
----
-kind: ServiceAccount
-apiVersion: v1
-metadata:
- name: "crier"
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- # "namespace" omitted since ClusterRoles are not namespaced
- name: crier
-rules:
-- apiGroups:
- - "prow.k8s.io"
- resources:
- - "prowjobs"
- verbs:
- - "get"
- - "watch"
- - "list"
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
- name: "crier"
- namespace: "default"
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: "crier"
-subjects:
-- kind: ServiceAccount
- name: "crier"
- namespace: "default"
diff --git a/deployment/gerrit/crier.yaml b/deployment/gerrit/crier.yaml
new file mode 100644
index 0000000..b39f783
--- /dev/null
+++ b/deployment/gerrit/crier.yaml
@@ -0,0 +1,55 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: crier
+ labels:
+ app: crier
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: crier
+ spec:
+ serviceAccountName: crier
+ terminationGracePeriodSeconds: 30
+ containers:
+ - name: crier
+ image: gcr.io/k8s-prow/crier:v20181203-6a1345b
+ args:
+ - --gerrit-workers=1
+ - --gerrit-projects=https://kunit-review.googlesource.com=linux
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ name: "crier"
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ # "namespace" omitted since ClusterRoles are not namespaced
+ name: crier
+rules:
+- apiGroups:
+ - "prow.k8s.io"
+ resources:
+ - "prowjobs"
+ verbs:
+ - "get"
+ - "watch"
+ - "list"
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: "crier"
+ namespace: "default"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: "crier"
+subjects:
+- kind: ServiceAccount
+ name: "crier"
+ namespace: "default"
diff --git a/deployment/gerrit/gerrit.yaml b/deployment/gerrit/gerrit.yaml
new file mode 100644
index 0000000..4491dc8
--- /dev/null
+++ b/deployment/gerrit/gerrit.yaml
@@ -0,0 +1,84 @@
+# start gerrit
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ labels:
+ app: gerrit
+ name: gerrit-storage
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+ # volumeName: added automatically after volume creation
+ # See https://cloud.google.com/kubernetes-engine/docs/concepts/persistent-volumes
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gerrit
+ labels:
+ app: gerrit
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: gerrit
+ template:
+ metadata:
+ labels:
+ app: gerrit
+ spec:
+ serviceAccountName: gerrit
+ terminationGracePeriodSeconds: 30
+ containers:
+ - name: gerrit
+ image: gcr.io/k8s-prow/gerrit:v20181203-6a1345b
+ args:
+ - --config-path=/etc/config/config.yaml
+ - --gerrit-projects=https://kunit-review.googlesource.com=linux
+ - --last-sync-fallback=/store/gerrit
+ volumeMounts:
+ - name: config
+ mountPath: /etc/config
+ readOnly: true
+ - name: gerrit-volume
+ mountPath: /store
+ volumes:
+ - name: config
+ configMap:
+ name: config
+ - name: gerrit-volume
+ persistentVolumeClaim:
+ claimName: gerrit-storage
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: "gerrit"
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: "gerrit"
+rules:
+- apiGroups:
+ - "prow.k8s.io"
+ resources:
+ - prowjobs
+ verbs:
+ - create
+ - list
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: "gerrit"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: "gerrit"
+subjects:
+- kind: ServiceAccount
+ name: "gerrit"
diff --git a/deployment/lkml/config.yaml b/deployment/lkml/config.yaml
new file mode 100644
index 0000000..176c3b2
--- /dev/null
+++ b/deployment/lkml/config.yaml
@@ -0,0 +1,52 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+plank:
+ pod_pending_timeout: 60m
+ default_decoration_config:
+ timeout: 600000000000 # 15s
+ grace_period: 15000000000 # 15s
+ utility_images:
+ clonerefs: gcr.io/k8s-prow/clonerefs:v20181203-6a1345b
+ initupload: gcr.io/k8s-prow/initupload:v20181203-6a1345b
+ entrypoint: gcr.io/k8s-prow/entrypoint:v20181203-6a1345b
+ sidecar: gcr.io/k8s-prow/sidecar:v20181203-6a1345b
+ gcs_configuration:
+ bucket: "test-lkml-bucket"
+ path_strategy: "explicit"
+ gcs_credentials_secret: "service-account"
