kubernetes · k8s-ci-robot · Aug 6, 2021 · Jun 16, 2021
diff --git a/apps/prow/Makefile b/apps/prow/Makefile
@@ -0,0 +1,29 @@
+# Copyright 2021 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+SHELL := /usr/bin/env bash
+
+# These are the usual GKE variables.
+PROJECT	?= kubernetes-public
+REGION	?= us-central1
+CLUSTER	?= aaa
+
+get-cluster-credentials:
+	gcloud container clusters get-credentials "$(CLUSTER)" --project="$(PROJECT)" --region="$(REGION)
+
+update-config: get-cluster-credentials
+	kubectl create configmap config --from-file=config.yaml=config.yaml --dry-run -o yaml | kubectl replace configmap config -f -
+
+update-plugins: get-cluster-credentials
+	kubectl create configmap plugins --from-file=plugins.yaml=plugins.yaml --dry-run -o yaml | kubectl replace configmap plugins -f -
diff --git a/apps/prow/cluster/100_prowjob_customresourcedefinition.yaml b/apps/prow/cluster/100_prowjob_customresourcedefinition.yaml
@@ -0,0 +1,95 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: prowjobs.prow.k8s.io
+  annotations:
+    "api-approved.kubernetes.io": "https://github.com/kubernetes/test-infra/pull/8669"
+spec:
+  group: prow.k8s.io
+  names:
+    kind: ProwJob
+    singular: prowjob
+    plural: prowjobs
+  scope: Namespaced
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              max_concurrency:
+                type: integer
+                minimum: 0
+              type:
+                type: string
+                enum:
+                - "presubmit"
+                - "postsubmit"
+                - "periodic"
+                - "batch"
+          status:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+            properties:
+              state:
+                type: string
+                enum:
+                - "triggered"
+                - "pending"
+                - "success"
+                - "failure"
+                - "aborted"
+                - "error"
+            anyOf:
+            - not:
+                properties:
+                  state:
+                    enum:
+                    - "success"
+                    - "failure"
+                    - "error"
+            - required:
+              - completionTime
+    additionalPrinterColumns:
+    - name: Job
+      type: string
+      description: The name of the job being run.
+      jsonPath: .spec.job
+    - name: BuildId
+      type: string
+      description: The ID of the job being run.
+      jsonPath: .status.build_id
+    - name: Type
+      type: string
+      description: The type of job being run.
+      jsonPath: .spec.type
+    - name: Org
+      type: string
+      description: The org for which the job is running.
+      jsonPath: .spec.refs.org
+    - name: Repo
+      type: string
+      description: The repo for which the job is running.
+      jsonPath: .spec.refs.repo
+    - name: Pulls
+      type: string
+      description: The pulls for which the job is running.
+      jsonPath: ".spec.refs.pulls[*].number"
+    - name: StartTime
+      type: date
+      description: When the job started running.
+      jsonPath: .status.startTime
+    - name: CompletionTime
+      type: date
+      description: When the job finished running.
+      jsonPath: .status.completionTime
+    - name: State
+      description: The state of the job.
+      type: string
+      jsonPath: .status.state
diff --git a/apps/prow/cluster/crier_deployment.yaml b/apps/prow/cluster/crier_deployment.yaml
@@ -0,0 +1,80 @@
+# Copyright 2021 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: prow
+  name: crier
+  labels:
+    app: crier
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: crier
+  template:
+    metadata:
+      labels:
+        app: crier
+    spec:
+      serviceAccountName: crier
+      terminationGracePeriodSeconds: 30
+      containers:
+      - name: crier
+        image: gcr.io/k8s-prow/crier:v20210407-51f95c2d52
+        args:
+        - --blob-storage-workers=1
+        - --config-path=/etc/config/config.yaml
+        - --github-endpoint=http://ghproxy.prow.svc.cluster.local
+        - --github-endpoint=https://api.github.com
+        - --github-token-path=/etc/github/token
+        - --github-workers=5
+        - --job-config-path=/etc/job-config
+        - --kubeconfig=/etc/kubeconfig/config
+        - --kubernetes-blob-storage-workers=1
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - "ALL"
+          privileged: false
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - mountPath: /etc/kubeconfig
+          name: kubeconfig
+          readOnly: true
+        - name: config
+          mountPath: /etc/config
+          readOnly: true
+        - name: job-config
+          mountPath: /etc/job-config
+          readOnly: true
+        - name: token
+          mountPath: /etc/github
+          readOnly: true
+      volumes:
+      - name: config
+        configMap:
+          name: config
+      - name: job-config
+        configMap:
+          name: job-config
+      - name: github-token
+        secret:
+          secretName: k8s-infra-ci-robot-github-token
+      - name: kubeconfig
+        secret:
+          defaultMode: 420
+          secretName: k8s-infra-build-clusters-config
diff --git a/apps/prow/cluster/crier_rbac.yaml b/apps/prow/cluster/crier_rbac.yaml
@@ -0,0 +1,66 @@
+# Copyright 2021 The Kubernetes Authors All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  annotations:
+    iam.gke.io/gcp-service-account: [email protected]
+  name: crier
+  namespace: prow
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+    namespace: prow
+    name: crier
+rules:
+- apiGroups:
+    - "prow.k8s.io"
+  resources:
+    - "prowjobs"
+  verbs:
+    - "get"
+    - "watch"
+    - "list"
+    - "patch"
+- apiGroups:
+    - ""
+  resources:
+    - "pods"
+    - "events"
+  verbs:
+    - "get"
+    - "list"
+- apiGroups:
+    - ""
+  resources:
+    - "pods"
+  verbs:
+    - "patch"
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: crier-namespaced
+  namespace: prow
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: crier
+subjects:
+- kind: ServiceAccount
+  name: crier
+  namespace: prow
diff --git a/apps/prow/cluster/crier_service.yaml b/apps/prow/cluster/crier_service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: crier
+    namespace: prow
+  name: crier
+spec:
+  ports:
+    - name: metrics
+      port: 9090
+  selector:
+    app: crier