--- apiVersion: apps/v1 kind: Deployment metadata: namespace: default name: prow-controller-manager labels: app: prow-controller-manager spec: selector: matchLabels: app: prow-controller-manager replicas: 1 strategy: type: Recreate template: metadata: labels: app: prow-controller-manager spec: serviceAccountName: "prow-controller-manager" containers: - name: prow-controller-manager image: gcr.io/k8s-prow/prow-controller-manager:v20240805-37a08f946 env: - name: AWS_REGION value: eu-west-1 args: - --dry-run=false - --config-path=/etc/config/config.yaml - --job-config-path=/etc/job-config - --enable-controller=plank # - --kubeconfig=/etc/kubeconfig/config ports: - name: metrics containerPort: 9090 resources: limits: cpu: 100m memory: 256M requests: cpu: 100m memory: 256M volumeMounts: - name: config mountPath: /etc/config readOnly: true - name: job-config mountPath: /etc/job-config readOnly: true # - name: kubeconfig # mountPath: /etc/kubeconfig # readOnly: true volumes: # - name: kubeconfig # secret: # defaultMode: 0644 # secretName: kubeconfig - name: config configMap: name: config - name: job-config configMap: name: job-config nodeSelector: Archtype: "x86" --- apiVersion: v1 kind: ServiceAccount metadata: namespace: default name: "prow-controller-manager" annotations: eks.amazonaws.com/role-arn: arn:aws:iam::292999226676:role/falco-prow-test-infra-prow_s3_access --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: "prow-controller-manager" rules: - apiGroups: - coordination.k8s.io resources: - leases resourceNames: - prow-controller-manager-leader-lock verbs: - get - update - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - apiGroups: - "" resources: - configmaps resourceNames: - prow-controller-manager-leader-lock verbs: - get - update - apiGroups: - "" resources: - configmaps - events verbs: - create - apiGroups: - prow.k8s.io resources: - prowjobs verbs: - get - update - list - watch - update - patch --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: test-pods name: prow-controller-manager rules: - apiGroups: - "" resources: - pods verbs: - delete - list - watch - create - patch - get --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: prow-controller-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: prow-controller-manager subjects: - kind: ServiceAccount name: prow-controller-manager --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: test-pods name: prow-controller-manager roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: prow-controller-manager subjects: - kind: ServiceAccount name: prow-controller-manager namespace: default