k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/config/prow/cluster/sinker_deployment.yaml (about) 1 apiVersion: apps/v1 2 kind: Deployment 3 metadata: 4 namespace: default 5 name: sinker 6 labels: 7 app: sinker 8 spec: 9 replicas: 1 10 selector: 11 matchLabels: 12 app: sinker 13 template: 14 metadata: 15 labels: 16 app: sinker 17 spec: 18 serviceAccountName: sinker 19 containers: 20 - name: sinker 21 args: 22 - --config-path=/etc/config/config.yaml 23 - --job-config-path=/etc/job-config 24 - --dry-run=false 25 image: gcr.io/k8s-prow/sinker:v20240517-ea10bd814 26 env: 27 # Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge. 28 - name: KUBECONFIG 29 value: "/etc/kubeconfig/config:/etc/kubeconfig-build-test-infra-trusted/kubeconfig:/etc/kubeconfig-build-k8s-prow-builds/kubeconfig:/etc/kubeconfig-build-rules-k8s/kubeconfig:/etc/kubeconfig-eks-prow-build-cluster/kubeconfig::/etc/kubeconfig-k8s-infra-kops-prow-build/kubeconfig" 30 # AWS_ variables needed to assume role to access the prow-build-cluster EKS cluster. 31 - name: AWS_ROLE_ARN 32 value: arn:aws:iam::468814281478:role/Prow-EKS-Admin 33 - name: AWS_WEB_IDENTITY_TOKEN_FILE 34 value: /var/run/secrets/aws-iam-token/serviceaccount/token 35 - name: AWS_REGION 36 value: us-east-2 37 ports: 38 - name: metrics 39 containerPort: 9090 40 volumeMounts: 41 - mountPath: /etc/kubeconfig 42 name: kubeconfig 43 readOnly: true 44 - mountPath: /etc/kubeconfig-build-test-infra-trusted 45 name: kubeconfig-build-test-infra-trusted 46 readOnly: true 47 - mountPath: /etc/kubeconfig-build-k8s-prow-builds 48 name: kubeconfig-build-k8s-prow-builds 49 readOnly: true 50 - mountPath: /etc/kubeconfig-build-rules-k8s 51 name: kubeconfig-build-rules-k8s 52 readOnly: true 53 - mountPath: /etc/kubeconfig-eks-prow-build-cluster 54 name: kubeconfig-eks-prow-build-cluster 55 readOnly: true 56 - mountPath: /etc/kubeconfig-k8s-infra-kops-prow-build 57 name: kubeconfig-k8s-infra-kops-prow-build 58 readOnly: true 59 - name: config 60 mountPath: /etc/config 61 readOnly: true 62 - name: job-config 63 mountPath: /etc/job-config 64 readOnly: true 65 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 66 - name: aws-iam-token 67 mountPath: /var/run/secrets/aws-iam-token/serviceaccount 68 readOnly: true 69 volumes: 70 - name: kubeconfig 71 secret: 72 defaultMode: 420 73 secretName: kubeconfig 74 - name: kubeconfig-build-test-infra-trusted 75 secret: 76 defaultMode: 420 77 secretName: kubeconfig-build-test-infra-trusted 78 - name: kubeconfig-build-k8s-prow-builds 79 secret: 80 defaultMode: 420 81 secretName: kubeconfig-build-k8s-prow-builds 82 - name: kubeconfig-build-rules-k8s 83 secret: 84 defaultMode: 420 85 secretName: kubeconfig-build-rules-k8s 86 - name: kubeconfig-eks-prow-build-cluster 87 secret: 88 defaultMode: 420 89 secretName: kubeconfig-eks-prow-build-cluster 90 - name: kubeconfig-k8s-infra-kops-prow-build 91 secret: 92 defaultMode: 420 93 secretName: kubeconfig-k8s-infra-kops-prow-build 94 - name: config 95 configMap: 96 name: config 97 - name: job-config 98 configMap: 99 name: job-config 100 # AWS IAM token needed to assume role to access the prow-build-cluster EKS cluster. 101 - name: aws-iam-token 102 projected: 103 defaultMode: 420 104 sources: 105 - serviceAccountToken: 106 audience: sts.amazonaws.com 107 expirationSeconds: 86400 108 path: token