-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathdeck_deployment.yaml
137 lines (136 loc) · 4.03 KB
/
deck_deployment.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Copyright 2016 The Kubernetes Authors All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: deck
labels:
app: deck
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
selector:
matchLabels:
app: deck
template:
metadata:
labels:
app: deck
spec:
serviceAccountName: deck
terminationGracePeriodSeconds: 30
containers:
- name: deck
image: gcr.io/k8s-prow/deck:v20240805-37a08f946
imagePullPolicy: Always
ports:
- name: http
containerPort: 8080
- name: metrics
containerPort: 9090
args:
- --tide-url=http://tide/
- --hook-url=http://hook:8888/plugin-help
- --redirect-http-to=prow.k8s.io
- --oauth-url=/github-login
- --config-path=/etc/config/config.yaml
- --job-config-path=/etc/job-config
- --spyglass=true
- --rerun-creates-job
- --github-app-id=$(GITHUB_APP_ID)
- --github-app-private-key-path=/etc/github/cert
- --github-endpoint=http://ghproxy
- --github-endpoint=https://api.github.com
- --github-oauth-config-file=/etc/githuboauth/secret
- --cookie-secret=/etc/cookie/secret
- --plugin-config=/etc/plugins/plugins.yaml
env:
# Use KUBECONFIG envvar rather than --kubeconfig flag in order to provide multiple configs to merge.
- name: KUBECONFIG
value: "/etc/kubeconfig-default/config:/etc/kubeconfig-prow-trusted/config"
- name: GITHUB_APP_ID
valueFrom:
secretKeyRef:
name: github-app-token
key: appid
volumeMounts:
- name: oauth-config
mountPath: /etc/githuboauth
readOnly: true
- name: cookie-secret
mountPath: /etc/cookie
readOnly: true
- mountPath: /etc/kubeconfig-prow-trusted
name: kubeconfig-prow-trusted
readOnly: true
- mountPath: /etc/kubeconfig-default
name: kubeconfig-prow-untrusted
readOnly: true
- name: config
mountPath: /etc/config
readOnly: true
- name: job-config
mountPath: /etc/job-config
readOnly: true
- name: oauth-token
mountPath: /etc/github
readOnly: true
- name: plugins
mountPath: /etc/plugins
readOnly: true
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 3
periodSeconds: 3
readinessProbe:
httpGet:
path: /healthz/ready
port: 8081
initialDelaySeconds: 10
periodSeconds: 3
timeoutSeconds: 600
volumes:
- name: oauth-config
secret:
secretName: github-oauth-config
- name: oauth-token
secret:
secretName: github-app-token
- name: cookie-secret
secret:
secretName: cookie
- name: kubeconfig-prow-trusted
secret:
defaultMode: 420
secretName: kubeconfig-prow-trusted
- name: kubeconfig-prow-untrusted
secret:
defaultMode: 420
secretName: kubeconfig-prow-untrusted
- name: config
configMap:
name: config
- name: job-config
configMap:
name: job-config
- name: plugins
configMap:
name: plugins