rocky-linux
/
peridot
mirror of https://github.com/rocky-linux/peridot.git
4
0
Fork 0
Code Issues Projects Releases Activity

Prow deployment manifests

This commit is contained in:
Mustafa Gezen 2022-10-30 04:26:52 +01:00
parent ce3a4c0373
commit 891d1bae2c
Signed by untrusted user who does not match committer: mustafa
GPG Key ID: DCDF010D946438C1
11 changed files with 1283 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
infrastructure/prow/BUILD.bazel Normal file
View File

127
infrastructure/prow/configmaps.yaml Normal file
View File

@ -0,0 +1,127 @@
# Updated using inrepoconfig, initial should be uncommented
# ---
# apiVersion: v1
# kind: ConfigMap
# metadata:
# namespace: prow
# name: plugins
# data:
# plugins.yaml: |
# plugins:
# rocky-linux/peridot:
# plugins:
# - approve
# - assign
# - blunderbuss
# - cat
# - config-updater
# - dog
# - help
# - heart
# - hold
# - label
# - lgtm
# - trigger
# - verify-owners
# - wip
# - yuks
# config_updater:
# maps:
# config/prow/config.yaml:
# name: config
# config/prow/plugins.yaml:
# name: plugins
# config/jobs/**/*.{yaml,yml}:
# name: job-config
# gzip: true
# ---
# apiVersion: v1
# kind: ConfigMap
# metadata:
# namespace: prow
# name: config
# data:
# config.yaml: |
# prowjob_namespace: prow
# pod_namespace: test-pods
# allowed_clusters:
# rocky-linux/peridot:
# - default
# deck:
# spyglass:
# lenses:
# - lens:
# name: metadata
# required_files:
# - started.json|finished.json
# - lens:
# config:
# name: buildlog
# required_files:
# - build-log.txt
# - lens:
# name: junit
# required_files:
# - bazel-testlogs/.*/test.xml
# - lens:
# name: podinfo
# required_files:
# - podinfo.json
# plank:
# job_url_prefix_config:
# "*": https://prow.build.resf.org/view/
# report_templates:
# '*': >-
# [Full PR test history](https://prow.build.resf.org/pr-history?org={{.Spec.Refs.Org}}&repo={{.Spec.Refs.Repo}}&pr={{with index .Spec.Refs.Pulls 0}}{{.Number}}{{end}}).
# [Your PR dashboard](https://prow.build.resf.org/pr?query=is:pr+state:open+author:{{with
# index .Spec.Refs.Pulls 0}}{{.Author}}{{end}}).
# default_decoration_configs:
# "*":
# gcs_configuration:
# bucket: s3://resf-prod-prow-logs
# path_strategy: explicit
# s3_credentials_secret: s3-credentials
# utility_images:
# clonerefs: gcr.io/k8s-prow/clonerefs:v20221028-a8625c1f93
# entrypoint: gcr.io/k8s-prow/entrypoint:v20221028-a8625c1f93
# initupload: gcr.io/k8s-prow/initupload:v20221028-a8625c1f93
# sidecar: gcr.io/k8s-prow/sidecar:v20221028-a8625c1f93
# tide:
# queries:
# - labels:
# - lgtm
# - approved
# missingLabels:
# - needs-rebase
# - do-not-merge/hold
# - do-not-merge/work-in-progress
# - do-not-merge/invalid-owners-file
# repos:
# - rocky-linux/peridot
# decorate_all_jobs: true
# presubmits:
# rocky-linux/peridot:
# - name: pull-peridot-validate-prow-yaml
# run_if_changed: '^(config/prow/(config|plugins).yaml$|config/jobs/.*.yaml$)'
# decorate: true
# spec:
# containers:
# - image: gcr.io/k8s-prow/checkconfig:v20221028-a8625c1f93
# command:
# - checkconfig
# args:
# - --config-path=config/prow/config.yaml
# - --job-config-path=config/jobs
# - --plugin-config=config/prow/plugins.yaml
# - --strict
#
# - name: pull-peridot-unit-test
# branches:
# - main
# always_run: true
# decorate: true
# spec:
# containers:
# - image: alpine
# command:
# - /bin/date

518
infrastructure/prow/deployments.yaml Normal file
View File

@ -0,0 +1,518 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: hook
labels:
app: hook
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
selector:
matchLabels:
app: hook
template:
metadata:
labels:
app: hook
spec:
serviceAccountName: "hook"
terminationGracePeriodSeconds: 180
containers:
- name: hook
image: gcr.io/k8s-prow/hook:v20221028-a8625c1f93
imagePullPolicy: Always
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
ports:
- name: http
containerPort: 8888
volumeMounts:
- name: hmac
mountPath: /etc/webhook
readOnly: true
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: plugins
mountPath: /etc/plugins
readOnly: true
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
readinessProbe:
httpGet:
path: /healthz/ready
port: 8081
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 600
volumes:
- name: hmac
secret:
secretName: hmac-token
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
- name: plugins
configMap:
name: plugins
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: sinker
labels:
app: sinker
spec:
selector:
matchLabels:
app: sinker
replicas: 1
template:
metadata:
labels:
app: sinker
spec:
serviceAccountName: "sinker"
containers:
- name: sinker
image: gcr.io/k8s-prow/sinker:v20221028-a8625c1f93
args:
- --config-path=/etc/config/config.yaml
- --dry-run=false
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
volumes:
- name: config
configMap:
name: config
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: deck
labels:
app: deck
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
selector:
matchLabels:
app: deck
template:
metadata:
labels:
app: deck
spec:
serviceAccountName: "deck"
terminationGracePeriodSeconds: 30
containers:
- name: deck
image: gcr.io/k8s-prow/deck:v20221028-a8625c1f93
args:
- --config-path=/etc/config/config.yaml
- --plugin-config=/etc/plugins/plugins.yaml
- --tide-url=http://tide/
- --hook-url=http://hook:8888/plugin-help
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-graphql-endpoint=http://ghproxy/graphql
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --spyglass=true
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
- name: github-token
mountPath: /etc/github
readOnly: true
- name: plugins
mountPath: /etc/plugins
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
readinessProbe:
httpGet:
path: /healthz/ready
port: 8081
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 600
volumes:
- name: config
configMap:
name: config
- name: github-token
secret:
secretName: github-token
- name: plugins
configMap:
name: plugins
- name: s3-credentials
secret:
secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: horologium
labels:
app: horologium
spec:
replicas: 1 # Do not scale up.
strategy:
type: Recreate
selector:
matchLabels:
app: horologium
template:
metadata:
labels:
app: horologium
spec:
serviceAccountName: "horologium"
terminationGracePeriodSeconds: 30
containers:
- name: horologium
image: gcr.io/k8s-prow/horologium:v20221028-a8625c1f93
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
volumes:
- name: config
configMap:
name: config
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: tide
labels:
app: tide
spec:
replicas: 1 # Do not scale up.
strategy:
type: Recreate
selector:
matchLabels:
app: tide
template:
metadata:
labels:
app: tide
spec:
serviceAccountName: "tide"
containers:
- name: tide
image: gcr.io/k8s-prow/tide:v20221028-a8625c1f93
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-graphql-endpoint=http://ghproxy/graphql
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --status-path=s3://resf-prod-prow-tide/tide-status
- --history-uri=s3://resf-prod-prow-tide/tide-history.json
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
ports:
- name: http
containerPort: 8888
volumeMounts:
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
volumes:
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
- name: s3-credentials
secret:
secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: statusreconciler
namespace: prow
labels:
app: statusreconciler
spec:
replicas: 1
selector:
matchLabels:
app: statusreconciler
template:
metadata:
labels:
app: statusreconciler
spec:
serviceAccountName: statusreconciler
terminationGracePeriodSeconds: 180
containers:
- name: statusreconciler
image: gcr.io/k8s-prow/status-reconciler:v20221028-a8625c1f93
args:
- --dry-run=false
- --continue-on-error=true
- --plugin-config=/etc/plugins/plugins.yaml
- --config-path=/etc/config/config.yaml
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --status-path=s3://resf-prod-prow-status-reconciler/status-reconciler-status
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
volumeMounts:
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: plugins
mountPath: /etc/plugins
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
volumes:
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
- name: plugins
configMap:
name: plugins
- name: s3-credentials
secret:
secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: ghproxy
labels:
app: ghproxy
spec:
selector:
matchLabels:
app: ghproxy
strategy:
type: Recreate
# GHProxy does not support HA
replicas: 1
template:
metadata:
labels:
app: ghproxy
spec:
containers:
- name: ghproxy
image: gcr.io/k8s-prow/ghproxy:v20221028-a8625c1f93
args:
- --cache-dir=/cache
- --cache-sizeGB=99
- --serve-metrics=true
ports:
- containerPort: 8888
volumeMounts:
- name: cache
mountPath: /cache
volumes:
- name: cache
persistentVolumeClaim:
claimName: ghproxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: prow-controller-manager
labels:
app: prow-controller-manager
spec:
replicas: 1
selector:
matchLabels:
app: prow-controller-manager
template:
metadata:
labels:
app: prow-controller-manager
spec:
serviceAccountName: prow-controller-manager
containers:
- name: prow-controller-manager
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --enable-controller=plank
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
image: gcr.io/k8s-prow/prow-controller-manager:v20221028-a8625c1f93
volumeMounts:
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
volumes:
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: crier
labels:
app: crier
spec:
replicas: 1
selector:
matchLabels:
app: crier
template:
metadata:
labels:
app: crier
spec:
serviceAccountName: crier
terminationGracePeriodSeconds: 30
containers:
- name: crier
image: gcr.io/k8s-prow/crier:v20221028-a8625c1f93
args:
- --blob-storage-workers=10
- --config-path=/etc/config/config.yaml
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-workers=10
- --kubernetes-blob-storage-workers=10
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
- name: github-token
mountPath: /etc/github
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
volumes:
- name: config
configMap:
name: config
- name: github-token
secret:
secretName: github-token
- name: s3-credentials
secret:
secretName: s3-credentials
---

12
infrastructure/prow/namespaces.yaml Normal file
View File

@ -0,0 +1,12 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: prow
labels:
istio-injection: enabled
---
apiVersion: v1
kind: Namespace
metadata:
name: test-pods

14
infrastructure/prow/pvcs.yaml Normal file
View File

@ -0,0 +1,14 @@
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
namespace: prow
labels:
app: ghproxy
name: ghproxy
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100Gi

162
infrastructure/prow/rolebindings.yaml Normal file
View File

@ -0,0 +1,162 @@
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "deck"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "deck"
subjects:
- kind: ServiceAccount
name: "deck"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: test-pods
name: "deck"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "deck"
subjects:
- kind: ServiceAccount
name: "deck"
namespace: prow
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "horologium"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "horologium"
subjects:
- kind: ServiceAccount
name: "horologium"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "sinker"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "sinker"
subjects:
- kind: ServiceAccount
name: "sinker"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: test-pods
name: "sinker"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "sinker"
subjects:
- kind: ServiceAccount
name: "sinker"
namespace: prow
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "hook"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "hook"
subjects:
- kind: ServiceAccount
name: "hook"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "tide"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "tide"
subjects:
- kind: ServiceAccount
name: "tide"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "statusreconciler"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: "statusreconciler"
subjects:
- kind: ServiceAccount
name: "statusreconciler"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: prow-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prow-controller-manager
subjects:
- kind: ServiceAccount
name: prow-controller-manager
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: test-pods
name: prow-controller-manager
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prow-controller-manager
subjects:
- kind: ServiceAccount
name: prow-controller-manager
namespace: prow
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: crier
namespace: prow
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: crier
subjects:
- kind: ServiceAccount
name: crier
namespace: prow
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: crier
namespace: test-pods
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: crier
subjects:
- kind: ServiceAccount
name: crier
namespace: prow

