Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

infra: add k8s-infra-sandbox-capg project #2908

Merged
merged 3 commits into from
Oct 8, 2021

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented Oct 8, 2021

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra Infrastructure management, infrastructure design, code in infra/ area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Oct 8, 2021
@k8s-ci-robot k8s-ci-robot requested a review from thockin October 8, 2021 21:21
after enabling container.googleapis.com, this is everything that was
actually enabled
@spiffxp spiffxp changed the title [wip] infra: add k8s-infra-sandbox-capg project infra: add k8s-infra-sandbox-capg project Oct 8, 2021
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 8, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Oct 8, 2021

Created the project with terraform apply

Set a budget on the project via click-ops:

Screen Shot 2021-10-08 at 2 37 13 PM

terraform apply doesn't seem to mind, so I've dropped the WIP label

I'd like to try and keep this terraform module scoped such that the people using the project could run terraform to affect changes on it. I'm assuming so long as nobody touches the billing account info on the project, terraform won't try to use a permission we're not going to grant to these folks. e.g. one of the required permissions to update a project's billing info (billing.resourceAssociations.create) is missing from this list:

$ gcloud iam roles describe roles/owner | grep '[Bb]illing'
- billing.resourceCosts.get
- cloudasset.assets.exportCloudbillingBillingAccounts
- firebase.billingPlans.get
- firebase.billingPlans.update
- resourcemanager.projects.createBillingAssignment
- resourcemanager.projects.deleteBillingAssignment

Managing the budget via terraform (or some other client library, looks like gcloud doesn't have it) can be done as a follow up (which I am noodling on now, but unlikely to finish by end of day)

We'll first got notified when 20% of the budget has been spent

@spiffxp
Copy link
Member Author

spiffxp commented Oct 8, 2021

/cc @dims @ameukam

@k8s-ci-robot k8s-ci-robot requested review from ameukam and dims October 8, 2021 22:07
@dims
Copy link
Member

dims commented Oct 8, 2021

thanks @spiffxp

/approve
/lgtm

/hold please feel free to remove hold when ready

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 8, 2021
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 8, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dims, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@spiffxp
Copy link
Member Author

spiffxp commented Oct 8, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 8, 2021
@k8s-ci-robot k8s-ci-robot merged commit 2863059 into kubernetes:main Oct 8, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Oct 8, 2021
@spiffxp spiffxp deleted the k8s-infra-sandbox-capg branch October 19, 2021 17:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/bash Bash scripts, testing them, writing less of them, code in infra/gcp/ area/infra Infrastructure management, infrastructure design, code in infra/ area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants