github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/prow/cluster/deck_tenant_deployment.yaml (about) 1 # Copyright 2021 The Kubernetes Authors All rights reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 apiVersion: apps/v1 16 kind: Deployment 17 metadata: 18 namespace: default 19 name: deck-tenanted 20 labels: 21 app: deck-tenanted 22 spec: 23 replicas: 1 24 strategy: 25 type: RollingUpdate 26 rollingUpdate: 27 maxSurge: 1 28 maxUnavailable: 1 29 selector: 30 matchLabels: 31 app: deck-tenanted 32 template: 33 metadata: 34 labels: 35 app: deck-tenanted 36 spec: 37 serviceAccountName: deck-tenanted 38 terminationGracePeriodSeconds: 30 39 containers: 40 - name: deck-tenanted 41 image: localhost:5001/deck 42 imagePullPolicy: Always 43 ports: 44 - name: http 45 containerPort: 8080 46 args: 47 - --tide-url=http://tide/ 48 - --hook-url=http://hook:8888/plugin-help 49 - --oauth-url=/github-login 50 - --config-path=/etc/config/config.yaml 51 - --job-config-path=/etc/job-config 52 - --spyglass=true 53 - --tenant-id=tester 54 - --rerun-creates-job 55 - --github-token-path=/etc/github/oauth 56 - --github-endpoint=http://fakeghserver 57 - --github-oauth-config-file=/etc/githuboauth/secret 58 - --cookie-secret=/etc/cookie/secret 59 - --plugin-config=/etc/plugins/plugins.yaml 60 env: 61 # Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge. 62 - name: KUBECONFIG 63 value: "/etc/kubeconfig/config" 64 volumeMounts: 65 - name: oauth-config 66 mountPath: /etc/githuboauth 67 readOnly: true 68 - name: cookie-secret 69 mountPath: /etc/cookie 70 readOnly: true 71 - mountPath: /etc/kubeconfig 72 name: kubeconfig 73 readOnly: true 74 - name: config 75 mountPath: /etc/config 76 readOnly: true 77 - name: job-config 78 mountPath: /etc/job-config 79 readOnly: true 80 - name: oauth-token 81 mountPath: /etc/github 82 readOnly: true 83 - name: plugins 84 mountPath: /etc/plugins 85 readOnly: true 86 livenessProbe: 87 httpGet: 88 path: /healthz 89 port: 8081 90 initialDelaySeconds: 3 91 periodSeconds: 3 92 readinessProbe: 93 httpGet: 94 path: /healthz/ready 95 port: 8081 96 initialDelaySeconds: 10 97 periodSeconds: 3 98 timeoutSeconds: 600 99 volumes: 100 - name: oauth-config 101 secret: 102 secretName: github-oauth-config 103 - name: oauth-token 104 secret: 105 secretName: oauth-token 106 - name: cookie-secret 107 secret: 108 secretName: cookie 109 - name: kubeconfig 110 secret: 111 defaultMode: 420 112 secretName: kubeconfig 113 - name: config 114 configMap: 115 name: config 116 - name: job-config 117 configMap: 118 name: job-config 119 - name: plugins 120 configMap: 121 name: plugins 122 --- 123 apiVersion: v1 124 kind: Service 125 metadata: 126 labels: 127 app: deck-tenanted 128 namespace: default 129 name: deck-tenanted 130 spec: 131 selector: 132 app: deck-tenanted 133 ports: 134 - name: main 135 port: 80 136 targetPort: 8080 137 protocol: TCP 138 - name: metrics 139 port: 9090 140 protocol: TCP 141 type: NodePort 142 --- 143 apiVersion: v1 144 kind: ServiceAccount 145 metadata: 146 namespace: default 147 name: deck-tenanted 148 --- 149 kind: Role 150 apiVersion: rbac.authorization.k8s.io/v1 151 metadata: 152 namespace: default 153 name: deck-tenanted 154 rules: 155 - apiGroups: 156 - "prow.k8s.io" 157 resources: 158 - prowjobs 159 verbs: 160 - get 161 - list 162 - watch 163 # Required when deck runs with `--rerun-creates-job=true` 164 - create 165 --- 166 kind: Role 167 apiVersion: rbac.authorization.k8s.io/v1 168 metadata: 169 namespace: test-pods 170 name: deck-tenanted 171 rules: 172 - apiGroups: 173 - "" 174 resources: 175 - pods/log 176 verbs: 177 - get 178 --- 179 kind: RoleBinding 180 apiVersion: rbac.authorization.k8s.io/v1 181 metadata: 182 namespace: default 183 name: deck-tenanted 184 roleRef: 185 apiGroup: rbac.authorization.k8s.io 186 kind: Role 187 name: deck-tenanted 188 subjects: 189 - kind: ServiceAccount 190 name: deck-tenanted 191 --- 192 kind: RoleBinding 193 apiVersion: rbac.authorization.k8s.io/v1 194 metadata: 195 namespace: test-pods 196 name: deck-tenanted 197 roleRef: 198 apiGroup: rbac.authorization.k8s.io 199 kind: Role 200 name: deck-tenanted 201 subjects: 202 - kind: ServiceAccount 203 name: deck-tenanted 204 namespace: default