mirror of
https://github.com/rocky-linux/peridot.git
synced 2025-01-04 08:10:55 +00:00
574 lines
15 KiB
YAML
574 lines
15 KiB
YAML
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: hook
|
|
labels:
|
|
app: hook
|
|
spec:
|
|
replicas: 2
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 1
|
|
selector:
|
|
matchLabels:
|
|
app: hook
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: hook
|
|
spec:
|
|
serviceAccountName: "hook"
|
|
terminationGracePeriodSeconds: 180
|
|
containers:
|
|
- name: hook
|
|
image: gcr.io/k8s-prow/hook:v20221028-a8625c1f93
|
|
imagePullPolicy: Always
|
|
args:
|
|
- --dry-run=false
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
- --github-endpoint=http://ghproxy
|
|
- --github-endpoint=https://api.github.com
|
|
- --github-app-id=$(GITHUB_APP_ID)
|
|
- --github-app-private-key-path=/etc/github/cert
|
|
env:
|
|
- name: GITHUB_APP_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: github-token
|
|
key: appid
|
|
ports:
|
|
- name: http
|
|
containerPort: 8888
|
|
volumeMounts:
|
|
- name: hmac
|
|
mountPath: /etc/webhook
|
|
readOnly: true
|
|
- name: github-token
|
|
mountPath: /etc/github
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
- name: plugins
|
|
mountPath: /etc/plugins
|
|
readOnly: true
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz/ready
|
|
port: 8081
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 3
|
|
timeoutSeconds: 600
|
|
volumes:
|
|
- name: hmac
|
|
secret:
|
|
secretName: hmac-token
|
|
- name: github-token
|
|
secret:
|
|
secretName: github-token
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
- name: plugins
|
|
configMap:
|
|
name: plugins
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: sinker
|
|
labels:
|
|
app: sinker
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: sinker
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: sinker
|
|
spec:
|
|
serviceAccountName: "sinker"
|
|
containers:
|
|
- name: sinker
|
|
image: gcr.io/k8s-prow/sinker:v20221028-a8625c1f93
|
|
args:
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
- --dry-run=false
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: deck
|
|
labels:
|
|
app: deck
|
|
spec:
|
|
replicas: 2
|
|
strategy:
|
|
type: RollingUpdate
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 1
|
|
selector:
|
|
matchLabels:
|
|
app: deck
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: deck
|
|
spec:
|
|
serviceAccountName: "deck"
|
|
terminationGracePeriodSeconds: 30
|
|
containers:
|
|
- name: deck
|
|
image: gcr.io/k8s-prow/deck:v20221028-a8625c1f93
|
|
args:
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
- --plugin-config=/etc/plugins/plugins.yaml
|
|
- --tide-url=http://tide/
|
|
- --hook-url=http://hook:8888/plugin-help
|
|
- --github-endpoint=http://ghproxy
|
|
- --github-endpoint=https://api.github.com
|
|
- --github-graphql-endpoint=http://ghproxy/graphql
|
|
- --s3-credentials-file=/etc/s3-credentials/service-account.json
|
|
- --spyglass=true
|
|
- --github-app-id=$(GITHUB_APP_ID)
|
|
- --github-app-private-key-path=/etc/github/cert
|
|
env:
|
|
- name: GITHUB_APP_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: github-token
|
|
key: appid
|
|
ports:
|
|
- name: http
|
|
containerPort: 8080
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
- name: github-token
|
|
mountPath: /etc/github
|
|
readOnly: true
|
|
- name: plugins
|
|
mountPath: /etc/plugins
|
|
readOnly: true
|
|
- name: s3-credentials
|
|
mountPath: /etc/s3-credentials
|
|
readOnly: true
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
initialDelaySeconds: 3
|
|
periodSeconds: 3
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz/ready
|
|
port: 8081
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 3
|
|
timeoutSeconds: 600
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
- name: github-token
|
|
secret:
|
|
secretName: github-token
|
|
- name: plugins
|
|
configMap:
|
|
name: plugins
|
|
- name: s3-credentials
|
|
secret:
|
|
secretName: s3-credentials
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: horologium
|
|
labels:
|
|
app: horologium
|
|
spec:
|
|
replicas: 1 # Do not scale up.
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: horologium
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: horologium
|
|
spec:
|
|
serviceAccountName: "horologium"
|
|
terminationGracePeriodSeconds: 30
|
|
containers:
|
|
- name: horologium
|
|
image: gcr.io/k8s-prow/horologium:v20221028-a8625c1f93
|
|
args:
|
|
- --dry-run=false
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: tide
|
|
labels:
|
|
app: tide
|
|
spec:
|
|
replicas: 1 # Do not scale up.
