Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setup postsubmit deploy job(s) for apps running under aaa #2151

Closed
spiffxp opened this issue Jun 7, 2021 · 13 comments
Closed

Setup postsubmit deploy job(s) for apps running under aaa #2151

spiffxp opened this issue Jun 7, 2021 · 13 comments
Assignees
@spiffxp
Labels
area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Milestone
v1.22

Comments

@spiffxp
Copy link
Member

spiffxp commented Jun 7, 2021

Allow k8s-infra-prow-build-trusted to automatically deploy apps to aaa

Preferably using a service-account per app that grants it the same privileges that humans would have? I would rather avoid giving k8s-infra-prow-build-trusted cluster-admin access to aaa

If we're comfortable doing this in a pinch, we can consider it

/wg k8s-infra
/kind feature
/area access
/area prow
/area cluster-infra
/priority important-longterm
@k8s-ci-robot k8s-ci-robot added wg/k8s-infra kind/feature Categorizes issue or PR as related to a new feature. area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/infra Infrastructure management, infrastructure design, code in infra/ priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Jun 7, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Jun 7, 2021

ref: #988 where I tried to grant per-namespace access to secrets, need to unpack whether this is feasible or we're still concerned about exfiltration of cert secrets

@ameukam
Copy link
Member

ameukam commented Jun 24, 2021

Related to #2150.

@spiffxp
Copy link
Member Author

spiffxp commented Jul 16, 2021

/milestone v1.23
There's a chance I may implement this before close of v1.22 but let's plan on v1.23

@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Jul 16, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Jul 21, 2021

/assign

@spiffxp spiffxp mentioned this issue Jul 21, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Jul 21, 2021

Opened kubernetes/test-infra#22970

This was referenced Jul 21, 2021
Merged
Closed
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Jul 27, 2021

Opened kubernetes/test-infra#23040 to have the postsubmits report to #k8s-infra-alerts in slack

@spiffxp spiffxp mentioned this issue Jul 30, 2021
Closed
@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021

I've been holding this open to see successful deploys of all the apps

#2425 touches quite a few, so if all the resulting jobs are successful I'll call this done

@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021

Promising...
Screen Shot 2021-07-30 at 7 23 10 AM

@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021
edited
Loading

One mildly annoying thing I guess, I scanned right past the "failure" text the first time. Making the template auto-bold or capitalize that might help? Or notify vs. just a regular message?

Fixed slack-infra's deploy:

Apps that have yet to be exercised:

@spiffxp spiffxp mentioned this issue Jul 30, 2021
Open
@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021

#2431 - PR to bump kubernetes-external-secrets

@spiffxp spiffxp mentioned this issue Jul 30, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021

/close
kubernetes-external-secrets fails to deploy automatically right now due to #2218

I'm going to call this done and followup on kubernetes-external secrets in that issue

@k8s-ci-robot
Copy link
Contributor

@spiffxp: Closing this issue.

In response to this:

/close
kubernetes-external-secrets fails to deploy automatically right now due to #2218

I'm going to call this done and followup on kubernetes-external secrets in that issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@spiffxp
Copy link
Member Author

spiffxp commented Jul 30, 2021

/milestone v1.22

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.23, v1.22 Jul 30, 2021
@spiffxp spiffxp mentioned this issue Jul 30, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spiffxp spiffxp

Labels
area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters kind/feature Categorizes issue or PR as related to a new feature. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete.
Projects
None yet
Milestone
v1.22
Development

No branches or pull requests
3 participants
@spiffxp @ameukam @k8s-ci-robot