build sandbox infrastructure for images-layers #3620
Comments
ameukam
added
the
sig/k8s-infra
k8s-ci-robot
added
sig/release
k8s-ci-robot
added
area/artifacts
ameukam
moved this from Backlog
to Implementation TODO
in registry.k8s.io (SIG K8S Infra)
|
cc @sftim |
|
What information can we add to this issue to make it easier for a newcomer to help? |
I think we need to provide more context about what we are trying achieve. I updated the description. But this issue is targeted for individuals with good knowledge of AWS. |
|
To clarify: can we help someone who is confident in AWS, but new to the infrastructure SIG? |
Related to: - kubernetes#3620 Ensure a AWS S3 bucket exists so we can test ip based redirection of archeio. The bucket contains a copy for the images layers served by k8s.gcr.io The bucket: - is world readable - only allow HTTPS connections - only allow HTTP methods GET and HEAD - has versioning enabled Another private bucket is created for access logging. Signed-off-by: Arnaud Meukam <[email protected]>
Related to: - kubernetes#3620 Ensure a AWS S3 bucket exists so we can test ip based redirection of archeio. The bucket contains a copy for the images layers served by k8s.gcr.io The bucket: - is world readable - only allow HTTPS connections - only allow HTTP methods GET and HEAD - has versioning enabled Another private bucket is created for access logging. Signed-off-by: Arnaud Meukam <[email protected]>
Related to: - kubernetes#3620 Ensure a AWS S3 bucket exists so we can test ip based redirection of archeio. The bucket contains a copy for the images layers served by k8s.gcr.io The bucket: - is world readable - only allow HTTPS connections - only allow HTTP methods GET and HEAD - has versioning enabled Another private bucket is created for access logging. Signed-off-by: Arnaud Meukam <[email protected]>
|
/milestone v1.25 |
Is |
The main intent is to provide an environment with some autonomy for the contributors to implement the tooling needed to achieve the goal defined in kubernetes-sigs/promo-tools#533. I'm open to different propositions. |
|
/milestone clear |
|
@ameukam, I believe we've got an account for the buckets for registry.k8s.io; can this issue be closed? |
riaankleinhans
moved this from Implementation TODO
to Breakdown TODO
in registry.k8s.io (SIG K8S Infra)
Yes. The AWS account provided for this issue is still used for /close |
|
@ameukam: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
ameukam
moved this from Audit & Logging Issues / PRs
to Validation Done
in registry.k8s.io (SIG K8S Infra)
Part of:
Context
Build a development environment to explore AWS S3 capabilities in order to achieve goals defined in the design doc
See: https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-(registry.k8s.io)
Implementation
Reuse the account created in cncf/credits#1 as a sandbox environment image layers promotion to AWS.
Required:
[X] Give access to @jaypipes and @kubernetes/release-engineering and associate themAWSS3FullAccesspolicy.Non-Required:
Enable AWS Config (experimental purpose)Enable AWS Cloudtrail (experimental purpose)Enable AWS GuardDuty (experimental purpose)Ensure access logs is enabled for the bucket (experimental purpose)Ensure versioning is enabled (experimental purpose)Ensure a notification is send when a object is deleted (experimental purpose)Update:
This AWS account is for this infrastructure is temporary and will be replaced. In the meantime. The HCL code for it will be in https://github.com/kubernetes/k8s.io/tree/main/infra/aws/terraform.
/assign @ameukam
/sig release
/sig k8s-infra
/kind feature
/area artifacts
/priority important-soon
/milestone v1.24
The text was updated successfully, but these errors were encountered: