---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: hook
  labels:
    app: hook
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
  selector:
    matchLabels:
      app: hook
  template:
    metadata:
      labels:
        app: hook
    spec:
      serviceAccountName: "hook"
      terminationGracePeriodSeconds: 180
      containers:
        - name: hook
          image: gcr.io/k8s-prow/hook:v20221028-a8625c1f93
          imagePullPolicy: Always
          args:
            - --dry-run=false
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --github-endpoint=http://ghproxy
            - --github-endpoint=https://api.github.com
            - --github-app-id=$(GITHUB_APP_ID)
            - --github-app-private-key-path=/etc/github/cert
          env:
            - name: GITHUB_APP_ID
              valueFrom:
                secretKeyRef:
                  name: github-token
                  key: appid
          ports:
            - name: http
              containerPort: 8888
          volumeMounts:
            - name: hmac
              mountPath: /etc/webhook
              readOnly: true
            - name: github-token
              mountPath: /etc/github
              readOnly: true
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
            - name: plugins
              mountPath: /etc/plugins
              readOnly: true
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8081
            initialDelaySeconds: 3
            periodSeconds: 3
          readinessProbe:
            httpGet:
              path: /healthz/ready
              port: 8081
            initialDelaySeconds: 10
            periodSeconds: 3
            timeoutSeconds: 600
      volumes:
        - name: hmac
          secret:
            secretName: hmac-token
        - name: github-token
          secret:
            secretName: github-token
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
        - name: plugins
          configMap:
            name: plugins
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: sinker
  labels:
    app: sinker
spec:
  selector:
    matchLabels:
      app: sinker
  replicas: 1
  template:
    metadata:
      labels:
        app: sinker
    spec:
      serviceAccountName: "sinker"
      containers:
        - name: sinker
          image: gcr.io/k8s-prow/sinker:v20221028-a8625c1f93
          args:
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --dry-run=false
          volumeMounts:
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
      volumes:
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: deck
  labels:
    app: deck
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
  selector:
    matchLabels:
      app: deck
  template:
    metadata:
      labels:
        app: deck
    spec:
      serviceAccountName: "deck"
      terminationGracePeriodSeconds: 30
      containers:
        - name: deck
          image: gcr.io/k8s-prow/deck:v20221028-a8625c1f93
          args:
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --plugin-config=/etc/plugins/plugins.yaml
            - --tide-url=http://tide/
            - --hook-url=http://hook:8888/plugin-help
            - --github-endpoint=http://ghproxy
            - --github-endpoint=https://api.github.com
            - --github-graphql-endpoint=http://ghproxy/graphql
            - --s3-credentials-file=/etc/s3-credentials/service-account.json
            - --spyglass=true
            - --github-app-id=$(GITHUB_APP_ID)
            - --github-app-private-key-path=/etc/github/cert
          env:
            - name: GITHUB_APP_ID
              valueFrom:
                secretKeyRef:
                  name: github-token
                  key: appid
          ports:
            - name: http
              containerPort: 8080
          volumeMounts:
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
            - name: github-token
              mountPath: /etc/github
              readOnly: true
            - name: plugins
              mountPath: /etc/plugins
              readOnly: true
            - name: s3-credentials
              mountPath: /etc/s3-credentials
              readOnly: true
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8081
            initialDelaySeconds: 3
            periodSeconds: 3
          readinessProbe:
            httpGet:
              path: /healthz/ready
              port: 8081
            initialDelaySeconds: 10
            periodSeconds: 3
            timeoutSeconds: 600
      volumes:
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
        - name: github-token
          secret:
            secretName: github-token
        - name: plugins
          configMap:
            name: plugins
        - name: s3-credentials
          secret:
            secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: horologium
  labels:
    app: horologium
spec:
  replicas: 1 # Do not scale up.
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: horologium
  template:
    metadata:
      labels:
        app: horologium
    spec:
      serviceAccountName: "horologium"
      terminationGracePeriodSeconds: 30
      containers:
        - name: horologium
          image: gcr.io/k8s-prow/horologium:v20221028-a8625c1f93
          args:
            - --dry-run=false
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
          volumeMounts:
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
      volumes:
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: tide
  labels:
    app: tide
spec:
  replicas: 1 # Do not scale up.
