Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: chai-bot
namespace: ship-status
labels:
app: dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: chai-bot-token
namespace: ship-status
annotations:
kubernetes.io/service-account.name: chai-bot
labels:
app: dashboard
type: kubernetes.io/service-account-token
12 changes: 9 additions & 3 deletions clusters/app.ci/ship-status-dash/dashboard/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -177,9 +177,12 @@ spec:
value: http://127.0.0.1:8080/
- name: SHIP_STATUS_REQUEST_TIMEOUT
value: "10"
# Future write support: mount SA token and set SHIP_STATUS_AUTH_TOKEN_FILE
# to enable writes through the oauth-proxy on :8443.
# See: component-monitor --report-auth-token-file pattern.
- name: SHIP_STATUS_AUTH_TOKEN_FILE
value: /var/run/secrets/chai-bot/token
volumeMounts:
- name: chai-bot-token
mountPath: /var/run/secrets/chai-bot
readOnly: true
Comment thread
coderabbitai[bot] marked this conversation as resolved.
resources:
requests:
memory: "64Mi"
Expand Down Expand Up @@ -211,3 +214,6 @@ spec:
items:
- key: hmac
path: hmac
- name: chai-bot-token
secret:
secretName: chai-bot-token
26 changes: 26 additions & 0 deletions clusters/app.ci/ship-status-dash/dashboard/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,29 @@ subjects:
- kind: ServiceAccount
name: ship-status
namespace: ship-status
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ship-status-chai-bot
labels:
app: dashboard
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ship-status-chai-bot
labels:
app: dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ship-status-chai-bot
subjects:
- kind: ServiceAccount
name: chai-bot
namespace: ship-status
5 changes: 5 additions & 0 deletions core-services/ship-status/dashboard-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,7 @@ components:
owners:
- rover_group: "test-platform-ci-admins"
- service_account: "system:serviceaccount:ship-status:component-monitor"
- service_account: "system:serviceaccount:ship-status:chai-bot"
- name: "Boskos"
description: "Dynamic resource manager for cloud-account quotas"
ship_team: "DPTP"
Expand Down Expand Up @@ -260,6 +261,7 @@ components:
owners:
- rover_group: "test-platform-ci-admins"
- service_account: "system:serviceaccount:ship-status:component-monitor"
- service_account: "system:serviceaccount:ship-status:chai-bot"
- name: "Downstream CI"
description: "Downstream CI tools maintained by Test Platform"
ship_team: "DPTP"
Expand Down Expand Up @@ -289,6 +291,7 @@ components:
owners:
- rover_group: "test-platform-ci-admins"
- service_account: "system:serviceaccount:ship-status:component-monitor"
- service_account: "system:serviceaccount:ship-status:chai-bot"
- name: "Sippy"
description: "CI Private Investigator"
ship_team: "TRT"
Expand Down Expand Up @@ -334,6 +337,7 @@ components:
owners:
- rover_group: "openshift-technical-release-team"
- service_account: "system:serviceaccount:ship-status:dpcr-component-monitor"
- service_account: "system:serviceaccount:ship-status:chai-bot"
- name: "Build Farm"
description: "OpenShift CI build clusters that run all CI jobs"
ship_team: "DPTP"
Expand Down Expand Up @@ -424,6 +428,7 @@ components:
owners:
- rover_group: "test-platform-ci-admins"
- service_account: "system:serviceaccount:ship-status:component-monitor"
- service_account: "system:serviceaccount:ship-status:chai-bot"

tags:
- name: "ci-frontend"
Expand Down