Last active
August 13, 2023 08:36
-
-
Save la3rence/79ba7d87cb8a3a44916162d4dece0c66 to your computer and use it in GitHub Desktop.
Kubernetes Prow Deploy Manifest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| namespace: default | |
| name: plugins | |
| data: | |
| plugins.yaml: "" | |
| --- | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| namespace: default | |
| name: config | |
| data: | |
| config.yaml: | | |
| prowjob_namespace: default | |
| pod_namespace: test-pods | |
| periodics: | |
| - interval: 10m | |
| agent: kubernetes | |
| name: echo-test | |
| spec: | |
| containers: | |
| - image: alpine | |
| command: ["/bin/date"] | |
| --- | |
| apiVersion: apiextensions.k8s.io/v1beta1 | |
| kind: CustomResourceDefinition | |
| metadata: | |
| name: prowjobs.prow.k8s.io | |
| spec: | |
| group: prow.k8s.io | |
| version: v1 | |
| names: | |
| kind: ProwJob | |
| singular: prowjob | |
| plural: prowjobs | |
| scope: Namespaced | |
| validation: | |
| openAPIV3Schema: | |
| properties: | |
| spec: | |
| properties: | |
| max_concurrency: | |
| type: integer | |
| minimum: 0 | |
| type: | |
| type: string | |
| enum: | |
| - "presubmit" | |
| - "postsubmit" | |
| - "periodic" | |
| - "batch" | |
| status: | |
| properties: | |
| state: | |
| type: string | |
| enum: | |
| - "triggered" | |
| - "pending" | |
| - "success" | |
| - "failure" | |
| - "aborted" | |
| - "error" | |
| anyOf: | |
| - not: | |
| properties: | |
| state: | |
| type: string | |
| enum: | |
| - "success" | |
| - "failure" | |
| - "error" | |
| - "aborted" | |
| - required: | |
| - completionTime | |
| additionalPrinterColumns: | |
| - name: Job | |
| type: string | |
| description: The name of the job being run. | |
| JSONPath: .spec.job | |
| - name: BuildId | |
| type: string | |
| description: The ID of the job being run. | |
| JSONPath: .status.build_id | |
| - name: Type | |
| type: string | |
| description: The type of job being run. | |
| JSONPath: .spec.type | |
| - name: Org | |
| type: string | |
| description: The org for which the job is running. | |
| JSONPath: .spec.refs.org | |
| - name: Repo | |
| type: string | |
| description: The repo for which the job is running. | |
| JSONPath: .spec.refs.repo | |
| - name: Pulls | |
| type: string | |
| description: The pulls for which the job is running. | |
| JSONPath: ".spec.refs.pulls[*].number" | |
| - name: StartTime | |
| type: date | |
| description: When the job started running. | |
| JSONPath: .status.startTime | |
| - name: CompletionTime | |
| type: date | |
| description: When the job finished running. | |
| JSONPath: .status.completionTime | |
| - name: State | |
| description: The state of the job. | |
| type: string | |
| JSONPath: .status.state | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| namespace: default | |
| name: hook | |
| labels: | |
| app: hook | |
| spec: | |
| replicas: 2 | |
| strategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxSurge: 1 | |
| maxUnavailable: 1 | |
| selector: | |
| matchLabels: | |
| app: hook | |
| template: | |
| metadata: | |
| labels: | |
| app: hook | |
| spec: | |
| serviceAccountName: "hook" | |
| terminationGracePeriodSeconds: 180 | |
| containers: | |
| - name: hook | |
| image: magicsong/hook:v20190711-664ef040d | |
| args: | |
| - --dry-run=false | |
| - --config-path=/etc/config/config.yaml | |
| ports: | |
| - name: http | |
| containerPort: 8888 | |
| volumeMounts: | |
| - name: hmac | |
| mountPath: /etc/webhook | |
| readOnly: true | |
| - name: oauth | |
| mountPath: /etc/github | |
| readOnly: true | |
| - name: config | |
| mountPath: /etc/config | |
| readOnly: true | |
| - name: plugins | |
| mountPath: /etc/plugins | |
| readOnly: true | |
| # livenessProbe: | |
| # httpGet: | |
| # path: /healthz | |
| # port: 8081 | |
| # initialDelaySeconds: 3 | |
| # periodSeconds: 3 | |
| # readinessProbe: | |
| # httpGet: | |
| # path: /healthz/ready | |
| # port: 8081 | |
| # initialDelaySeconds: 10 | |
| # periodSeconds: 3 | |
