github.com/jenkins-x/test-infra@v0.0.7/prow/cluster/starter.yaml (about) 1 # This file contains Kubernetes YAML files for the most important prow 2 # components. Don't edit resources in this file. Instead, pull them out into 3 # their own files. 4 --- 5 apiVersion: v1 6 kind: ConfigMap 7 metadata: 8 namespace: default 9 name: plugins 10 data: 11 plugins.yaml: "" 12 --- 13 apiVersion: v1 14 kind: ConfigMap 15 metadata: 16 namespace: default 17 name: config 18 data: 19 config.yaml: | 20 periodics: 21 - interval: 10m 22 agent: kubernetes 23 name: echo-test 24 spec: 25 containers: 26 - image: alpine 27 command: ["/bin/date"] 28 --- 29 apiVersion: apiextensions.k8s.io/v1beta1 30 kind: CustomResourceDefinition 31 metadata: 32 name: prowjobs.prow.k8s.io 33 spec: 34 group: prow.k8s.io 35 version: v1 36 names: 37 kind: ProwJob 38 singular: prowjob 39 plural: prowjobs 40 scope: Namespaced 41 validation: 42 openAPIV3Schema: 43 properties: 44 spec: 45 properties: 46 max_concurrency: 47 type: integer 48 minimum: 0 49 type: 50 type: string 51 enum: 52 - "presubmit" 53 - "postsubmit" 54 - "periodic" 55 - "batch" 56 status: 57 properties: 58 state: 59 type: string 60 enum: 61 - "triggered" 62 - "pending" 63 - "success" 64 - "failure" 65 - "aborted" 66 - "error" 67 anyOf: 68 - not: 69 properties: 70 state: 71 type: string 72 enum: 73 - "success" 74 - "failure" 75 - "error" 76 - "aborted" 77 - required: 78 - completionTime 79 --- 80 apiVersion: extensions/v1beta1 81 kind: Deployment 82 metadata: 83 namespace: default 84 name: hook 85 labels: 86 app: hook 87 spec: 88 replicas: 2 89 strategy: 90 type: RollingUpdate 91 rollingUpdate: 92 maxSurge: 1 93 maxUnavailable: 1 94 template: 95 metadata: 96 labels: 97 app: hook 98 spec: 99 serviceAccountName: "hook" 100 terminationGracePeriodSeconds: 180 101 containers: 102 - name: hook 103 image: gcr.io/k8s-prow/hook:v20181218-8eb6f41 104 imagePullPolicy: Always 105 args: 106 - --dry-run=false 107 ports: 108 - name: http 109 containerPort: 8888 110 volumeMounts: 111 - name: hmac 112 mountPath: /etc/webhook 113 readOnly: true 114 - name: oauth 115 mountPath: /etc/github 116 readOnly: true 117 - name: config 118 mountPath: /etc/config 119 readOnly: true 120 - name: plugins 121 mountPath: /etc/plugins 122 readOnly: true 123 volumes: 124 - name: hmac 125 secret: 126 secretName: hmac-token 127 - name: oauth 128 secret: 129 secretName: oauth-token 130 - name: config 131 configMap: 132 name: config 133 - name: plugins 134 configMap: 135 name: plugins 136 --- 137 apiVersion: v1 138 kind: Service 139 metadata: 140 namespace: default 141 name: hook 142 spec: 143 selector: 144 app: hook 145 ports: 146 - port: 8888 147 type: NodePort 148 --- 149 apiVersion: extensions/v1beta1 150 kind: Deployment 151 metadata: 152 namespace: default 153 name: plank 154 labels: 155 app: plank 156 spec: 157 replicas: 1 # Do not scale up. 158 strategy: 159 type: Recreate 160 template: 161 metadata: 162 labels: 163 app: plank 164 spec: 165 serviceAccountName: "plank" 166 containers: 167 - name: plank 168 image: gcr.io/k8s-prow/plank:v20181218-8eb6f41 169 args: 170 - --dry-run=false 171 volumeMounts: 172 - name: oauth 173 mountPath: /etc/github 174 readOnly: true 175 - name: config 176 mountPath: /etc/config 177 readOnly: true 178 volumes: 179 - name: oauth 180 secret: 181 secretName: oauth-token 182 - name: config 183 configMap: 184 name: config 185 --- 186 apiVersion: extensions/v1beta1 187 kind: Deployment 188 metadata: 189 namespace: default 190 name: sinker 191 labels: 192 app: sinker 193 spec: 194 replicas: 1 195 template: 196 metadata: 197 labels: 198 app: sinker 199 spec: 200 serviceAccountName: "sinker" 201 containers: 202 - name: sinker 203 image: gcr.io/k8s-prow/sinker:v20181218-8eb6f41 204 volumeMounts: 205 - name: config 206 mountPath: /etc/config 207 readOnly: true 208 volumes: 209 - name: config 210 configMap: 211 name: config 212 --- 213 apiVersion: extensions/v1beta1 214 kind: Deployment 215 metadata: 216 namespace: default 217 name: deck 218 labels: 219 app: deck 220 spec: 221 replicas: 2 222 strategy: 223 type: RollingUpdate 224 rollingUpdate: 225 maxSurge: 1 226 maxUnavailable: 1 227 template: 228 metadata: 229 labels: 230 app: deck 231 spec: 232 serviceAccountName: "deck" 233 terminationGracePeriodSeconds: 30 234 containers: 235 - name: deck 236 image: gcr.io/k8s-prow/deck:v20181218-8eb6f41 237 args: 238 - --tide-url=http://tide/ 239 - --hook-url=http://hook:8888/plugin-help 240 ports: 241 - name: http 242 containerPort: 8080 243 volumeMounts: 244 - name: config 245 mountPath: /etc/config 246 readOnly: true 247 volumes: 248 - name: config 249 configMap: 250 name: config 251 --- 252 apiVersion: v1 253 kind: Service 254 metadata: 255 namespace: default 256 name: deck 257 spec: 258 selector: 259 app: deck 260 ports: 261 - port: 80 262 targetPort: 8080 263 type: NodePort 264 --- 265 apiVersion: extensions/v1beta1 266 kind: Deployment 267 metadata: 268 namespace: default 269 name: horologium 270 labels: 271 app: horologium 272 spec: 273 replicas: 1 # Do not scale up. 274 strategy: 275 type: Recreate 276 template: 277 metadata: 278 labels: 279 app: horologium 280 spec: 281 serviceAccountName: "horologium" 282 terminationGracePeriodSeconds: 30 283 containers: 284 - name: horologium 285 image: gcr.io/k8s-prow/horologium:v20181218-8eb6f41 286 volumeMounts: 287 - name: config 288 mountPath: /etc/config 289 readOnly: true 290 volumes: 291 - name: config 292 configMap: 293 name: config 294 --- 295 apiVersion: extensions/v1beta1 296 kind: Deployment 297 metadata: 298 namespace: default 299 name: tide 300 labels: 301 app: tide 302 spec: 303 replicas: 1 # Do not scale up. 304 strategy: 305 type: Recreate 306 template: 307 metadata: 308 labels: 309 app: tide 310 spec: 311 serviceAccountName: "tide" 312 containers: 313 - name: tide 314 image: gcr.io/k8s-prow/tide:v20181218-8eb6f41 315 args: 316 - --dry-run=false 317 ports: 318 - name: http 319 containerPort: 8888 320 volumeMounts: 321 - name: oauth 322 mountPath: /etc/github 323 readOnly: true 324 - name: config 325 mountPath: /etc/config 326 readOnly: true 327 volumes: 328 - name: oauth 329 secret: 330 secretName: oauth-token 331 - name: config 332 configMap: 333 name: config 334 --- 335 apiVersion: v1 336 kind: Service 337 metadata: 338 namespace: default 339 name: tide 340 spec: 341 selector: 342 app: tide 343 ports: 344 - port: 80 345 targetPort: 8888 346 type: NodePort 347 --- 348 apiVersion: extensions/v1beta1 349 kind: Ingress 350 metadata: 351 namespace: default 352 name: ing 353 spec: 354 rules: 355 - http: 356 paths: 357 - path: / 358 backend: 359 serviceName: deck 360 servicePort: 80 361 - path: /hook 362 backend: 363 serviceName: hook 364 servicePort: 8888 365 --- 366 kind: ServiceAccount 367 apiVersion: v1 368 metadata: 369 namespace: default 370 name: "deck" 371 --- 372 kind: RoleBinding 373 apiVersion: rbac.authorization.k8s.io/v1beta1 374 metadata: 375 namespace: default 376 name: "deck" 377 roleRef: 378 apiGroup: rbac.authorization.k8s.io 379 kind: Role 380 name: "deck" 381 subjects: 382 - kind: ServiceAccount 383 name: "deck" 384 --- 385 kind: Role 386 apiVersion: rbac.authorization.k8s.io/v1beta1 387 metadata: 388 namespace: default 389 name: "deck" 390 