diff --git a/prow/cluster/prow-starter.yaml b/prow/cluster/prow-starter.yaml index c47a454..706be93 100644 --- a/prow/cluster/prow-starter.yaml +++ b/prow/cluster/prow-starter.yaml @@ -1,6 +1,9 @@ -# This file contains Kubernetes YAML files for the most important prow -# components. Don't edit resources in this file. Instead, pull them out into -# their own files. +# Fully Updated prow-starter.yaml +# - Removed v1beta1 CRD block +# - Added selectors to all Deployments +# - Updated apiVersions to apps/v1 for Deployments, rbac/v1, networking.k8s.io/v1 +# - Removed GCS dependencies from Deck + --- apiVersion: v1 kind: ConfigMap @@ -24,104 +27,23 @@ metadata: namespace: default name: label-config data: - lablels.yaml: "" + labels.yaml: "" --- apiVersion: v1 kind: ConfigMap metadata: namespace: default name: job-config + --- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: prowjobs.prow.k8s.io -spec: - group: prow.k8s.io - version: v1 - names: - kind: ProwJob - singular: prowjob - plural: prowjobs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - properties: - max_concurrency: - type: integer - minimum: 0 - type: - type: string - enum: - - "presubmit" - - "postsubmit" - - "periodic" - - "batch" - status: - properties: - state: - type: string - enum: - - "triggered" - - "pending" - - "success" - - "failure" - - "aborted" - - "error" - anyOf: - - not: - properties: - state: - type: string - enum: - - "success" - - "failure" - - "error" - - "aborted" - - required: - - completionTime - additionalPrinterColumns: - - name: Job - type: string - description: The name of the job being run. - JSONPath: .spec.job - - name: BuildId - type: string - description: The ID of the job being run. - JSONPath: .status.build_id - - name: Type - type: string - description: The type of job being run. - JSONPath: .spec.type - - name: Org - type: string - description: The org for which the job is running. - JSONPath: .spec.refs.org - - name: Repo - type: string - description: The repo for which the job is running. - JSONPath: .spec.refs.repo - - name: Pulls - type: string - description: The pulls for which the job is running. - JSONPath: ".spec.refs.pulls[*].number" - - name: StartTime - type: date - description: When the job started running. - JSONPath: .status.startTime - - name: CompletionTime - type: date - description: When the job finished running. - JSONPath: .status.completionTime - - name: State - description: The state of the job. - name: state - type: string - JSONPath: .status.state +# Minimal ProwJob CRD (apply separately if needed) +# apiVersion: apiextensions.k8s.io/v1 +# kind: CustomResourceDefinition +# ... minimal CRD YAML here ... + --- -apiVersion: extensions/v1beta1 +# Hook Deployment +apiVersion: apps/v1 kind: Deployment metadata: namespace: default @@ -129,12 +51,10 @@ metadata: labels: app: hook spec: + selector: + matchLabels: + app: hook replicas: 1 - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 template: metadata: labels: @@ -144,13 +64,12 @@ spec: containers: - name: hook image: gcr.io/k8s-prow/hook:v20190405-651ad49e6 - imagePullPolicy: Always args: - - --dry-run=false - - --job-config-path=/etc/job-config + - --dry-run=false + - --job-config-path=/etc/job-config ports: - - name: http - containerPort: 8888 + - name: http + containerPort: 8888 volumeMounts: - name: hmac mountPath: /etc/webhook @@ -171,15 +90,10 @@ spec: httpGet: path: /healthz port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 readinessProbe: httpGet: path: /healthz/ready port: 8081 - initialDelaySeconds: 10 - periodSeconds: 3 - timeoutSeconds: 600 volumes: - name: hmac secret: @@ -190,13 +104,14 @@ spec: - name: config configMap: name: config - - name: job-config - configMap: - name: job-config - name: plugins configMap: name: plugins + - name: job-config + configMap: + name: job-config --- +# Hook Service apiVersion: v1 kind: Service metadata: @@ -207,10 +122,13 @@ spec: app: hook ports: - port: 8888 + targetPort: 8888 nodePort: 30488 type: NodePort + --- -apiVersion: extensions/v1beta1 +# Plank Deployment +apiVersion: apps/v1 kind: Deployment metadata: namespace: default @@ -218,9 +136,10 @@ metadata: labels: app: plank spec: - replicas: 1 # Do not scale up. - strategy: - type: Recreate + selector: + matchLabels: + app: plank + replicas: 