---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: crier
  labels:
    app: crier
spec:
  replicas: 1
  selector:
    matchLabels:
      app: crier
  template:
    metadata:
      labels:
        app: crier
    spec:
      serviceAccountName: crier
      terminationGracePeriodSeconds: 30
      containers:
      - name: crier
        image: gcr.io/k8s-prow/crier:v20230315-6d54c174f4
        env:
        - name: AWS_REGION
          value: eu-west-1
        args:
        - --github-workers=2
        - --kubernetes-blob-storage-workers=2
        - --blob-storage-workers=2
        #- --kubeconfig=/etc/kubeconfig/config
        - --config-path=/etc/config/config.yaml
        - --job-config-path=/etc/job-config
        - --github-endpoint=http://ghproxy
        - --github-endpoint=https://api.github.com
        - --github-token-path=/etc/github/oauth
        ports:
        - name: metrics
          containerPort: 9090
        resources:
          limits:
            cpu: 100m
            memory: 256M
          requests:
            cpu: 100m
            memory: 256M
        volumeMounts:
        - name: config
          mountPath: /etc/config
          readOnly: true
        - name: job-config
          mountPath: /etc/job-config
          readOnly: true
        - name: oauth
          mountPath: /etc/github
          readOnly: true
        # - name: kubeconfig
        #   mountPath: /etc/kubeconfig
        #   readOnly: true
      volumes:
      # - name: kubeconfig
      #   secret:
      #     defaultMode: 0644
      #     secretName: kubeconfig
      - name: config
        configMap:
          name: config
      - name: job-config
        configMap:
          name: job-config
      - name: oauth
        secret:
          secretName: oauth-token
      nodeSelector:
        Archtype: "x86"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: default
  name: "crier"
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::292999226676:role/falco-prow-test-infra-prow_s3_access
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: crier
rules:
- apiGroups:
    - "prow.k8s.io"
  resources:
    - "prowjobs"
  verbs:
    - "get"
    - "watch"
    - "list"
    - "patch"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: test-pods
  name: crier
rules:
- apiGroups:
    - ""
  resources:
    - "pods"
    - "events"
  verbs:
    - "get"
    - "list"
- apiGroups:
    - ""
  resources:
    - "pods"
  verbs:
    - "patch"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: crier
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: crier
subjects:
- kind: ServiceAccount
  name: crier
  namespace: default
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: crier
  namespace: test-pods
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: crier
subjects:
- kind: ServiceAccount
  name: crier
  namespace: default