Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a script to recreate the "main" GCP project #266

Merged
merged 1 commit into from
Jun 25, 2019
Merged

Add a script to recreate the "main" GCP project #266

merged 1 commit into from
Jun 25, 2019

Conversation

thockin
Copy link
Member

@thockin thockin commented May 10, 2019

This covers everything but DNS, which I will do separately.

When we have clusters, some of this might move out to a clusters script.

All these scripts need a new dir, rather than GCR :)

@thockin thockin added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 10, 2019
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 10, 2019
@thockin
Copy link
Member Author

thockin commented May 10, 2019

HOLD until we are really confident in this.

@k8s-ci-robot k8s-ci-robot requested review from cblecker and nikhita May 10, 2019 17:10
@thockin
Copy link
Member Author

thockin commented May 10, 2019

I have run this and created kubernetes-public-thockin1 which seems to parallel kubernetes-public for everything I have looked at

@thockin thockin force-pushed the script-main-project branch from 2783b56 to 3173403 Compare May 10, 2019 17:13
justinsb
justinsb reviewed May 10, 2019
View reviewed changes
Copy link
Member

@justinsb justinsb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good - two suggestions but nothing important.

k8s.gcr.io/ensure-main-project.sh Outdated
--member "group:${CLUSTER_ADMINS_GROUP}" \
--role roles/container.admin
if ! gcloud --project "${PROJECT}" iam roles describe ServiceAccountLister >/dev/null 2>&1; then
# Don't use `yes` here, it causes SIGPIPE -> pipefail -> errexit
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does --quiet work?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it does! TIL

k8s.gcr.io/ensure-main-project.sh
__EOF__

FINAL=$(tempfile -p k8s-infra-bq-access-new)
jq -s '.[0].access + .[1].access | { access: . }' "${CUR}" "${ENSURE}" > "${FINAL}"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A comment would be great here to explain what is happening! We're merging the existing and new permissions? (And meta: any reason not just to set the permissions explicitly so we do delete any unwanted permissions?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

comment added

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thockin I don't see the comment. forgot to push?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Weird, I swear I wrote a comment. Added now.

@justinsb
Copy link
Member

justinsb commented May 10, 2019
edited
Loading

I think this looks right. With DNS excluded, the risk is primarily for the k8s cluster(s) we are running? (I am assuming there's nothing that important in gcr or gcs yet)?

Are you planning on actually deleting the project and recreating it?

/lgtm

(edit: s/gce/gcs/g)

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 10, 2019
@thockin thockin force-pushed the script-main-project branch from 3173403 to 2b35e63 Compare May 10, 2019 17:50
@k8s-ci-robot
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 10, 2019
@thockin
Copy link
Member Author

thockin commented May 10, 2019

new push is up

I do not plan to nuke the project, just trying to make sure everything we rely on is recreatable and explainable.

@thockin thockin force-pushed the script-main-project branch from 2b35e63 to cc69728 Compare May 10, 2019 17:52
@thockin thockin removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 10, 2019
@thockin
Copy link
Member Author

thockin commented Jun 10, 2019

Removed the hold. PTAL. I have a followup to move this all to a new home and do some cleanups.

@thockin thockin mentioned this pull request Jun 11, 2019
Merged
@spiffxp spiffxp mentioned this pull request Jun 12, 2019
Closed
@thockin thockin force-pushed the script-main-project branch from cc69728 to ae00197 Compare June 13, 2019 03:38
@thockin
Copy link
Member Author

thockin commented Jun 14, 2019

ping

@dims
Copy link
Member

dims commented Jun 15, 2019

LGTM, still missing a comment requested by @justinsb

@dims
Copy link
Member

dims commented Jun 15, 2019

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 15, 2019
@thockin
Add a script to recreate the "main" GCP project
b0e139a 
This covers everything but DNS, which I will do separately.

When we have clusters, some of this might move out to a clusters script.

All these scripts need a new dir, rather than GCR :)
@thockin thockin force-pushed the script-main-project branch from ae00197 to b0e139a Compare June 25, 2019 05:17
@thockin thockin added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 25, 2019
@k8s-ci-robot k8s-ci-robot merged commit c2a9b93 into kubernetes:master Jun 25, 2019
@thockin thockin deleted the script-main-project branch November 1, 2019 18:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justinsb justinsb justinsb left review comments

@dims dims dims left review comments

@cblecker cblecker Awaiting requested review from cblecker

@nikhita nikhita Awaiting requested review from nikhita

Assignees

@dims dims

@justinsb justinsb

@cblecker cblecker

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@thockin @justinsb @k8s-ci-robot @dims @cblecker