apiVersion: apps/v1
kind: Deployment
metadata:
  name: statusreconciler
  namespace: default
  labels:
    app: statusreconciler
spec:
  replicas: 1
  selector:
    matchLabels:
      app: statusreconciler
  template:
    metadata:
      labels:
        app: statusreconciler
    spec:
      serviceAccountName: statusreconciler
      terminationGracePeriodSeconds: 180
      containers:
      - name: statusreconciler
        image: gcr.io/k8s-prow/status-reconciler:v20230315-6d54c174f4
        args:
        - --dry-run=false
        - --continue-on-error=true
        - --plugin-config=/etc/plugins/plugins.yaml
        - --config-path=/etc/config/config.yaml
        - --github-token-path=/etc/github/oauth
        - --github-endpoint=http://ghproxy
        - --github-endpoint=https://api.github.com
        - --job-config-path=/etc/job-config
        - --s3-credentials-file=/etc/s3-credentials/service-account.json
        - --status-path=s3://falco-prow-logs/status-reconciler-status #S3 location where Status-reconciler stores last known state, i.e. configuration.
        resources:
          limits:
            cpu: 100m
            memory: 256M
          requests:
            cpu: 100m
            memory: 256M
        volumeMounts:
        - name: oauth
          mountPath: /etc/github
          readOnly: true
        - name: config
          mountPath: /etc/config
          readOnly: true
        - name: plugins
          mountPath: /etc/plugins
          readOnly: true
        - name: job-config
          mountPath: /etc/job-config
          readOnly: true
        - name: s3-credentials
          mountPath: /etc/s3-credentials
          readOnly: true
      volumes:
      - name: oauth
        secret:
          secretName: oauth-token
      - name: config
        configMap:
          name: config
      - name: plugins
        configMap:
          name: plugins
      - name: job-config
        configMap:
          name: job-config
      - name: s3-credentials
        secret:
          secretName: s3-credentials
      nodeSelector:
        Archtype: "x86"
---
apiVersion: v1
kind: ServiceAccount
metadata:
  namespace: default
  name: "statusreconciler"
  annotations:
    eks.amazonaws.com/role-arn: arn:aws:iam::292999226676:role/falco-prow-test-infra-prow_s3_access
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: default
  name: statusreconciler
rules:
  - apiGroups:
      - "prow.k8s.io"
    resources:
      - prowjobs
    verbs:
      - create
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: default
  name: statusreconciler
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: statusreconciler
subjects:
- kind: ServiceAccount
  name: statusreconciler