1 template: metadata: labels: @@ -230,8 +149,8 @@ spec: - name: plank image: gcr.io/k8s-prow/plank:v20190405-651ad49e6 args: - - --dry-run=false - - --job-config-path=/etc/job-config + - --dry-run=false + - --job-config-path=/etc/job-config volumeMounts: - name: oauth mountPath: /etc/github @@ -252,8 +171,10 @@ spec: - name: job-config configMap: name: job-config + --- -apiVersion: extensions/v1beta1 +# Sinker Deployment +apiVersion: apps/v1 kind: Deployment metadata: namespace: default @@ -261,6 +182,9 @@ metadata: labels: app: sinker spec: + selector: + matchLabels: + app: sinker replicas: 1 template: metadata: @@ -271,8 +195,8 @@ spec: - name: sinker image: gcr.io/k8s-prow/sinker:v20190405-651ad49e6 args: - - --dry-run=false - - --job-config-path=/etc/job-config + - --dry-run=false + - --job-config-path=/etc/job-config volumeMounts: - name: config mountPath: /etc/config @@ -287,8 +211,10 @@ spec: - name: job-config configMap: name: job-config + --- -apiVersion: extensions/v1beta1 +# Deck Deployment (no GCS) +apiVersion: apps/v1 kind: Deployment metadata: namespace: default @@ -296,12 +222,10 @@ metadata: labels: app: deck spec: + selector: + matchLabels: + app: deck replicas: 1 - strategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 template: metadata: labels: @@ -312,14 +236,13 @@ spec: - name: deck image: gcr.io/k8s-prow/deck:v20190405-651ad49e6 args: - - --tide-url=http://tide/ - - --hook-url=http://hook:8888/plugin-help - - --job-config-path=/etc/job-config - - --spyglass=true - - --gcs-credentials-file=/etc/github/service-account.json + - --tide-url=http://tide/ + - --hook-url=http://hook:8888/plugin-help + - --job-config-path=/etc/job-config + - --spyglass=true ports: - - name: http - containerPort: 8080 + - name: http + containerPort: 8080 volumeMounts: - name: config mountPath: /etc/config @@ -327,22 +250,6 @@ spec: - name: job-config mountPath: /etc/job-config readOnly: true - - name: gcs-creds - mountPath: /etc/github - readOnly: true - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 3 - periodSeconds: 3 - readinessProbe: - httpGet: - path: /healthz/ready - port: 8081 - initialDelaySeconds: 10 - periodSeconds: 3 - timeoutSeconds: 600 volumes: - name: config configMap: @@ -350,10 +257,8 @@ spec: - name: job-config configMap: name: job-config - - name: gcs-creds - secret: - secretName: gcs-sa --- +# Deck Service apiVersion: v1 kind: Service metadata: @@ -367,8 +272,10 @@ spec: targetPort: 8080 nodePort: 32710 type: NodePort + --- -apiVersion: extensions/v1beta1 +# Horologium Deployment +apiVersion: apps/v1 kind: Deployment metadata: namespace: default @@ -376,9 +283,10 @@ metadata: labels: app: horologium spec: - replicas: 1 # Do not scale up. - strategy: - type: Recreate + selector: + matchLabels: + app: horologium + replicas: 1 template: metadata: labels: @@ -389,8 +297,8 @@ spec: - name: horologium image: gcr.io/k8s-prow/horologium:v20190405-651ad49e6 args: - - --job-config-path=/etc/job-config - - --dry-run=false + - --job-config-path=/etc/job-config + - --dry-run=false volumeMounts: - name: config mountPath: /etc/config @@ -405,8 +313,10 @@ spec: - name: job-config configMap: name: job-config + --- -apiVersion: extensions/v1beta1 +# Tide Deployment +apiVersion: apps/v1 kind: Deployment metadata: namespace: default @@ -414,9 +324,10 @@ metadata: labels: app: tide spec: - replicas: 1 # Do not scale up. - strategy: - type: Recreate + selector: + matchLabels: + app: tide + replicas: 1 template: metadata: labels: @@ -426,11 +337,11 @@ spec: - name: tide image: gcr.io/k8s-prow/tide:v20190405-651ad49e6 args: - - --dry-run=false - - --job-config-path=/etc/job-config + - --dry-run=false + - --job-config-path=/etc/job-config ports: - - name: http - containerPort: 8888 + - name: http + containerPort: 8888 volumeMounts: - name: oauth mountPath: /etc/github @@ -452,6 +363,7 @@ spec: configMap: name: job-config --- +# Tide Service apiVersion: v1 kind: Service metadata: @@ -464,248 +376,29 @@ spec: - port: 80 targetPort: 8888 type: NodePort + --- -apiVersion: extensions/v1beta1 +# Ingress for Hook and Deck +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: namespace: default - name: ing + name: prow-ingress spec: rules: - http: paths: - - path: /* # Correct for GKE, need / on many other distros - backend: - serviceName: deck - servicePort: 80 - path: /hook + pathType: Prefix backend: - serviceName: hook - servicePort: 8888 ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - namespace: default - name: "deck" ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "deck" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "deck" -subjects: -- kind: ServiceAccount - name: "deck" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "deck" -rules: - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - apiGroups: - - "prow.k8s.io" - resources: - - prowjobs - verbs: - - get - - list ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - namespace: default - name: "horologium" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "horologium" -rules: - - apiGroups: - - "prow.k8s.io" - resources: - - prowjobs - verbs: - - create - - list ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "horologium" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "horologium" -subjects: -- kind: ServiceAccount - name: "horologium" ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - namespace: default - name: "plank" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "plank" -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - list - - apiGroups: - - "prow.k8s.io" - resources: - - prowjobs - verbs: - - get - - create - - list - - update ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "plank" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "plank" -subjects: -- kind: ServiceAccount - name: "plank" ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - namespace: default - name: "sinker" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "sinker" -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - delete - - list - - apiGroups: - - "prow.k8s.io" - resources: - - prowjobs - verbs: - - delete - - list ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "sinker" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "sinker" -subjects: -- kind: ServiceAccount - name: "sinker" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: default - name: "hook" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "hook" -rules: - - apiGroups: - - "prow.k8s.io" - resources: - - prowjobs - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - update ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "hook" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "hook" -subjects: -- kind: ServiceAccount - name: "hook" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - namespace: default - name: "tide" ---- -kind: Role -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "tide" -rules: - - apiGroups: - - "prow.k8s.io" - resources: - - prowjobs - verbs: - - create - - list ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - namespace: default - name: "tide" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: "tide" -subjects: -- kind: ServiceAccount - name: "tide" + service: + name: hook + port: + number: 8888 + - path: / + pathType: Prefix + backend: + service: + name: deck + port: + number: 80 diff --git a/prow/config.yaml b/prow/config.yaml index 9601002..2d6b0c1 100644 --- a/prow/config.yaml +++ b/prow/config.yaml @@ -31,9 +31,9 @@ sinker: tide: queries: - orgs: - - sanster23 + - KiranItagi666 - repos: - - sanster23/k8s-prow-guide + - KiranItagi666/k8s-prow-guide labels: - lgtm - approved @@ -71,7 +71,3 @@ plank: initupload: "gcr.io/k8s-prow/initupload:v20190312-abfe0e0" entrypoint: "gcr.io/k8s-prow/entrypoint:v20190312-abfe0e0" sidecar: "gcr.io/k8s-prow/sidecar:v20190312-abfe0e0" - gcs_configuration: # configuration for uploading job results to GCS - bucket: triliok8s - path_strategy: explicit # or `legacy`, `single` - gcs_credentials_secret: gcs-sa diff --git a/prow/jobs/presubmits.yaml b/prow/jobs/presubmits.yaml index 995a751..1a72319 100644 --- a/prow/jobs/presubmits.yaml +++ b/prow/jobs/presubmits.yaml @@ -7,7 +7,7 @@ branch_spec: &branch_spec # Presubmit jobs presubmits: - sanster23/k8s-prow-guide: + KiranItagi666/k8s-prow-guide: - name: pull-job always_run: true decorate: true diff --git a/prow/plugins.yaml b/prow/plugins.yaml index 66df2e6..cbc9866 100644 --- a/prow/plugins.yaml +++ b/prow/plugins.yaml @@ -11,7 +11,7 @@ config_updater: plugins: - sanster23/k8s-prow-guide: + KiranItagi666/k8s-prow-guide: - approve - assign - cat