---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: default
  name: prow-controller-manager
  labels:
    app: prow-controller-manager
spec:
  selector:
    matchLabels:
      app: prow-controller-manager
  replicas: 1
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: prow-controller-manager
    spec:
      serviceAccountName: "prow-controller-manager"
      containers:
        - name: prow-controller-manager
          image: gcr.io/k8s-prow/prow-controller-manager:v20230315-6d54c174f4
          env:
          - name: AWS_REGION
            value: eu-west-1
          args:
            - --dry-run=false
            - --config-path=/etc/config/config.yaml
            - --job-config-path=/etc/job-config
            - --enable-controller=plank
            # - --kubeconfig=/etc/kubeconfig/config
          ports:
          - name: metrics
            containerPort: 9090
          resources:
            limits:
              cpu: 100m
              memory: 256M
            requests:
              cpu: 100m
              memory: 256M
          volumeMounts:
            - name: config
              mountPath: /etc/config
              readOnly: true
            - name: job-config
              mountPath: /etc/job-config
              readOnly: true
            # - name: kubeconfig
            #   mountPath: /etc/kubeconfig
            #   readOnly: true
      volumes:
        # - name: kubeconfig
        #   secret:
        #     defaultMode: 0644
        #     secretName: kubeconfig
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
      nodeSelector:
        Archtype: "x86"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: default
  name: "prow-controller-manager"
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::292999226676:role/falco-prow-test-infra-prow_s3_access
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: "prow-controller-manager"
rules:
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  resourceNames:
  - prow-controller-manager-leader-lock
  verbs:
  - get
  - update
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
- apiGroups:
  - ""
  resources:
  - configmaps
  resourceNames:
  - prow-controller-manager-leader-lock
  verbs:
  - get
  - update
- apiGroups:
  - ""
  resources:
  - configmaps
  - events
  verbs:
  - create
- apiGroups:
  - prow.k8s.io
  resources:
  - prowjobs
  verbs:
  - get
  - update
  - list
  - watch
  - update
  - patch
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: test-pods
  name: prow-controller-manager
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - create
      - delete
      - list
      - watch
      - create
      - patch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: prow-controller-manager
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: prow-controller-manager
subjects:
- kind: ServiceAccount
  name: prow-controller-manager
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: test-pods
  name: prow-controller-manager
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: prow-controller-manager
subjects:
- kind: ServiceAccount
  name: prow-controller-manager
  namespace: default