k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/crier_deployment.yaml (about) 1 # Copyright 2019 The Kubernetes Authors All rights reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 apiVersion: apps/v1 16 kind: Deployment 17 metadata: 18 namespace: default 19 name: crier 20 labels: 21 app: crier 22 spec: 23 replicas: 1 24 selector: 25 matchLabels: 26 app: crier 27 template: 28 metadata: 29 labels: 30 app: crier 31 spec: 32 serviceAccountName: crier 33 terminationGracePeriodSeconds: 30 34 containers: 35 - name: crier 36 image: gcr.io/k8s-prow/crier:v20240517-ea10bd814 37 args: 38 - --blob-storage-workers=1 39 - --config-path=/etc/config/config.yaml 40 - --github-endpoint=http://ghproxy 41 - --github-endpoint=https://api.github.com 42 - --github-token-path=/etc/github/oauth 43 - --github-workers=5 44 - --job-config-path=/etc/job-config 45 - --kubernetes-blob-storage-workers=1 46 - --slack-token-file=/etc/slack/token 47 - --slack-workers=1 48 env: 49 # Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge. 50 - name: KUBECONFIG 51 value: "/etc/kubeconfig/config:/etc/kubeconfig-build-test-infra-trusted/kubeconfig:/etc/kubeconfig-build-k8s-prow-builds/kubeconfig:/etc/kubeconfig-build-rules-k8s/kubeconfig:/etc/kubeconfig-eks-prow-build-cluster/kubeconfig:/etc/kubeconfig-k8s-infra-kops-prow-build/kubeconfig" 52 # AWS_ variables needed to assume role to access the prow-build-cluster EKS cluster. 53 - name: AWS_ROLE_ARN 54 value: arn:aws:iam::468814281478:role/Prow-EKS-Admin 55 - name: AWS_WEB_IDENTITY_TOKEN_FILE 56 value: /var/run/secrets/aws-iam-token/serviceaccount/token 57 - name: AWS_REGION 58 value: us-east-2 59 ports: 60 - name: metrics 61 containerPort: 9090 62 volumeMounts: 63 - mountPath: /etc/kubeconfig 64 name: kubeconfig 65 readOnly: true 66 - mountPath: /etc/kubeconfig-build-test-infra-trusted 67 name: kubeconfig-build-test-infra-trusted 68 readOnly: true 69 - mountPath: /etc/kubeconfig-build-k8s-prow-builds 70 name: kubeconfig-build-k8s-prow-builds 71 readOnly: true 72 - mountPath: /etc/kubeconfig-build-rules-k8s 73 name: kubeconfig-build-rules-k8s 74 readOnly: true 75 - mountPath: /etc/kubeconfig-eks-prow-build-cluster 76 name: kubeconfig-eks-prow-build-cluster 77 readOnly: true 78 - mountPath: /etc/kubeconfig-k8s-infra-kops-prow-build 79 name: kubeconfig-k8s-infra-kops-prow-build 80 readOnly: true 81 - name: config 82 mountPath: /etc/config 83 readOnly: true 84 - name: job-config 85 mountPath: /etc/job-config 86 readOnly: true 87 - name: oauth 88 mountPath: /etc/github 89 readOnly: true 90 - name: slack 91 mountPath: /etc/slack 92 readOnly: true 93 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 94 - name: aws-iam-token 95 mountPath: /var/run/secrets/aws-iam-token/serviceaccount 96 readOnly: true 97 volumes: 98 - name: config 99 configMap: 100 name: config 101 - name: job-config 102 configMap: 103 name: job-config 104 - name: oauth 105 secret: 106 secretName: oauth-token 107 - name: slack 108 secret: 109 secretName: slack-token 110 - name: kubeconfig 111 secret: 112 defaultMode: 420 113 secretName: kubeconfig 114 - name: kubeconfig-build-test-infra-trusted 115 secret: 116 defaultMode: 420 117 secretName: kubeconfig-build-test-infra-trusted 118 - name: kubeconfig-build-k8s-prow-builds 119 secret: 120 defaultMode: 420 121 secretName: kubeconfig-build-k8s-prow-builds 122 - name: kubeconfig-build-rules-k8s 123 secret: 124 defaultMode: 420 125 secretName: kubeconfig-build-rules-k8s 126 - name: kubeconfig-eks-prow-build-cluster 127 secret: 128 defaultMode: 420 129 secretName: kubeconfig-eks-prow-build-cluster 130 - name: kubeconfig-k8s-infra-kops-prow-build 131 secret: 132 defaultMode: 420 133 secretName: kubeconfig-k8s-infra-kops-prow-build 134 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 135 - name: aws-iam-token 136 projected: 137 defaultMode: 420 138 sources: 139 - serviceAccountToken: 140 audience: sts.amazonaws.com 141 expirationSeconds: 86400 142 path: token