Deploy Artifact Registry to Production Project

[upodroid]

Part of #1343
Part of #3961 Deferred as it is alot of work for minimal gain right now.

/cc @puerco

[ameukam]

@upodroid can we not touch the prod storage for the moment ? It was suggested by GCR team(I can't find the moment) we should use regional registries instead of multi-regional registries.

[ameukam]

/approve

Leaving the lgtm @kubernetes/release-engineering
(we'll now promote the images to more than 10 regions)

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ameukam, upodroid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• infra/gcp/OWNERS [ameukam]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ameukam]

@upodroid can we start with the locations of Cloud Run subject to Tier 1 pricing https://cloud.google.com/run/docs/locations ?

[upodroid]

Added all Tier 1 regions.

Will bring this up at next week's sig-release meeting

[puerco]

Looks good to me, as discussed at the SIG Release meeting we will start processing time to the new registries using the new AR locations to ensure the promoter can handle the extra locations in time.

Thanks @upodroid !
/lgtm

[ameukam]

Enabled the AR service. It may take a few minutes to enable it.

Failed to list repositories for the following locations: asia-east1. If you recently enabled the Artifact Registry API, the enablement status might not have propagated to these locations. Please try again later.

[ameukam]

Issue with role naming.

  Ensuring the AR repositories: k8s-artifacts-prod 
    Ensuring prod AR registry for locations: asia-east1 asia-south1 asia-northeast1 asia-northeast2 australia-southeast1 europe-north1 europe-southeast1 europe-west1 europe-west2 europe-west4 europe-west8 europe-west9 southamerica-west1 us-central1 us-east1 us-east4 us-east5 us-south1 us-west1 us-west2 
      region: asia-east1 
      Ensuring an AR repo exists in location: asia-east1 for project: k8s-artifacts-prod 
      ERROR: Policy modification failed. For a binding with condition, run "gcloud alpha iam policies lint-condition" to identify issues in condition.
      ERROR: (gcloud.artifacts.repositories.add-iam-policy-binding) INVALID_ARGUMENT: The role name must be in the form "roles/{role}", "organizations/{organization_id}/roles/{role}", or "projects/{project_id}/roles/{role}".

I'll open a PR with the fix.

[ameukam]

Deployment is done:

gcloud artifacts repositories list --project k8s-artifacts-prod
Listing items under project k8s-artifacts-prod, across all locations.

                                                                     ARTIFACT_REGISTRY
REPOSITORY  FORMAT  MODE                 DESCRIPTION  LOCATION              LABELS  ENCRYPTION          CREATE_TIME          UPDATE_TIME          SIZE (MB)
images      DOCKER  STANDARD_REPOSITORY               asia-east1                    Google-managed key  2022-08-10T18:51:54  2022-08-10T18:51:54  0
images      DOCKER  STANDARD_REPOSITORY               asia-northeast1               Google-managed key  2022-08-10T19:06:49  2022-08-10T19:06:49  0
images      DOCKER  STANDARD_REPOSITORY               asia-northeast2               Google-managed key  2022-08-10T19:07:22  2022-08-10T19:07:22  0
images      DOCKER  STANDARD_REPOSITORY               asia-south1                   Google-managed key  2022-08-10T19:06:10  2022-08-10T19:06:10  0
images      DOCKER  STANDARD_REPOSITORY               australia-southeast1          Google-managed key  2022-08-10T19:07:56  2022-08-10T19:07:56  0
images      DOCKER  STANDARD_REPOSITORY               europe-north1                 Google-managed key  2022-08-10T19:08:29  2022-08-10T19:08:29  0
images      DOCKER  STANDARD_REPOSITORY               europe-southwest1             Google-managed key  2022-08-10T19:16:48  2022-08-10T19:16:48  0
images      DOCKER  STANDARD_REPOSITORY               europe-west1                  Google-managed key  2022-08-10T19:17:10  2022-08-10T19:17:10  0
images      DOCKER  STANDARD_REPOSITORY               europe-west2                  Google-managed key  2022-08-10T19:17:30  2022-08-10T19:17:30  0
images      DOCKER  STANDARD_REPOSITORY               europe-west4                  Google-managed key  2022-08-10T19:17:49  2022-08-10T19:17:49  0
images      DOCKER  STANDARD_REPOSITORY               europe-west8                  Google-managed key  2022-08-10T19:18:10  2022-08-10T19:18:10  0
images      DOCKER  STANDARD_REPOSITORY               europe-west9                  Google-managed key  2022-08-10T19:18:31  2022-08-10T19:18:31  0
images      DOCKER  STANDARD_REPOSITORY               southamerica-west1            Google-managed key  2022-08-10T19:18:54  2022-08-10T19:18:54  0
images      DOCKER  STANDARD_REPOSITORY               us-central1                   Google-managed key  2022-08-10T19:19:20  2022-08-10T19:19:20  0
images      DOCKER  STANDARD_REPOSITORY               us-east1                      Google-managed key  2022-08-10T19:19:43  2022-08-10T19:19:43  0
images      DOCKER  STANDARD_REPOSITORY               us-east4                      Google-managed key  2022-08-10T19:20:05  2022-08-10T19:20:05  0
images      DOCKER  STANDARD_REPOSITORY               us-east5                      Google-managed key  2022-08-10T19:20:26  2022-08-10T19:20:26  0
images      DOCKER  STANDARD_REPOSITORY               us-south1                     Google-managed key  2022-08-10T19:20:47  2022-08-10T19:20:47  0
images      DOCKER  STANDARD_REPOSITORY               us-west1                      Google-managed key  2022-08-10T19:21:11  2022-08-10T19:21:11  0
images      DOCKER  STANDARD_REPOSITORY               us-west2                      Google-managed key  2022-08-10T19:21:37  2022-08-10T19:21:37  0