apiVersion: apps/v1 kind: Deployment metadata: name: statusreconciler namespace: default labels: app: statusreconciler spec: replicas: 1 selector: matchLabels: app: statusreconciler template: metadata: labels: app: statusreconciler spec: serviceAccountName: statusreconciler terminationGracePeriodSeconds: 180 containers: - name: statusreconciler image: gcr.io/k8s-prow/status-reconciler:v20240805-37a08f946 args: - --dry-run=false - --continue-on-error=true - --plugin-config=/etc/plugins/plugins.yaml - --config-path=/etc/config/config.yaml - --github-token-path=/etc/github/oauth - --github-endpoint=http://ghproxy - --github-endpoint=https://api.github.com - --job-config-path=/etc/job-config - --s3-credentials-file=/etc/s3-credentials/service-account.json - --status-path=s3://falco-prow-logs/status-reconciler-status #S3 location where Status-reconciler stores last known state, i.e. configuration. resources: limits: cpu: 100m memory: 256M requests: cpu: 100m memory: 256M volumeMounts: - name: oauth mountPath: /etc/github readOnly: true - name: config mountPath: /etc/config readOnly: true - name: plugins mountPath: /etc/plugins readOnly: true - name: job-config mountPath: /etc/job-config readOnly: true - name: s3-credentials mountPath: /etc/s3-credentials readOnly: true volumes: - name: oauth secret: secretName: oauth-token - name: config configMap: name: config - name: plugins configMap: name: plugins - name: job-config configMap: name: job-config - name: s3-credentials secret: secretName: s3-credentials nodeSelector: Archtype: "x86" --- apiVersion: v1 kind: ServiceAccount metadata: namespace: default name: "statusreconciler" annotations: eks.amazonaws.com/role-arn: arn:aws:iam::292999226676:role/falco-prow-test-infra-prow_s3_access kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: statusreconciler rules: - apiGroups: - "prow.k8s.io" resources: - prowjobs verbs: - create --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: namespace: default name: statusreconciler roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: statusreconciler subjects: - kind: ServiceAccount name: statusreconciler