  strategy:
    type: Recreate
  selector:
    matchLabels:
      app: tide
  template:
    metadata:
      labels:
        app: tide
    spec:
      serviceAccountName: "tide"
      containers:
        - name: tide
          image: gcr.io/k8s-prow/tide:v20221028-a8625c1f93
          args:
            - --dry-run=false
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --github-endpoint=http://ghproxy
            - --github-endpoint=https://api.github.com
            - --github-graphql-endpoint=http://ghproxy/graphql
            - --s3-credentials-file=/etc/s3-credentials/service-account.json
            - --status-path=s3://resf-prod-prow-tide/tide-status
            - --history-uri=s3://resf-prod-prow-tide/tide-history.json
            - --github-app-id=$(GITHUB_APP_ID)
            - --github-app-private-key-path=/etc/github/cert
          env:
            - name: GITHUB_APP_ID
              valueFrom:
                secretKeyRef:
                  name: github-token
                  key: appid
          ports:
            - name: http
              containerPort: 8888
          volumeMounts:
            - name: github-token
              mountPath: /etc/github
              readOnly: true
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
            - name: s3-credentials
              mountPath: /etc/s3-credentials
              readOnly: true
      volumes:
        - name: github-token
          secret:
            secretName: github-token
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
        - name: s3-credentials
          secret:
            secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: statusreconciler
  namespace: prow
  labels:
    app: statusreconciler
spec:
  replicas: 1
  selector:
    matchLabels:
      app: statusreconciler
  template:
    metadata:
      labels:
        app: statusreconciler
    spec:
      serviceAccountName: statusreconciler
      terminationGracePeriodSeconds: 180
      containers:
        - name: statusreconciler
          image: gcr.io/k8s-prow/status-reconciler:v20221028-a8625c1f93
          args:
            - --dry-run=false
            - --continue-on-error=true
            - --plugin-config=/etc/plugins/plugins.yaml
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --github-endpoint=http://ghproxy
            - --github-endpoint=https://api.github.com
            - --s3-credentials-file=/etc/s3-credentials/service-account.json
            - --status-path=s3://resf-prod-prow-status-reconciler/status-reconciler-status
            - --github-app-id=$(GITHUB_APP_ID)
            - --github-app-private-key-path=/etc/github/cert
          env:
            - name: GITHUB_APP_ID
              valueFrom:
                secretKeyRef:
                  name: github-token
                  key: appid
          volumeMounts:
            - name: github-token
              mountPath: /etc/github
              readOnly: true
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
            - name: plugins
              mountPath: /etc/plugins
              readOnly: true
            - name: s3-credentials
              mountPath: /etc/s3-credentials
              readOnly: true
      volumes:
        - name: github-token
          secret:
            secretName: github-token
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
        - name: plugins
          configMap:
            name: plugins
        - name: s3-credentials
          secret:
            secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: ghproxy
  labels:
    app: ghproxy
spec:
  selector:
    matchLabels:
      app: ghproxy
  strategy:
    type: Recreate
  # GHProxy does not support HA
  replicas: 1
  template:
    metadata:
      labels:
        app: ghproxy
    spec:
      containers:
        - name: ghproxy
          image: gcr.io/k8s-prow/ghproxy:v20221028-a8625c1f93
          args:
            - --cache-dir=/cache
            - --cache-sizeGB=99
            - --serve-metrics=true
          ports:
            - containerPort: 8888
          volumeMounts:
            - name: cache
              mountPath: /cache
      volumes:
        - name: cache
          persistentVolumeClaim:
            claimName: ghproxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: prow-controller-manager
  labels:
    app: prow-controller-manager
spec:
  replicas: 1
  selector:
    matchLabels:
      app: prow-controller-manager
  template:
    metadata:
      labels:
        app: prow-controller-manager
    spec:
      serviceAccountName: prow-controller-manager
      containers:
        - name: prow-controller-manager
          args:
            - --dry-run=false
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --github-endpoint=http://ghproxy
            - --github-endpoint=https://api.github.com
            - --enable-controller=plank
            - --github-app-id=$(GITHUB_APP_ID)
            - --github-app-private-key-path=/etc/github/cert
          env:
            - name: GITHUB_APP_ID
              valueFrom:
                secretKeyRef:
                  name: github-token
                  key: appid
          image: gcr.io/k8s-prow/prow-controller-manager:v20221028-a8625c1f93
          volumeMounts:
            - name: github-token
              mountPath: /etc/github
              readOnly: true
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
      volumes:
        - name: github-token
          secret:
            secretName: github-token
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: prow
  name: crier
  labels:
    app: crier
spec:
  replicas: 1
  selector:
    matchLabels:
      app: crier
  template:
    metadata:
      labels:
        app: crier
    spec:
      serviceAccountName: crier
      terminationGracePeriodSeconds: 30
      containers:
        - name: crier
          image: gcr.io/k8s-prow/crier:v20221028-a8625c1f93
          args:
            - --blob-storage-workers=10
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --s3-credentials-file=/etc/s3-credentials/service-account.json
            - --github-endpoint=http://ghproxy
            - --github-endpoint=https://api.github.com
            - --github-workers=10
            - --kubernetes-blob-storage-workers=10
            - --github-app-id=$(GITHUB_APP_ID)
            - --github-app-private-key-path=/etc/github/cert
          env:
            - name: GITHUB_APP_ID
              valueFrom:
                secretKeyRef:
                  name: github-token
                  key: appid
          volumeMounts:
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
            - name: github-token
              mountPath: /etc/github
              readOnly: true
            - name: s3-credentials
              mountPath: /etc/s3-credentials
              readOnly: true
      volumes:
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
        - name: github-token
          secret:
            secretName: github-token
        - name: s3-credentials
          secret:
            secretName: s3-credentials
---