k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/hook_deployment.yaml (about) 1 # Copyright 2016 The Kubernetes Authors All rights reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 apiVersion: apps/v1 16 kind: Deployment 17 metadata: 18 namespace: default 19 name: hook 20 labels: 21 app: hook 22 spec: 23 replicas: 4 24 strategy: 25 type: RollingUpdate 26 rollingUpdate: 27 maxSurge: 1 28 maxUnavailable: 1 29 selector: 30 matchLabels: 31 app: hook 32 template: 33 metadata: 34 labels: 35 app: hook 36 spec: 37 serviceAccountName: hook 38 terminationGracePeriodSeconds: 180 39 containers: 40 - name: hook 41 image: gcr.io/k8s-prow/hook:v20240517-ea10bd814 42 imagePullPolicy: Always 43 args: 44 - --dry-run=false 45 - --slack-token-file=/etc/slack/token 46 - --github-endpoint=http://ghproxy 47 - --github-endpoint=https://api.github.com 48 - --github-token-path=/etc/github/oauth 49 - --config-path=/etc/config/config.yaml 50 - --job-config-path=/etc/job-config 51 env: 52 # Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge. 53 - name: KUBECONFIG 54 value: "/etc/kubeconfig/config:/etc/kubeconfig-build-test-infra-trusted/kubeconfig:/etc/kubeconfig-build-k8s-prow-builds/kubeconfig:/etc/kubeconfig-build-rules-k8s/kubeconfig:/etc/kubeconfig-eks-prow-build-cluster/kubeconfig::/etc/kubeconfig-k8s-infra-kops-prow-build/kubeconfig" 55 # AWS_ variables needed to assume role to access the prow-build-cluster EKS cluster. 56 - name: AWS_ROLE_ARN 57 value: arn:aws:iam::468814281478:role/Prow-EKS-Admin 58 - name: AWS_WEB_IDENTITY_TOKEN_FILE 59 value: /var/run/secrets/aws-iam-token/serviceaccount/token 60 - name: AWS_REGION 61 value: us-east-2 62 ports: 63 - name: http 64 containerPort: 8888 65 - name: metrics 66 containerPort: 9090 67 volumeMounts: 68 - name: slack 69 mountPath: /etc/slack 70 - name: hmac 71 mountPath: /etc/webhook 72 readOnly: true 73 - name: oauth 74 mountPath: /etc/github 75 readOnly: true 76 - name: config 77 mountPath: /etc/config 78 readOnly: true 79 - name: job-config 80 mountPath: /etc/job-config 81 readOnly: true 82 - name: plugins 83 mountPath: /etc/plugins 84 readOnly: true 85 - name: cat-api 86 mountPath: /etc/cat-api 87 readOnly: true 88 - name: unsplash-api 89 mountPath: /etc/unsplash-api 90 readOnly: true 91 - name: kubeconfig 92 mountPath: /etc/kubeconfig 93 readOnly: true 94 - mountPath: /etc/kubeconfig-build-test-infra-trusted 95 name: kubeconfig-build-test-infra-trusted 96 readOnly: true 97 - mountPath: /etc/kubeconfig-build-k8s-prow-builds 98 name: kubeconfig-build-k8s-prow-builds 99 readOnly: true 100 - mountPath: /etc/kubeconfig-build-rules-k8s 101 name: kubeconfig-build-rules-k8s 102 readOnly: true 103 - mountPath: /etc/kubeconfig-eks-prow-build-cluster 104 name: kubeconfig-eks-prow-build-cluster 105 readOnly: true 106 - mountPath: /etc/kubeconfig-k8s-infra-kops-prow-build 107 name: kubeconfig-k8s-infra-kops-prow-build 108 readOnly: true 109 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 110 - mountPath: /var/run/secrets/aws-iam-token/serviceaccount 111 name: aws-iam-token 112 readOnly: true 113 livenessProbe: 114 httpGet: 115 path: /healthz 116 port: 8081 117 initialDelaySeconds: 3 118 periodSeconds: 3 119 readinessProbe: 120 httpGet: 121 path: /healthz/ready 122 port: 8081 123 initialDelaySeconds: 10 124 periodSeconds: 3 125 timeoutSeconds: 600 126 volumes: 127 - name: slack 128 secret: 129 secretName: slack-token 130 - name: hmac 131 secret: 132 secretName: hmac-token 133 - name: oauth 134 secret: 135 secretName: oauth-token 136 - name: config 137 configMap: 138 name: config 139 - name: job-config 140 configMap: 141 name: job-config 142 - name: plugins 143 configMap: 144 name: plugins 145 - name: cat-api 146 configMap: 147 name: cat-api-key 148 - name: unsplash-api 149 secret: 150 secretName: unsplash-api-key 151 - name: kubeconfig 152 secret: 153 defaultMode: 420 154 secretName: kubeconfig 155 - name: kubeconfig-build-test-infra-trusted 156 secret: 157 defaultMode: 420 158 secretName: kubeconfig-build-test-infra-trusted 159 - name: kubeconfig-build-k8s-prow-builds 160 secret: 161 defaultMode: 420 162 secretName: kubeconfig-build-k8s-prow-builds 163 - name: kubeconfig-build-rules-k8s 164 secret: 165 defaultMode: 420 166 secretName: kubeconfig-build-rules-k8s 167 - name: kubeconfig-eks-prow-build-cluster 168 secret: 169 defaultMode: 420 170 secretName: kubeconfig-eks-prow-build-cluster 171 - name: kubeconfig-k8s-infra-kops-prow-build 172 secret: 173 defaultMode: 420 174 secretName: kubeconfig-k8s-infra-kops-prow-build 175 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 176 - name: aws-iam-token 177 projected: 178 defaultMode: 420 179 sources: 180 - serviceAccountToken: 181 audience: sts.amazonaws.com 182 expirationSeconds: 86400 183 path: token