| # timeoutSeconds: 600 | |
| volumes: | |
| - name: hmac | |
| secret: | |
| secretName: hmac-token | |
| - name: oauth | |
| secret: | |
| secretName: oauth-token | |
| - name: config | |
| configMap: | |
| name: config | |
| - name: plugins | |
| configMap: | |
| name: plugins | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| namespace: default | |
| name: hook | |
| spec: | |
| selector: | |
| app: hook | |
| ports: | |
| - port: 8888 | |
| type: NodePort | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| namespace: default | |
| name: plank | |
| labels: | |
| app: plank | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: plank | |
| replicas: 1 # Do not scale up. | |
| strategy: | |
| type: Recreate | |
| template: | |
| metadata: | |
| labels: | |
| app: plank | |
| spec: | |
| serviceAccountName: "plank" | |
| containers: | |
| - name: plank | |
| image: magicsong/plank:v20190711-664ef040d | |
| args: | |
| - --dry-run=false | |
| - --config-path=/etc/config/config.yaml | |
| volumeMounts: | |
| - name: oauth | |
| mountPath: /etc/github | |
| readOnly: true | |
| - name: config | |
| mountPath: /etc/config | |
| readOnly: true | |
| volumes: | |
| - name: oauth | |
| secret: | |
| secretName: oauth-token | |
| - name: config | |
| configMap: | |
| name: config | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| namespace: default | |
| name: sinker | |
| labels: | |
| app: sinker | |
| spec: | |
| selector: | |
| matchLabels: | |
| app: sinker | |
| replicas: 1 | |
| template: | |
| metadata: | |
| labels: | |
| app: sinker | |
| spec: | |
| serviceAccountName: "sinker" | |
| containers: | |
| - name: sinker | |
| image: magicsong/sinker:v20190711-664ef040d | |
| args: | |
| - --config-path=/etc/config/config.yaml | |
| volumeMounts: | |
| - name: config | |
| mountPath: /etc/config | |
| readOnly: true | |
| volumes: | |
| - name: config | |
| configMap: | |
| name: config | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| namespace: default | |
| name: deck | |
| labels: | |
| app: deck | |
| spec: | |
| replicas: 2 | |
| strategy: | |
| type: RollingUpdate | |
| rollingUpdate: | |
| maxSurge: 1 | |
| maxUnavailable: 1 | |
| selector: | |
| matchLabels: | |
| app: deck | |
| template: | |
| metadata: | |
| labels: | |
| app: deck | |
| spec: | |
| serviceAccountName: "deck" | |
| terminationGracePeriodSeconds: 30 | |
| containers: | |
| - name: deck | |
| image: magicsong/deck:v20190711-664ef040d | |
| args: | |
| - --config-path=/etc/config/config.yaml | |
| - --tide-url=http://tide/ | |
| - --hook-url=http://hook:8888/plugin-help | |
| ports: | |
| - name: http | |
| containerPort: 8080 | |
| volumeMounts: | |
| - name: config | |
| mountPath: /etc/config | |
| readOnly: true | |
| livenessProbe: | |
| httpGet: | |
| path: /healthz | |
| port: 8081 | |
| initialDelaySeconds: 3 | |
| periodSeconds: 3 | |
| readinessProbe: | |
| httpGet: | |
| path: /healthz/ready | |
| port: 8081 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 3 | |
| timeoutSeconds: 600 | |
| volumes: | |
| - name: config | |
| configMap: | |
| name: config | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| namespace: default | |
| name: deck | |
| spec: | |
| selector: | |
| app: deck | |
| ports: | |
| - port: 80 | |
| targetPort: 8080 | |
| type: NodePort | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| namespace: default | |
| name: horologium | |
| labels: | |
| app: horologium | |
| spec: | |
| replicas: 1 # Do not scale up. | |
| strategy: | |
| type: Recreate | |
| selector: | |
| matchLabels: | |
| app: horologium | |
| template: | |
| metadata: | |
| labels: | |
| app: horologium | |
| spec: | |
| serviceAccountName: "horologium" | |
| terminationGracePeriodSeconds: 30 | |
| containers: | |
| - name: horologium | |
| image: magicsong/horologium:v20190711-664ef040d | |
| args: | |
| - --config-path=/etc/config/config.yaml | |
| volumeMounts: | |
| - name: config | |
| mountPath: /etc/config | |
| readOnly: true | |
| volumes: | |
| - name: config | |
