k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/prow_controller_manager_deployment.yaml (about) 1 # Copyright 2020 The Kubernetes Authors All rights reserved. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 apiVersion: apps/v1 16 kind: Deployment 17 metadata: 18 namespace: default 19 name: prow-controller-manager 20 labels: 21 app: prow-controller-manager 22 spec: 23 # Mutually exclusive with plank. Only one of them may have more than zero replicas. 24 replicas: 1 25 strategy: 26 type: RollingUpdate 27 rollingUpdate: 28 maxSurge: 1 29 maxUnavailable: 1 30 revisionHistoryLimit: 2 31 selector: 32 matchLabels: 33 app: prow-controller-manager 34 template: 35 metadata: 36 labels: 37 app: prow-controller-manager 38 spec: 39 serviceAccountName: prow-controller-manager 40 containers: 41 - name: prow-controller-manager 42 image: gcr.io/k8s-prow/prow-controller-manager:v20240517-ea10bd814 43 args: 44 - --config-path=/etc/config/config.yaml 45 - --dry-run=false 46 - --enable-controller=plank 47 - --job-config-path=/etc/job-config 48 env: 49 # Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge. 50 - name: KUBECONFIG 51 value: "/etc/kubeconfig/config:/etc/kubeconfig-build-test-infra-trusted/kubeconfig:/etc/kubeconfig-build-k8s-prow-builds/kubeconfig:/etc/kubeconfig-build-rules-k8s/kubeconfig:/etc/kubeconfig-eks-prow-build-cluster/kubeconfig::/etc/kubeconfig-k8s-infra-kops-prow-build/kubeconfig" 52 # AWS_ variables needed to assume role to access the prow-build-cluster EKS cluster. 53 - name: AWS_ROLE_ARN 54 value: arn:aws:iam::468814281478:role/Prow-EKS-Admin 55 - name: AWS_WEB_IDENTITY_TOKEN_FILE 56 value: /var/run/secrets/aws-iam-token/serviceaccount/token 57 - name: AWS_REGION 58 value: us-east-2 59 ports: 60 - name: metrics 61 containerPort: 9090 62 volumeMounts: 63 - mountPath: /etc/kubeconfig 64 name: kubeconfig 65 readOnly: true 66 - mountPath: /etc/kubeconfig-build-test-infra-trusted 67 name: kubeconfig-build-test-infra-trusted 68 readOnly: true 69 - mountPath: /etc/kubeconfig-build-k8s-prow-builds 70 name: kubeconfig-build-k8s-prow-builds 71 readOnly: true 72 - mountPath: /etc/kubeconfig-build-rules-k8s 73 name: kubeconfig-build-rules-k8s 74 readOnly: true 75 - mountPath: /etc/kubeconfig-eks-prow-build-cluster 76 name: kubeconfig-eks-prow-build-cluster 77 readOnly: true 78 - mountPath: /etc/kubeconfig-k8s-infra-kops-prow-build 79 name: kubeconfig-k8s-infra-kops-prow-build 80 readOnly: true 81 - name: config 82 mountPath: /etc/config 83 readOnly: true 84 - name: job-config 85 mountPath: /etc/job-config 86 readOnly: true 87 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 88 - name: aws-iam-token 89 mountPath: /var/run/secrets/aws-iam-token/serviceaccount 90 readOnly: true 91 livenessProbe: # Pod is killed if this fails 3 times. 92 httpGet: 93 path: /healthz 94 port: 8081 95 initialDelaySeconds: 10 96 periodSeconds: 5 97 readinessProbe: # Pod is not considered ready (for rolling deploy and request routing) if this fails 3 times. 98 httpGet: 99 path: /healthz/ready 100 port: 8081 101 initialDelaySeconds: 10 102 periodSeconds: 3 103 volumes: 104 - name: kubeconfig 105 secret: 106 defaultMode: 420 107 secretName: kubeconfig 108 - name: kubeconfig-build-test-infra-trusted 109 secret: 110 defaultMode: 420 111 secretName: kubeconfig-build-test-infra-trusted 112 - name: kubeconfig-build-k8s-prow-builds 113 secret: 114 defaultMode: 420 115 secretName: kubeconfig-build-k8s-prow-builds 116 - name: kubeconfig-build-rules-k8s 117 secret: 118 defaultMode: 420 119 secretName: kubeconfig-build-rules-k8s 120 - name: kubeconfig-eks-prow-build-cluster 121 secret: 122 defaultMode: 420 123 secretName: kubeconfig-eks-prow-build-cluster 124 - name: kubeconfig-k8s-infra-kops-prow-build 125 secret: 126 defaultMode: 420 127 secretName: kubeconfig-k8s-infra-kops-prow-build 128 - name: config 129 configMap: 130 name: config 131 - name: job-config 132 configMap: 133 name: job-config 134 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 135 - name: aws-iam-token 136 projected: 137 defaultMode: 420 138 sources: 139 - serviceAccountToken: 140 audience: sts.amazonaws.com 141 expirationSeconds: 86400 142 path: token