deploy prow to k8s-infra-prow cluster

[upodroid]

This is the prow specific piece of #7127

I copied the manifests from https://github.com/kubernetes/test-infra/tree/master/config/prow/cluster and adjusted a few things:

1. I consolidated the prow compoment files in to a single file. so deck-service, deck-rbac and deck-deployment are now just deck.
2. I commented out a few services that we don't use
3. The metrics will be handled separately by using Managed Prometheus and visualising it in Grafana https://github.com/knative/infra/blob/002a2bd25f5b3488c258baeb93b260e34d8956ee/prow/cluster/control-plane/200-monitoring.yaml
4. Prow will be deployed to the prow namespace instead of default. (I need to adjust the EKS IAM roles)
5. The controllers need to be scaled down before this PR is merged.
6. The secrets needs to be loaded into the project and their manifests rewritten

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: upodroid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [upodroid]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[xmudrii]

I think we should have prow-control-plane and prow-build as Argo will be used for build clusters as well eventually. That way we avoid deploying stuff into wrong cluster by accident.

[upodroid]

Each cluster will have its own prow folder to deploy prow specific resources.

[xmudrii]

Okay, I see, then it's all good.

[xmudrii]

Isn't path supposed to be gke-prow?

[upodroid]

{{.name}} is based on the clusterName defined in ArgoCD.

https://github.com/kubernetes/k8s.io/blob/main/kubernetes/gke-utility/argocd/clusters.yaml#L4

[xmudrii]

Two final nits. Can't comment much on the Prow manifests, but given everything is up and running, I'm sure we're fine. :D

[xmudrii]

Random note/blurb: we should look into if there's a better way to handle this. I'm wondering how we would handle it if we had multiple Prow build clusters on AWS.

[upodroid]

We already have multiple AWS clusters. We allow this role arn:aws:iam::468814281478:role/Prow-EKS-Admin to access the cluster

[xmudrii]

Just a nit: would be nice to sort this file A-Z, gateway.yaml and monitoring.yaml are in the wrong place.

[xmudrii]

How do we apply this file? I don't see it being mentioned in kustomization.yaml unless I missed it.

[upodroid]

Check the prow.yaml argo app

[upodroid]

This is ready to be merged

[BenTheElder]

/lgtm
/hold

NOTE: we're going to have reduced availability to fix things for a bit, I am out tomorrow and probably some portion of the next two weeks, Arnaud is out and Dims is out already.

[upodroid]

/hold cancel