| configMap: | |
| name: config | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| namespace: default | |
| name: tide | |
| labels: | |
| app: tide | |
| spec: | |
| replicas: 1 # Do not scale up. | |
| strategy: | |
| type: Recreate | |
| selector: | |
| matchLabels: | |
| app: tide | |
| template: | |
| metadata: | |
| labels: | |
| app: tide | |
| spec: | |
| serviceAccountName: "tide" | |
| containers: | |
| - name: tide | |
| image: magicsong/tide:v20190711-664ef040d | |
| args: | |
| - --dry-run=false | |
| - --config-path=/etc/config/config.yaml | |
| ports: | |
| - name: http | |
| containerPort: 8888 | |
| volumeMounts: | |
| - name: oauth | |
| mountPath: /etc/github | |
| readOnly: true | |
| - name: config | |
| mountPath: /etc/config | |
| readOnly: true | |
| volumes: | |
| - name: oauth | |
| secret: | |
| secretName: oauth-token | |
| - name: config | |
| configMap: | |
| name: config | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| namespace: default | |
| name: tide | |
| spec: | |
| selector: | |
| app: tide | |
| ports: | |
| - port: 80 | |
| targetPort: 8888 | |
| type: NodePort | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| namespace: default | |
| name: ing | |
| annotations: | |
| nginx.ingress.kubernetes.io/ssl-redirect: "false" | |
| spec: | |
| rules: | |
| - host: prow.your-domain.com # 这里换成你的域名 | |
| http: | |
| paths: | |
| - path: / # Correct for GKE, need / on many other distros | |
| backend: | |
| serviceName: deck | |
| servicePort: 80 | |
| - path: /hook | |
| backend: | |
| serviceName: hook | |
| servicePort: 8888 | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: statusreconciler | |
| namespace: default | |
| labels: | |
| app: statusreconciler | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: statusreconciler | |
| template: | |
| metadata: | |
| labels: | |
| app: statusreconciler | |
| spec: | |
| serviceAccountName: statusreconciler | |
| terminationGracePeriodSeconds: 180 | |
| containers: | |
| - name: statusreconciler | |
| image: magicsong/status-reconciler:v20190711-664ef040d | |
| args: | |
| - --dry-run=false | |
| - --continue-on-error=true | |
| - --plugin-config=/etc/plugins/plugins.yaml | |
| - --config-path=/etc/config/config.yaml | |
| - --github-token-path=/etc/github/oauth | |
| volumeMounts: | |
| - name: oauth | |
| mountPath: /etc/github | |
| readOnly: true | |
| - name: config | |
| mountPath: /etc/config | |
| readOnly: true | |
| - name: plugins | |
| mountPath: /etc/plugins | |
| readOnly: true | |
| volumes: | |
| - name: oauth | |
| secret: | |
| secretName: oauth-token | |
| - name: config | |
| configMap: | |
| name: config | |
| - name: plugins | |
| configMap: | |
| name: plugins | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: test-pods | |
| --- | |
| kind: ServiceAccount | |
| apiVersion: v1 | |
| metadata: | |
| namespace: default | |
| name: "deck" | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "deck" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "deck" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "deck" | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: test-pods | |
| name: "deck" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "deck" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "deck" | |
| namespace: default | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "deck" | |
| rules: | |
| - apiGroups: | |
| - "prow.k8s.io" | |
| resources: | |
| - prowjobs | |
| verbs: | |
| - get | |
| - list | |
| # Required when deck runs with `--rerun-creates-job=true` | |
| # **Warning:** Only use this for non-public deck instances, this allows | |
| # anyone with access to your Deck instance to create new Prowjobs | |
| # - create | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: test-pods | |
| name: "deck" | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods/log | |
| verbs: | |
| - get | |
| --- | |
| kind: ServiceAccount | |
| apiVersion: v1 | |
| metadata: | |
| namespace: default | |
