--- kind: ServiceAccount apiVersion: v1 metadata: namespace: default name: "sinker" --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: "sinker" rules: - apiGroups: - "prow.k8s.io" resources: - prowjobs verbs: - delete - list - watch - get - apiGroups: - coordination.k8s.io resources: - leases resourceNames: - prow-sinker-leaderlock verbs: - get - update - apiGroups: - coordination.k8s.io resources: - leases verbs: - create - apiGroups: - "" resources: - configmaps resourceNames: - prow-sinker-leaderlock verbs: - get - update - apiGroups: - "" resources: - configmaps - events verbs: - create --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: test-pods name: "sinker" rules: - apiGroups: - "" resources: - pods verbs: - delete - list - watch - get - patch --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: "sinker" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: "sinker" subjects: - kind: ServiceAccount name: "sinker" --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: test-pods name: "sinker" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: "sinker" subjects: - kind: ServiceAccount name: "sinker" namespace: default --- apiVersion: apps/v1 kind: Deployment metadata: namespace: default name: sinker labels: app: sinker spec: replicas: 1 selector: matchLabels: app: sinker template: metadata: labels: app: sinker spec: serviceAccountName: "sinker" containers: - name: sinker image: gcr.io/k8s-prow/sinker:v20230315-6d54c174f4 args: - --config-path=/etc/config/config.yaml - --job-config-path=/etc/job-config # - --kubeconfig=/etc/kubeconfig/config - --dry-run=false ports: - name: metrics containerPort: 9090 resources: limits: cpu: 100m memory: 256M requests: cpu: 100m memory: 256M volumeMounts: - name: config mountPath: /etc/config readOnly: true - name: job-config mountPath: /etc/job-config readOnly: true # - name: kubeconfig # mountPath: /etc/kubeconfig # readOnly: true volumes: # - name: kubeconfig # secret: # defaultMode: 420 # secretName: kubeconfig - name: config configMap: name: config - name: job-config configMap: name: job-config nodeSelector: Archtype: "x86"