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: tide
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: tide
|
|
spec:
|
|
serviceAccountName: "tide"
|
|
containers:
|
|
- name: tide
|
|
image: gcr.io/k8s-prow/tide:v20221028-a8625c1f93
|
|
args:
|
|
- --dry-run=false
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
- --github-endpoint=http://ghproxy
|
|
- --github-endpoint=https://api.github.com
|
|
- --github-graphql-endpoint=http://ghproxy/graphql
|
|
- --s3-credentials-file=/etc/s3-credentials/service-account.json
|
|
- --status-path=s3://resf-prod-prow-tide/tide-status
|
|
- --history-uri=s3://resf-prod-prow-tide/tide-history.json
|
|
- --github-app-id=$(GITHUB_APP_ID)
|
|
- --github-app-private-key-path=/etc/github/cert
|
|
env:
|
|
- name: GITHUB_APP_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: github-token
|
|
key: appid
|
|
ports:
|
|
- name: http
|
|
containerPort: 8888
|
|
volumeMounts:
|
|
- name: github-token
|
|
mountPath: /etc/github
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
- name: s3-credentials
|
|
mountPath: /etc/s3-credentials
|
|
readOnly: true
|
|
volumes:
|
|
- name: github-token
|
|
secret:
|
|
secretName: github-token
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
- name: s3-credentials
|
|
secret:
|
|
secretName: s3-credentials
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: statusreconciler
|
|
namespace: prow
|
|
labels:
|
|
app: statusreconciler
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: statusreconciler
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: statusreconciler
|
|
spec:
|
|
serviceAccountName: statusreconciler
|
|
terminationGracePeriodSeconds: 180
|
|
containers:
|
|
- name: statusreconciler
|
|
image: gcr.io/k8s-prow/status-reconciler:v20221028-a8625c1f93
|
|
args:
|
|
- --dry-run=false
|
|
- --continue-on-error=true
|
|
- --plugin-config=/etc/plugins/plugins.yaml
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
- --github-endpoint=http://ghproxy
|
|
- --github-endpoint=https://api.github.com
|
|
- --s3-credentials-file=/etc/s3-credentials/service-account.json
|
|
- --status-path=s3://resf-prod-prow-status-reconciler/status-reconciler-status
|
|
- --github-app-id=$(GITHUB_APP_ID)
|
|
- --github-app-private-key-path=/etc/github/cert
|
|
env:
|
|
- name: GITHUB_APP_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: github-token
|
|
key: appid
|
|
volumeMounts:
|
|
- name: github-token
|
|
mountPath: /etc/github
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
- name: plugins
|
|
mountPath: /etc/plugins
|
|
readOnly: true
|
|
- name: s3-credentials
|
|
mountPath: /etc/s3-credentials
|
|
readOnly: true
|
|
volumes:
|
|
- name: github-token
|
|
secret:
|
|
secretName: github-token
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
- name: plugins
|
|
configMap:
|
|
name: plugins
|
|
- name: s3-credentials
|
|
secret:
|
|
secretName: s3-credentials
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: ghproxy
|
|
labels:
|
|
app: ghproxy
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: ghproxy
|
|
strategy:
|
|
type: Recreate
|
|
# GHProxy does not support HA
|
|
replicas: 1
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ghproxy
|
|
spec:
|
|
containers:
|
|
- name: ghproxy
|
|
image: gcr.io/k8s-prow/ghproxy:v20221028-a8625c1f93
|
|
args:
|
|
- --cache-dir=/cache
|
|
- --cache-sizeGB=99
|
|
- --serve-metrics=true
|
|
ports:
|
|
- containerPort: 8888
|
|
volumeMounts:
|
|
- name: cache
|
|
mountPath: /cache
|
|
volumes:
|
|
- name: cache
|
|
persistentVolumeClaim:
|
|
claimName: ghproxy
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: prow-controller-manager
|
|
labels:
|
|
app: prow-controller-manager
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: prow-controller-manager
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: prow-controller-manager
|
|
spec:
|
|
serviceAccountName: prow-controller-manager
|
|
containers:
|
|
- name: prow-controller-manager
|
|
args:
|
|
- --dry-run=false
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
- --github-endpoint=http://ghproxy
|
|
- --github-endpoint=https://api.github.com
|
|
- --enable-controller=plank
|
|
- --github-app-id=$(GITHUB_APP_ID)
|
|
- --github-app-private-key-path=/etc/github/cert
|
|
env:
|
|
- name: GITHUB_APP_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: github-token
|
|
key: appid
|
|
image: gcr.io/k8s-prow/prow-controller-manager:v20221028-a8625c1f93
|
|
volumeMounts:
|
|
- name: github-token
|
|
mountPath: /etc/github
|
|
readOnly: true
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
volumes:
|
|
- name: github-token
|
|
secret:
|
|
secretName: github-token
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
namespace: prow
|
|
name: crier
|
|
labels:
|
|
app: crier
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: crier
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: crier
|
|
spec:
|
|
serviceAccountName: crier
|
|
terminationGracePeriodSeconds: 30
|
|
containers:
|
|
- name: crier
|
|
image: gcr.io/k8s-prow/crier:v20221028-a8625c1f93
|
|
args:
|
|
- --blob-storage-workers=10
|
|
- --config-path=/etc/config/config.yaml
|
|
- --job-config-path=/etc/job-config
|
|
- --s3-credentials-file=/etc/s3-credentials/service-account.json
|
|
- --github-endpoint=http://ghproxy
|
|
- --github-endpoint=https://api.github.com
|
|
- --github-workers=10
|
|
- --kubernetes-blob-storage-workers=10
|
|
- --github-app-id=$(GITHUB_APP_ID)
|
|
- --github-app-private-key-path=/etc/github/cert
|
|
env:
|
|
- name: GITHUB_APP_ID
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: github-token
|
|
key: appid
|
|
volumeMounts:
|
|
- name: config
|
|
mountPath: /etc/config
|
|
readOnly: true
|
|
- name: job-config
|
|
mountPath: /etc/job-config
|
|
readOnly: true
|
|
- name: github-token
|
|
mountPath: /etc/github
|
|
readOnly: true
|
|
- name: s3-credentials
|
|
mountPath: /etc/s3-credentials
|
|
readOnly: true
|
|
volumes:
|
|
- name: config
|
|
configMap:
|
|
name: config
|
|
- name: job-config
|
|
configMap:
|
|
name: job-config
|
|
- name: github-token
|
|
secret:
|
|
secretName: github-token
|
|
- name: s3-credentials
|
|
secret:
|
|
secretName: s3-credentials
|
|
---
|