Deploy triage-party

[ameukam]

Deploy triage-party for the release team.
This current deployment will only show a dashboard tracking all issues and PRs with the labels:
v1.19
priority/critical-urgent.

The rules added for this deployment came from https://github.com/google/triage-party/blob/v1.1.0/config/examples/kubernetes.yaml.
`

Signed-off-by: Arnaud Meukam [email protected]

[ameukam]

/assign @bartsmykla @spiffxp @justaugustus
cc @kubernetes/release-engineering
cc @LappleApple

/sig release
/area release-eng

[ameukam]

@spiffxp @justaugustus Can you add the token as a secret ?

[spiffxp]

I got the token from @justaugustus, created a kubernetes secret, put that in secretmanager:

kubectl create secret generic triage-party-github-token --from-file token -o=yaml --dry-run \
  | gcloud secrets create --project kubernetes-public triage-party-github-token --replication-policy automatic --data-file -

Gave access to that secret to the same group that has access to this namespace:

gcloud secrets add-iam-policy-binding --project kubernetes-public triage-party-github-token --member group:[email protected] --role roles/secretmanager.admin

You can deploy this to the cluster via:

gcloud secrets versions access latest --project kubernetes-public --secret triage-party-github-token | kubectl apply -n triageparty-release -f -

[ameukam]

@spiffxp Unfortunately, members of this group don't have the privileges to create secrets :

k8s.io/infra/gcp/namespaces/namespace-user-role.yml

Lines 41 to 43 in f297d82

	- apiGroups: [""]
	resources: ["secrets"]
	verbs: ["list"]

.

Can you run the last command for us ?

[spiffxp]

Done. I also opened #988 to suggest that we give members of the group the ability to create/delete read secrets for that namespace. We do that for pretty much all other namespace-scoped resources

[spiffxp]

Can you add a README.md describing what this is and how to deploy it? Similar to https://github.com/kubernetes/k8s.io/blob/master/slack-infra/README.md

[ameukam]

@spiffxp README.md added

[spiffxp]

/approve
/lgtm
enough to iterate from, I will run ensure-static-ips once this merges, but leave deploying the rest of the resources to @ameukam or someone else with appropriate privileges

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ameukam, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [spiffxp]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[spiffxp]

$ ./ensure-static-ips.sh
Ensure address: gcsweb-k8s-io
Ensure address: k8s-io-ingress-canary
Ensure address: k8s-io-ingress-prod
Ensure address: perf-dash-k8s-io-ingress-prod
Ensure address: slack-infra-ingress-prod
Ensure address: node-perf-dash-k8s-io-ingress-prod
Ensure address: triage-party-release-ingress-prod
Created [https://www.googleapis.com/compute/v1/projects/kubernetes-public/global/addresses/triage-party-release-ingress-prod].

[ameukam]

Thank you!

[bartsmykla]

triage-party-release-ingress-prod | 35.186.239.70