---
kind: ServiceAccount
apiVersion: v1
metadata:
  namespace: default
  name: "sinker"
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: "sinker"
rules:
  - apiGroups:
    - "prow.k8s.io"
    resources:
    - prowjobs
    verbs:
    - delete
    - list
    - watch
    - get
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leases
    resourceNames:
    - prow-sinker-leaderlock
    verbs:
    - get
    - update
  - apiGroups:
    - coordination.k8s.io
    resources:
    - leases
    verbs:
    - create
  - apiGroups:
    - ""
    resources:
    - configmaps
    resourceNames:
    - prow-sinker-leaderlock
    verbs:
    - get
    - update
  - apiGroups:
    - ""
    resources:
    - configmaps
    - events
    verbs:
    - create
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: test-pods
  name: "sinker"
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - delete
      - list
      - watch
      - get
      - patch
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: default
  name: "sinker"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: "sinker"
subjects:
- kind: ServiceAccount
  name: "sinker"
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: test-pods
  name: "sinker"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: "sinker"
subjects:
- kind: ServiceAccount
  name: "sinker"
  namespace: default
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: default
  name: sinker
  labels:
    app: sinker
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sinker
  template:
    metadata:
      labels:
        app: sinker
    spec:
      serviceAccountName: "sinker"
      containers:
      - name: sinker
        image: gcr.io/k8s-prow/sinker:v20240805-37a08f946
        args:
        - --config-path=/etc/config/config.yaml
        - --job-config-path=/etc/job-config
        # - --kubeconfig=/etc/kubeconfig/config
        - --dry-run=false
        ports:
        - name: metrics
          containerPort: 9090
        resources:
          limits:
            cpu: 100m
            memory: 256M
          requests:
            cpu: 100m
            memory: 256M
        volumeMounts:
        - name: config
          mountPath: /etc/config
          readOnly: true
        - name: job-config
          mountPath: /etc/job-config
          readOnly: true
        # - name: kubeconfig
        #   mountPath: /etc/kubeconfig
        #   readOnly: true
      volumes:
        # - name: kubeconfig
        #   secret:
        #     defaultMode: 420
        #     secretName: kubeconfig
        - name: config
          configMap:
            name: config
        - name: job-config
          configMap:
            name: job-config
      nodeSelector:
        Archtype: "x86"