rules: 391 - apiGroups: 392 - "" 393 resources: 394 - pods/log 395 verbs: 396 - get 397 - apiGroups: 398 - "prow.k8s.io" 399 resources: 400 - prowjobs 401 verbs: 402 - get 403 - list 404 --- 405 kind: ServiceAccount 406 apiVersion: v1 407 metadata: 408 namespace: default 409 name: "horologium" 410 --- 411 kind: Role 412 apiVersion: rbac.authorization.k8s.io/v1beta1 413 metadata: 414 namespace: default 415 name: "horologium" 416 rules: 417 - apiGroups: 418 - "prow.k8s.io" 419 resources: 420 - prowjobs 421 verbs: 422 - create 423 - list 424 --- 425 kind: RoleBinding 426 apiVersion: rbac.authorization.k8s.io/v1beta1 427 metadata: 428 namespace: default 429 name: "horologium" 430 roleRef: 431 apiGroup: rbac.authorization.k8s.io 432 kind: Role 433 name: "horologium" 434 subjects: 435 - kind: ServiceAccount 436 name: "horologium" 437 --- 438 kind: ServiceAccount 439 apiVersion: v1 440 metadata: 441 namespace: default 442 name: "plank" 443 --- 444 kind: Role 445 apiVersion: rbac.authorization.k8s.io/v1beta1 446 metadata: 447 namespace: default 448 name: "plank" 449 rules: 450 - apiGroups: 451 - "" 452 resources: 453 - pods 454 verbs: 455 - create 456 - delete 457 - list 458 - apiGroups: 459 - "prow.k8s.io" 460 resources: 461 - prowjobs 462 verbs: 463 - create 464 - list 465 - update 466 --- 467 kind: RoleBinding 468 apiVersion: rbac.authorization.k8s.io/v1beta1 469 metadata: 470 namespace: default 471 name: "plank" 472 roleRef: 473 apiGroup: rbac.authorization.k8s.io 474 kind: Role 475 name: "plank" 476 subjects: 477 - kind: ServiceAccount 478 name: "plank" 479 --- 480 kind: ServiceAccount 481 apiVersion: v1 482 metadata: 483 namespace: default 484 name: "sinker" 485 --- 486 kind: Role 487 apiVersion: rbac.authorization.k8s.io/v1beta1 488 metadata: 489 namespace: default 490 name: "sinker" 491 rules: 492 - apiGroups: 493 - "" 494 resources: 495 - pods 496 verbs: 497 - delete 498 - list 499 - apiGroups: 500 - "prow.k8s.io" 501 resources: 502 - prowjobs 503 verbs: 504 - delete 505 - list 506 --- 507 kind: RoleBinding 508 apiVersion: rbac.authorization.k8s.io/v1beta1 509 metadata: 510 namespace: default 511 name: "sinker" 512 roleRef: 513 apiGroup: rbac.authorization.k8s.io 514 kind: Role 515 name: "sinker" 516 subjects: 517 - kind: ServiceAccount 518 name: "sinker" 519 --- 520 apiVersion: v1 521 kind: ServiceAccount 522 metadata: 523 namespace: default 524 name: "hook" 525 --- 526 kind: Role 527 apiVersion: rbac.authorization.k8s.io/v1beta1 528 metadata: 529 namespace: default 530 name: "hook" 531 rules: 532 - apiGroups: 533 - "prow.k8s.io" 534 resources: 535 - prowjobs 536 verbs: 537 - create 538 - get 539 - apiGroups: 540 - "" 541 resources: 542 - configmaps 543 verbs: 544 - update 545 --- 546 kind: RoleBinding 547 apiVersion: rbac.authorization.k8s.io/v1beta1 548 metadata: 549 namespace: default 550 name: "hook" 551 roleRef: 552 apiGroup: rbac.authorization.k8s.io 553 kind: Role 554 name: "hook" 555 subjects: 556 - kind: ServiceAccount 557 name: "hook" 558 --- 559 apiVersion: v1 560 kind: ServiceAccount 561 metadata: 562 namespace: default 563 name: "tide" 564 --- 565 kind: Role 566 apiVersion: rbac.authorization.k8s.io/v1beta1 567 metadata: 568 namespace: default 569 name: "tide" 570 rules: 571 - apiGroups: 572 - "prow.k8s.io" 573 resources: 574 - prowjobs 575 verbs: 576 - create 577 - list 578 --- 579 kind: RoleBinding 580 apiVersion: rbac.authorization.k8s.io/v1beta1 581 metadata: 582 namespace: default 583 name: "tide" 584 roleRef: 585 apiGroup: rbac.authorization.k8s.io 586 kind: Role 587 name: "tide" 588 subjects: 589 - kind: ServiceAccount 590 name: "tide"