-
Notifications
You must be signed in to change notification settings - Fork 176
/
Copy path.base.yaml
188 lines (179 loc) · 5.19 KB
/
.base.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
autogen_header: "# THIS FILE IS AUTOGENERATED. See prow/config/README.md"
path_aliases:
istio: istio.io
node_selector:
testing: test-pool
auto_max_procs: true
cluster_overrides:
arm64: prow-arm
env:
- name: BUILD_WITH_CONTAINER
value: "0"
testgrid_config:
enabled: true
alert_email: [email protected]
num_failures_to_alert: "1"
resources_presets:
default:
limits:
cpu: 3000m
memory: 24Gi
requests:
cpu: 1000m
memory: 3Gi
requirements: [cache]
requirement_presets:
kind:
volumeMounts:
- mountPath: /lib/modules
name: modules
readOnly: true
- mountPath: /sys/fs/cgroup
name: cgroup
readOnly: true
- mountPath: /var/lib/docker
name: docker-root
volumes:
- hostPath:
path: /lib/modules
type: Directory
name: modules
- hostPath:
path: /sys/fs/cgroup
type: Directory
name: cgroup
- emptyDir: {}
name: docker-root
docker:
volumeMounts:
- mountPath: /var/lib/docker
name: docker-root
volumes:
- emptyDir: {}
name: docker-root
cache:
volumeMounts:
- mountPath: /home/prow/go/pkg
name: build-cache
subPath: gomod
volumes:
- hostPath:
path: /var/tmp/prow/cache
type: DirectoryOrCreate
name: build-cache
gocache:
volumeMounts:
- mountPath: /gocache
name: build-cache
subPath: gocache
volumes:
- hostPath:
path: /var/tmp/prow/cache
type: DirectoryOrCreate
name: build-cache
cratescache:
# Rust quite expensive to compile and benefits from faster CPUs.
# Additionally, its jobs are not super common, minimizing cache sharing when spread across all nodes.
# Prefer the "C3" nodes, which are faster. Since that cuts down the number of nodes we prefer, it results in better caching too.
podSpec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: cloud.google.com/machine-family
operator: In
values: [c3]
volumeMounts:
- mountPath: /home/.cargo
name: build-cache
subPath: cargo
volumes:
- hostPath:
path: /var/tmp/prow/cache
type: DirectoryOrCreate
name: build-cache
rustccache:
env:
- name: RUST_CACHE_DIR
value: /var/run/rustc-cache
volumeMounts:
- mountPath: /var/run/rustc-cache
name: build-cache # Depends on 'cratescache' to define the volume
subPath: rustc
# Access to istio-testing GitHub, with `admin:org`.
# Highly privileged, should only be used from istio/community.
# TODO: move to GCP Secrets
github-organization:
volumeMounts:
- mountPath: /etc/github-token
name: github
readOnly: true
volumes:
- name: github
secret:
secretName: oauth-token
# Access to anonymous readonly GitHub.
github-readonly:
podSpec:
serviceAccountName: prowjob-github-read
secrets:
- secret: github-read_github_read
project: istio-prow-build
env: GH_TOKEN
# Access to push GitHub from 'istio-testing' account.
github-istio-testing:
podSpec:
serviceAccountName: prowjob-github-istio-testing
secrets:
- secret: github_istio-testing_pusher
project: istio-prow-build
env: GH_TOKEN
# build-base has access to push to dockerhub and to push as istio-testing github. Only for use with base image building
build-base:
env:
- name: DOCKER_CONFIG
value: /var/run/ci/docker
podSpec:
serviceAccountName: prowjob-release
secrets:
- secret: release_docker_istio
project: istio-prow-build
file: /var/run/ci/docker/config.json
- secret: github_istio-testing_pusher # Note: This is NOT "release_github_istio-release", which is why this is separate from 'releae'
project: istio-prow-build
env: GH_TOKEN
# release is used for release jobs. This is the most privileged type of job.
release:
# For publish, we also need Grafana token, DockerHub token, and GitHub login
podSpec:
serviceAccountName: prowjob-release
env:
- name: COSIGN_KEY
value: "gcpkms://projects/istio-prow-build/locations/global/keyRings/istio-cosign-keyring/cryptoKeys/istio-cosign-key/versions/1"
- name: DOCKER_CONFIG
value: /var/run/ci/docker
- name: GRAFANA_TOKEN_FILE
value: /var/run/ci/grafana/token
- name: GITHUB_TOKEN_FILE
value: /var/run/ci/github/token
secrets:
- secret: release_docker_istio
project: istio-prow-build
file: /var/run/ci/docker/config.json
- secret: release_github_istio-release
project: istio-prow-build
file: /var/run/ci/github/token
- secret: release_grafana_istio
project: istio-prow-build
file: /var/run/ci/grafana/token
# If enabled, jobs will report traces to GCP Cloud Trace
tracing:
env:
- name: OTEL_EXPORTER_OTLP_PROTOCOL
value: grpc
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: http://collector.opentelemetry:4317
- name: OTEL_EXPORTER_OTLP_INSECURE
value: "true"