| name: "horologium" | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "horologium" | |
| rules: | |
| - apiGroups: | |
| - "prow.k8s.io" | |
| resources: | |
| - prowjobs | |
| verbs: | |
| - create | |
| - list | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "horologium" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "horologium" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "horologium" | |
| --- | |
| kind: ServiceAccount | |
| apiVersion: v1 | |
| metadata: | |
| namespace: default | |
| name: "plank" | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "plank" | |
| rules: | |
| - apiGroups: | |
| - "prow.k8s.io" | |
| resources: | |
| - prowjobs | |
| verbs: | |
| - get | |
| - create | |
| - list | |
| - update | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: test-pods | |
| name: "plank" | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| verbs: | |
| - create | |
| - delete | |
| - list | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "plank" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "plank" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "plank" | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: test-pods | |
| name: "plank" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "plank" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "plank" | |
| namespace: default | |
| --- | |
| kind: ServiceAccount | |
| apiVersion: v1 | |
| metadata: | |
| namespace: default | |
| name: "sinker" | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "sinker" | |
| rules: | |
| - apiGroups: | |
| - "prow.k8s.io" | |
| resources: | |
| - prowjobs | |
| verbs: | |
| - delete | |
| - list | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: test-pods | |
| name: "sinker" | |
| rules: | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - pods | |
| verbs: | |
| - delete | |
| - list | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "sinker" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "sinker" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "sinker" | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: test-pods | |
| name: "sinker" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "sinker" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "sinker" | |
| namespace: default | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| namespace: default | |
| name: "hook" | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "hook" | |
| rules: | |
| - apiGroups: | |
| - "prow.k8s.io" | |
| resources: | |
| - prowjobs | |
| verbs: | |
| - create | |
| - get | |
| - apiGroups: | |
| - "" | |
| resources: | |
| - configmaps | |
| verbs: | |
| - create | |
| - get | |
| - update | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "hook" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "hook" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "hook" | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| namespace: default | |
| name: "tide" | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "tide" | |
| rules: | |
| - apiGroups: | |
| - "prow.k8s.io" | |
| resources: | |
| - prowjobs | |
| verbs: | |
| - create | |
| - list | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "tide" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "tide" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "tide" | |
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| namespace: default | |
| name: "statusreconciler" | |
| --- | |
| kind: Role | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "statusreconciler" | |
| rules: | |
| - apiGroups: | |
| - "prow.k8s.io" | |
| resources: | |
| - prowjobs | |
| verbs: | |
| - create | |
| --- | |
| kind: RoleBinding | |
| apiVersion: rbac.authorization.k8s.io/v1beta1 | |
| metadata: | |
| namespace: default | |
| name: "statusreconciler" | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: Role | |
| name: "statusreconciler" | |
| subjects: | |
| - kind: ServiceAccount | |
| name: "statusreconciler" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment