--- apiVersion: apps/v1 kind: Deployment metadata: name: tide namespace: default labels: app: tide spec: replicas: 1 # Do not scale up. selector: matchLabels: app: tide template: metadata: labels: app: tide spec: serviceAccountName: tide containers: - name: tide image: us-central1-docker.pkg.dev/gob-prow/prow-images/tide:v20250423-91b28ca9b args: - --config-path=/etc/config/config.yaml - --job-config-path=/etc/job-config - --dry-run=false - --history-uri=gs://oss-prow/tide-history.json - --status-path=gs://oss-prow/tide-status-checkpoint.yaml - --github-endpoint=http://ghproxy - --github-endpoint=https://api.github.com - --github-app-id=$(GITHUB_APP_ID) - --github-app-private-key-path=/etc/github/cert env: - name: GITHUB_APP_ID valueFrom: secretKeyRef: name: ghapp-token key: appid ports: - name: http containerPort: 8888 - name: metrics containerPort: 9090 volumeMounts: - name: config mountPath: /etc/config readOnly: true - name: job-config mountPath: /etc/job-config readOnly: true - name: ghapp-token mountPath: /etc/github readOnly: true volumes: - name: config configMap: name: config - name: job-config configMap: name: job-config - name: ghapp-token secret: secretName: ghapp-token --- apiVersion: v1 kind: Service metadata: labels: app: tide name: tide namespace: default spec: selector: app: tide ports: - name: main port: 80 targetPort: 8888 - name: metrics port: 9090 type: NodePort --- apiVersion: v1 kind: ServiceAccount metadata: name: tide namespace: default annotations: "iam.gke.io/gcp-service-account": "oss-prow@oss-prow.iam.gserviceaccount.com" --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tide namespace: default rules: - apiGroups: - prow.k8s.io resources: - prowjobs verbs: - create - list --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: tide namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: tide subjects: - kind: ServiceAccount name: tide