rocky-linux
/
peridot
mirror of https://github.com/rocky-linux/peridot.git
4
0
Fork 0
Code Issues Projects Releases Activity
peridot/infrastructure/prow/deployments.yaml

575 lines
15 KiB
YAML
Raw Permalink Blame History

---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: hook
labels:
app: hook
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
selector:
matchLabels:
app: hook
template:
metadata:
labels:
app: hook
spec:
serviceAccountName: "hook"
terminationGracePeriodSeconds: 180
containers:
- name: hook
image: gcr.io/k8s-prow/hook:v20221028-a8625c1f93
imagePullPolicy: Always
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
ports:
- name: http
containerPort: 8888
volumeMounts:
- name: hmac
mountPath: /etc/webhook
readOnly: true
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
- name: plugins
mountPath: /etc/plugins
readOnly: true
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
readinessProbe:
httpGet:
path: /healthz/ready
port: 8081
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 600
volumes:
- name: hmac
secret:
secretName: hmac-token
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
- name: plugins
configMap:
name: plugins
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: sinker
labels:
app: sinker
spec:
selector:
matchLabels:
app: sinker
replicas: 1
template:
metadata:
labels:
app: sinker
spec:
serviceAccountName: "sinker"
containers:
- name: sinker
image: gcr.io/k8s-prow/sinker:v20221028-a8625c1f93
args:
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --dry-run=false
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
volumes:
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: deck
labels:
app: deck
spec:
replicas: 2
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
selector:
matchLabels:
app: deck
template:
metadata:
labels:
app: deck
spec:
serviceAccountName: "deck"
terminationGracePeriodSeconds: 30
containers:
- name: deck
image: gcr.io/k8s-prow/deck:v20221028-a8625c1f93
args:
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --plugin-config=/etc/plugins/plugins.yaml
- --tide-url=http://tide/
- --hook-url=http://hook:8888/plugin-help
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-graphql-endpoint=http://ghproxy/graphql
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --spyglass=true
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
ports:
- name: http
containerPort: 8080
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
- name: github-token
mountPath: /etc/github
readOnly: true
- name: plugins
mountPath: /etc/plugins
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
readinessProbe:
httpGet:
path: /healthz/ready
port: 8081
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 600
volumes:
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
- name: github-token
secret:
secretName: github-token
- name: plugins
configMap:
name: plugins
- name: s3-credentials
secret:
secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: horologium
labels:
app: horologium
spec:
replicas: 1 # Do not scale up.
strategy:
type: Recreate
selector:
matchLabels:
app: horologium
template:
metadata:
labels:
app: horologium
spec:
serviceAccountName: "horologium"
terminationGracePeriodSeconds: 30
containers:
- name: horologium
image: gcr.io/k8s-prow/horologium:v20221028-a8625c1f93
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
volumes:
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: tide
labels:
app: tide
spec:
replicas: 1 # Do not scale up.
strategy:
type: Recreate
selector:
matchLabels:
app: tide
template:
metadata:
labels:
app: tide
spec:
serviceAccountName: "tide"
containers:
- name: tide
image: gcr.io/k8s-prow/tide:v20221028-a8625c1f93
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-graphql-endpoint=http://ghproxy/graphql
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --status-path=s3://resf-prod-prow-tide/tide-status
- --history-uri=s3://resf-prod-prow-tide/tide-history.json
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
ports:
- name: http
containerPort: 8888
volumeMounts:
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
volumes:
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
- name: s3-credentials
secret:
secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: statusreconciler
namespace: prow
labels:
app: statusreconciler
spec:
replicas: 1
selector:
matchLabels:
app: statusreconciler
template:
metadata:
labels:
app: statusreconciler
spec:
serviceAccountName: statusreconciler
terminationGracePeriodSeconds: 180
containers:
- name: statusreconciler
image: gcr.io/k8s-prow/status-reconciler:v20221028-a8625c1f93
args:
- --dry-run=false
- --continue-on-error=true
- --plugin-config=/etc/plugins/plugins.yaml
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --status-path=s3://resf-prod-prow-status-reconciler/status-reconciler-status
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
volumeMounts:
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
- name: plugins
mountPath: /etc/plugins
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
volumes:
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
- name: plugins
configMap:
name: plugins
- name: s3-credentials
secret:
secretName: s3-credentials
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: ghproxy
labels:
app: ghproxy
spec:
selector:
matchLabels:
app: ghproxy
strategy:
type: Recreate
# GHProxy does not support HA
replicas: 1
template:
metadata:
labels:
app: ghproxy
spec:
containers:
- name: ghproxy
image: gcr.io/k8s-prow/ghproxy:v20221028-a8625c1f93
args:
- --cache-dir=/cache
- --cache-sizeGB=99
- --serve-metrics=true
ports:
- containerPort: 8888
volumeMounts:
- name: cache
mountPath: /cache
volumes:
- name: cache
persistentVolumeClaim:
claimName: ghproxy
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: prow-controller-manager
labels:
app: prow-controller-manager
spec:
replicas: 1
selector:
matchLabels:
app: prow-controller-manager
template:
metadata:
labels:
app: prow-controller-manager
spec:
serviceAccountName: prow-controller-manager
containers:
- name: prow-controller-manager
args:
- --dry-run=false
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --enable-controller=plank
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
image: gcr.io/k8s-prow/prow-controller-manager:v20221028-a8625c1f93
volumeMounts:
- name: github-token
mountPath: /etc/github
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
volumes:
- name: github-token
secret:
secretName: github-token
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: prow
name: crier
labels:
app: crier
spec:
replicas: 1
selector:
matchLabels:
app: crier
template:
metadata:
labels:
app: crier
spec:
serviceAccountName: crier
terminationGracePeriodSeconds: 30
containers:
- name: crier
image: gcr.io/k8s-prow/crier:v20221028-a8625c1f93
args:
- --blob-storage-workers=10
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --s3-credentials-file=/etc/s3-credentials/service-account.json
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-workers=10
- --kubernetes-blob-storage-workers=10
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
env:
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-token
key: appid
volumeMounts:
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
- name: github-token
mountPath: /etc/github
readOnly: true
- name: s3-credentials
mountPath: /etc/s3-credentials
readOnly: true
volumes:
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
- name: github-token
secret:
secretName: github-token
- name: s3-credentials
secret:
secretName: s3-credentials
---
View Git Blame Copy Permalink