262
infrastructure/prow/roles.yaml Normal file
View File

@ -0,0 +1,262 @@
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "deck"
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- get
- list
- watch
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: test-pods
name: "deck"
rules:
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "horologium"
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- create
- list
- watch
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "sinker"
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- delete
- list
- watch
- get
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- prow-sinker-leaderlock
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- prow-sinker-leaderlock
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
- events
verbs:
- create
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: test-pods
name: "sinker"
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- list
- watch
- get
- patch
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "hook"
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- get
- update
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "tide"
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- create
- list
- get
- watch
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: "statusreconciler"
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- create
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: prow-controller-manager
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- prowjobs
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- prow-controller-manager-leader-lock
verbs:
- get
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- prow-controller-manager-leader-lock
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
- events
verbs:
- create
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: test-pods
name: prow-controller-manager
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- delete
- list
- watch
- create
- patch
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: prow
name: crier
rules:
- apiGroups:
- "prow.k8s.io"
resources:
- "prowjobs"
verbs:
- "get"
- "watch"
- "list"
- "patch"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: test-pods
name: crier
rules:
- apiGroups:
- ""
resources:
- "pods"
- "events"
verbs:
- "get"
- "list"
- apiGroups:
- ""
resources:
- "pods"
verbs:
- "patch"

41
infrastructure/prow/secrets.yaml Normal file
View File

@ -0,0 +1,41 @@
---
# Get this from Github
# apiVersion: v1
# kind: Secret
# metadata:
# namespace: prow
# name: github-token
# stringData:
# cert: <<insert-downloaded-cert-here>>
# appid: <<insert-the-app-id-here>>
# ---
# Generate this manually
# apiVersion: v1
# kind: Secret
# metadata:
# namespace: prow
# name: hmac-token
# stringData:
# # Generate via `openssl rand -hex 20`. This is the secret used in the GitHub webhook configuration
# hmac: << insert-hmac-token-here >>
apiVersion: v1
kind: Secret
metadata:
namespace: prow
name: s3-credentials
stringData:
service-account.json: |
{
"region": "us-east-2"
}
---
apiVersion: v1
kind: Secret
metadata:
namespace: test-pods
name: s3-credentials
stringData:
service-account.json: |
{
"region": "us-east-2"
}

64
infrastructure/prow/serviceaccounts.yaml Normal file
View File

@ -0,0 +1,64 @@
---
kind: ServiceAccount
apiVersion: v1
metadata:
namespace: prow
name: "deck"
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot
---
kind: ServiceAccount
apiVersion: v1
metadata:
namespace: prow
name: "horologium"
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot
---
kind: ServiceAccount
apiVersion: v1
metadata:
namespace: prow
name: "sinker"
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: prow
name: "hook"
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: prow
name: "tide"
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: prow
name: "statusreconciler"
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: prow
name: prow-controller-manager
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: crier
namespace: prow
annotations:
eks.amazonaws.com/role-arn: arn:aws:iam::893168113496:role/resf-prow-peridot

54
infrastructure/prow/services.yaml Normal file
View File

@ -0,0 +1,54 @@
---
apiVersion: v1
kind: Service
metadata:
namespace: prow
name: hook
spec:
selector:
app: hook
ports:
- port: 8888
---
apiVersion: v1
kind: Service
metadata:
namespace: prow
name: deck
spec:
selector:
app: deck
ports:
- port: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
namespace: prow
name: tide
spec:
selector:
app: tide
ports:
- port: 80
targetPort: 8888
---
apiVersion: v1
kind: Service
metadata:
labels:
app: ghproxy
namespace: prow
name: ghproxy
spec:
ports:
- name: main
port: 80
protocol: TCP
targetPort: 8888
- name: metrics
port: 9090
selector:
app: ghproxy
type: ClusterIP

29
infrastructure/prow/virtualservice.yaml Normal file
View File

@ -0,0 +1,29 @@
---
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: prow
namespace: prow
annotations:
external-dns.alpha.kubernetes.io/target: ingress.build.resf.org
spec:
gateways:
- istio-system/base-gateway-public
hosts:
- prow.build.resf.org
http:
- name: hook
match:
- uri:
prefix: "/hook"
route:
- destination:
host: hook.prow.svc.cluster.local
port:
number: 8888
- name: deck
route:
- destination:
host: deck.prow.svc.cluster.local
port:
number: 80