+sinker:
+ resync_period: 1m
+ max_prowjob_age: 48h
+ max_pod_age: 24h
+
+log_level: info
+
+presubmits:
+ kunit-dev@googlegroups.com:
+ - name: kunit-lkml-presubmit
+ decorate: true
+ always_run: true
+ spec:
+ volumes:
+ - name: shared-mem
+ emptyDir: {}
+ containers:
+ - image: gcr.io/kunit-presubmit/kunit_alt
+ securityContext:
+ privileged: true
+ command:
+ - /kunit.sh
+ volumeMounts:
+ - name: shared-mem
+ mountPath: /dev/shm
diff --git a/deployment/lkml/crier.yaml b/deployment/lkml/crier.yaml
new file mode 100644
index 0000000..2df94c8
--- /dev/null
+++ b/deployment/lkml/crier.yaml
@@ -0,0 +1,66 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: mail
+ labels:
+ app: mail
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: mail
+ spec:
+ serviceAccountName: mail
+ terminationGracePeriodSeconds: 30
+ containers:
+ - name: mail
+ image: gcr.io/kunit-presubmit/crier_kunit
+ imagePullPolicy: Always
+ args:
+ - --mail-workers=1
+ - --to-address=kunit-dev@googlegroups.com
+ - --from-address={SENDER EMAIL}
+ - --msa-domain={MSADOMAIN (ie- smtp.gmail.com0}
+ env:
+ - name: SECRET_SMTP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: smtpsecret
+ key: password
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+ name: "mail"
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ # "namespace" omitted since ClusterRoles are not namespaced
+ name: mail
+rules:
+- apiGroups:
+ - "prow.k8s.io"
+ resources:
+ - "prowjobs"
+ verbs:
+ - "get"
+ - "watch"
+ - "list"
+ - "patch"
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: mail
+ namespace: "default"
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: mail
+subjects:
+- kind: ServiceAccount
+ name: mail
+ namespace: "default"
+---
diff --git a/deployment/lkml/lkml.yaml b/deployment/lkml/lkml.yaml
new file mode 100644
index 0000000..9e38f78
--- /dev/null
+++ b/deployment/lkml/lkml.yaml
@@ -0,0 +1,93 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ namespace: default
+ name: lkml
+ labels:
+ app: lkml
+spec:
+ replicas: 1
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ app: lkml
+ spec:
+ serviceAccountName: lkml
+ containers:
+ - name: lkml
+ image: gcr.io/kunit-presubmit/lkml
+ imagePullPolicy: Always
+ stdin: true
+ tty: true
+ args:
+ - --config-path=/etc/config/config.yaml
+ - --source-repo=https://kunit.googlesource.com/linux
+ - --source-branch=kunit/alpha/master
+ - --job-uri=kunit-dev@googlegroups.com
+ ports:
+ - name: smtp
+ containerPort: 25
+ - name: git
+ containerPort: 9418
+ volumeMounts:
+ - name: repo
+ mountPath: /kunit
+ readOnly: false
+ - name: config
+ mountPath: /etc/config
+ readOnly: true
+ volumes:
+ - name: repo
+ persistentVolumeClaim:
+ claimName: repo-storage
+ - name: config
+ configMap:
+ name: config
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ labels:
+ app: lkml
+ name: repo-storage
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 3Gi
+ # volumeName: added automatically after volume creation
+ # See https://cloud.google.com/kubernetes-engine/docs/concepts/persistent-volumes
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: lkml
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: lkml
+rules:
+- apiGroups:
+ - "prow.k8s.io"
+ resources:
+ - prowjobs
+ verbs:
+ - create
+ - list
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: lkml
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: lkml
+subjects:
+- kind: ServiceAccount
+ name: lkml
+---
diff --git a/deployment/lkml/service.yaml b/deployment/lkml/service.yaml
new file mode 100644
index 0000000..a788460
--- /dev/null
+++ b/deployment/lkml/service.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: default
+ name: smtp
+spec:
+ type: LoadBalancer
+ selector:
+ app: lkml
+ ports:
+ - port: 25
+ targetPort: 25
+---
+apiVersion: v1
+kind: Service
+metadata:
+ namespace: default
+ name: git
+spec:
+ type: ClusterIP
+ selector:
+ app: lkml
+ ports:
+ - port: 9418
+ targetPort: 9418
+ name: git
+ - port: 8080
+ targetPort: 8080
+ name: http