k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/deck_deployment.yaml (about) 1 # Copyright 2016 The Kubernetes Authors All rights reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 apiVersion: apps/v1 16 kind: Deployment 17 metadata: 18 namespace: default 19 name: deck 20 labels: 21 app: deck 22 spec: 23 replicas: 3 24 strategy: 25 type: RollingUpdate 26 rollingUpdate: 27 maxSurge: 1 28 maxUnavailable: 1 29 selector: 30 matchLabels: 31 app: deck 32 template: 33 metadata: 34 labels: 35 app: deck 36 spec: 37 serviceAccountName: deck 38 terminationGracePeriodSeconds: 30 39 containers: 40 - name: deck 41 image: gcr.io/k8s-prow/deck:v20240517-ea10bd814 42 imagePullPolicy: Always 43 ports: 44 - name: http 45 containerPort: 8080 46 - name: metrics 47 containerPort: 9090 48 args: 49 - --tide-url=http://tide/ 50 - --hook-url=http://hook:8888/plugin-help 51 - --redirect-http-to=prow.k8s.io 52 - --oauth-url=/github-login 53 - --config-path=/etc/config/config.yaml 54 - --job-config-path=/etc/job-config 55 - --spyglass=true 56 - --rerun-creates-job 57 - --github-token-path=/etc/github/oauth 58 - --github-endpoint=http://ghproxy 59 - --github-endpoint=https://api.github.com 60 - --github-oauth-config-file=/etc/githuboauth/secret 61 - --cookie-secret=/etc/cookie/secret 62 - --plugin-config=/etc/plugins/plugins.yaml 63 env: 64 # Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge. 65 - name: KUBECONFIG 66 value: "/etc/kubeconfig/config:/etc/kubeconfig-build-test-infra-trusted/kubeconfig:/etc/kubeconfig-build-k8s-prow-builds/kubeconfig:/etc/kubeconfig-build-rules-k8s/kubeconfig:/etc/kubeconfig-eks-prow-build-cluster/kubeconfig::/etc/kubeconfig-k8s-infra-kops-prow-build/kubeconfig" 67 # AWS_ variables needed to assume role to access the prow-build-cluster EKS cluster. 68 - name: AWS_ROLE_ARN 69 value: arn:aws:iam::468814281478:role/Prow-EKS-Admin 70 - name: AWS_WEB_IDENTITY_TOKEN_FILE 71 value: /var/run/secrets/aws-iam-token/serviceaccount/token 72 - name: AWS_REGION 73 value: us-east-2 74 volumeMounts: 75 - name: oauth-config 76 mountPath: /etc/githuboauth 77 readOnly: true 78 - name: cookie-secret 79 mountPath: /etc/cookie 80 readOnly: true 81 - mountPath: /etc/kubeconfig 82 name: kubeconfig 83 readOnly: true 84 - mountPath: /etc/kubeconfig-build-test-infra-trusted 85 name: kubeconfig-build-test-infra-trusted 86 readOnly: true 87 - mountPath: /etc/kubeconfig-build-k8s-prow-builds 88 name: kubeconfig-build-k8s-prow-builds 89 readOnly: true 90 - mountPath: /etc/kubeconfig-build-rules-k8s 91 name: kubeconfig-build-rules-k8s 92 readOnly: true 93 - mountPath: /etc/kubeconfig-eks-prow-build-cluster 94 name: kubeconfig-eks-prow-build-cluster 95 readOnly: true 96 - mountPath: /etc/kubeconfig-k8s-infra-kops-prow-build 97 name: kubeconfig-k8s-infra-kops-prow-build 98 readOnly: true 99 - name: config 100 mountPath: /etc/config 101 readOnly: true 102 - name: job-config 103 mountPath: /etc/job-config 104 readOnly: true 105 - name: oauth-token 106 mountPath: /etc/github 107 readOnly: true 108 - name: plugins 109 mountPath: /etc/plugins 110 readOnly: true 111 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 112 - name: aws-iam-token 113 mountPath: /var/run/secrets/aws-iam-token/serviceaccount 114 readOnly: true 115 livenessProbe: 116 httpGet: 117 path: /healthz 118 port: 8081 119 initialDelaySeconds: 3 120 periodSeconds: 3 121 readinessProbe: 122 httpGet: 123 path: /healthz/ready 124 port: 8081 125 initialDelaySeconds: 10 126 periodSeconds: 3 127 timeoutSeconds: 600 128 volumes: 129 - name: oauth-config 130 secret: 131 secretName: github-oauth-config 132 - name: oauth-token 133 secret: 134 secretName: oauth-token 135 - name: cookie-secret 136 secret: 137 secretName: cookie 138 - name: kubeconfig 139 secret: 140 defaultMode: 420 141 secretName: kubeconfig 142 - name: kubeconfig-build-test-infra-trusted 143 secret: 144 defaultMode: 420 145 secretName: kubeconfig-build-test-infra-trusted 146 - name: kubeconfig-build-k8s-prow-builds 147 secret: 148 defaultMode: 420 149 secretName: kubeconfig-build-k8s-prow-builds 150 - name: kubeconfig-build-rules-k8s 151 secret: 152 defaultMode: 420 153 secretName: kubeconfig-build-rules-k8s 154 - name: kubeconfig-eks-prow-build-cluster 155 secret: 156 defaultMode: 420 157 secretName: kubeconfig-eks-prow-build-cluster 158 - name: kubeconfig-k8s-infra-kops-prow-build 159 secret: 160 defaultMode: 420 161 secretName: kubeconfig-k8s-infra-kops-prow-build 162 - name: config 163 configMap: 164 name: config 165 - name: job-config 166 configMap: 167 name: job-config 168 - name: plugins 169 configMap: 170 name: plugins 171 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 172 - name: aws-iam-token 173 projected: 174 defaultMode: 420 175 sources: 176 - serviceAccountToken: 177 audience: sts.amazonaws.com 178 expirationSeconds: 86400 179 path: token