Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

infra/gcp: setup k8s-project-triage special-case #2454

Merged
merged 1 commit into from
Aug 3, 2021
Merged

infra/gcp: setup k8s-project-triage special-case #2454

merged 1 commit into from
Aug 3, 2021

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented Aug 3, 2021

Related:

Same steps as were done for k8s-project-metrics:

  • add a gs://k8s-project-triage bucket to kubernetes-public
  • give the google.com triage SA write access to this bucket
  • add a k8s-triage SA
  • give it roles/bigquery.user in k8s-infra-prow-build-trusted and
    kubernetes-public
  • give it write access to gs://k8s-project-triage

While here, I removed the binding removal code for gs://k8s-metrics

@spiffxp
infra/gcp: setup k8s-project-triage special-case
d5fdb32 
Same steps as were done for k8s-project-metrics:
- add a gs://k8s-project-triage bucket to kubernetes-public
- give the google.com triage SA write access to this bucket
- add a k8s-triage SA
- give it roles/bigquery.user in k8s-infra-prow-build-trusted and
  kubernetes-public
- give it write access to gs://k8s-project-triage

While here, I removed the binding removal code for gs://k8s-metrics
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Aug 3, 2021
@k8s-ci-robot k8s-ci-robot requested review from puerco and xmudrii August 3, 2021 20:22
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. approved Indicates a PR has been approved by an approver from all required OWNERS files. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ sig/testing Categorizes an issue or PR as relevant to SIG Testing. wg/k8s-infra labels Aug 3, 2021
@spiffxp spiffxp mentioned this pull request Aug 3, 2021
Closed
6 tasks
@spiffxp
Copy link
Member Author

spiffxp commented Aug 3, 2021

/cc @ameukam @dims

@k8s-ci-robot k8s-ci-robot requested review from ameukam and dims August 3, 2021 20:27
@dims
Copy link
Member

dims commented Aug 3, 2021

/approve
/lgtm
/hold

please feel free to remove hold when ready

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 3, 2021
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 3, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ameukam
Copy link
Member

ameukam commented Aug 3, 2021

/lgtm

@spiffxp
Copy link
Member Author

spiffxp commented Aug 3, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 3, 2021
@k8s-ci-robot k8s-ci-robot merged commit bdeb000 into kubernetes:main Aug 3, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Aug 3, 2021
@spiffxp spiffxp deleted the prep-for-triage-transfer branch August 3, 2021 21:14
@spiffxp
Copy link
Member Author

spiffxp commented Aug 3, 2021 

Ensuring prow special cases for: kubernetes-public
  Special case: ensuring k8s-infra-ci-robot-github-token accessible by k8s-infra-prow-build-trusted
  Special case: ensuring gs://k8s-metrics exists
  Special case: ensuring gs://k8s-project-triage exists
    Creating gs://k8s-project-triage/...
    Enabling Bucket Policy Only for gs://k8s-project-triage...
    @@ -1,3 +1,5 @@
    +- member: allUsers
    +  role: roles/storage.objectViewer
     - member: projectEditor:kubernetes-public
       role: roles/storage.legacyBucketOwner
     - member: projectOwner:kubernetes-public
    Setting lifecycle configuration on gs://k8s-project-triage/...
    @@ -1 +1 @@
    -gs://k8s-project-triage/ has no lifecycle configuration.
    +{"rule": [{"action": {"type": "Delete"}, "condition": {"age": 365}}]}
    @@ -1,5 +1,7 @@
     - member: allUsers
       role: roles/storage.objectViewer
    +- member: group:[email protected]
    +  role: roles/storage.objectAdmin
     - member: projectEditor:kubernetes-public
       role: roles/storage.legacyBucketOwner
     - member: projectOwner:kubernetes-public
    @@ -1,5 +1,7 @@
     - member: allUsers
       role: roles/storage.objectViewer
    +- member: group:[email protected]
    +  role: roles/storage.legacyBucketOwner
     - member: group:[email protected]
       role: roles/storage.objectAdmin
     - member: projectEditor:kubernetes-public
    @@ -4,6 +4,8 @@
       role: roles/storage.legacyBucketOwner
     - member: group:[email protected]
       role: roles/storage.objectAdmin
    +- member: group:[email protected]
    +  role: roles/storage.objectAdmin
     - member: projectEditor:kubernetes-public
       role: roles/storage.legacyBucketOwner
     - member: projectOwner:kubernetes-public
    @@ -4,6 +4,8 @@
       role: roles/storage.legacyBucketOwner
     - member: group:[email protected]
       role: roles/storage.objectAdmin
    +- member: group:[email protected]
    +  role: roles/storage.legacyBucketOwner
     - member: group:[email protected]
       role: roles/storage.objectAdmin
     - member: projectEditor:kubernetes-public
    @@ -14,3 +14,5 @@
       role: roles/storage.legacyBucketOwner
     - member: projectViewer:kubernetes-public
       role: roles/storage.legacyBucketReader
    +- member: serviceAccount:[email protected]
    +  role: roles/storage.objectAdmin
    @@ -14,5 +14,7 @@
       role: roles/storage.legacyBucketOwner
     - member: projectViewer:kubernetes-public
       role: roles/storage.legacyBucketReader
    +- member: serviceAccount:[email protected]
    +  role: roles/storage.legacyBucketWriter
     - member: serviceAccount:[email protected]
       role: roles/storage.objectAdmin
    @@ -14,6 +14,8 @@
       role: roles/storage.legacyBucketOwner
     - member: projectViewer:kubernetes-public
       role: roles/storage.legacyBucketReader
    +- member: serviceAccount:[email protected]
    +  role: roles/storage.objectAdmin
     - member: serviceAccount:[email protected]
       role: roles/storage.legacyBucketWriter
     - member: serviceAccount:[email protected]
    @@ -14,6 +14,8 @@
       role: roles/storage.legacyBucketOwner
     - member: projectViewer:kubernetes-public
       role: roles/storage.legacyBucketReader
    +- member: serviceAccount:[email protected]
    +  role: roles/storage.legacyBucketWriter
     - member: serviceAccount:[email protected]
       role: roles/storage.objectAdmin
     - member: serviceAccount:[email protected]
    Updated IAM policy for project [kubernetes-public].
    @@ -56,6 +56,8 @@
       role: roles/monitoring.viewer
     - member: serviceAccount:[email protected]
       role: roles/bigquery.user
    +- member: serviceAccount:[email protected]
    +  role: roles/bigquery.user
     - member: serviceAccount:kubernetes-external-secrets@kubernetes-public.iam.gserviceaccount.com
       role: roles/secretmanager.secretAccessor
     - member: serviceAccount:[email protected]

@spiffxp spiffxp mentioned this pull request Aug 4, 2021
Merged
@spiffxp spiffxp mentioned this pull request Aug 4, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented Aug 4, 2021

I changed my mind on the name, and am going with gs://k8s-triage, followup is #2461

@spiffxp spiffxp mentioned this pull request Aug 5, 2021
Merged
@ameukam ameukam mentioned this pull request Aug 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@puerco puerco Awaiting requested review from puerco

@xmudrii xmudrii Awaiting requested review from xmudrii

@ameukam ameukam Awaiting requested review from ameukam

@dims dims Awaiting requested review from dims

Assignees

@dims dims

@ameukam ameukam

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.
4 participants
@spiffxp @dims @k8s-ci-robot @ameukam