diff --git a/audit/projects/k8s-artifacts-prod/services/logging/logs.json b/audit/projects/k8s-artifacts-prod/services/logging/logs.json index 66786c12076..d06def36666 100644 --- a/audit/projects/k8s-artifacts-prod/services/logging/logs.json +++ b/audit/projects/k8s-artifacts-prod/services/logging/logs.json @@ -1,7 +1,5 @@ [ "projects/k8s-artifacts-prod/logs/cip-audit-log", - "projects/k8s-artifacts-prod/logs/cloudaudit.googleapis.com%2Factivity", - "projects/k8s-artifacts-prod/logs/cloudaudit.googleapis.com%2Fsystem_event", "projects/k8s-artifacts-prod/logs/requests", "projects/k8s-artifacts-prod/logs/run.googleapis.com%2Frequests", "projects/k8s-artifacts-prod/logs/run.googleapis.com%2Fstderr" diff --git a/audit/projects/k8s-cip-test-prod/services/logging/logs.json b/audit/projects/k8s-cip-test-prod/services/logging/logs.json index a20d3d66efc..fe51488c706 100644 --- a/audit/projects/k8s-cip-test-prod/services/logging/logs.json +++ b/audit/projects/k8s-cip-test-prod/services/logging/logs.json @@ -1,4 +1 @@ -[ - "projects/k8s-cip-test-prod/logs/cloudaudit.googleapis.com%2Factivity", - "projects/k8s-cip-test-prod/logs/cloudaudit.googleapis.com%2Fsystem_event" -] +[] diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-asia/iam.json b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/iam.json index 2be7d4b581a..e03c476041e 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-dev-asia/iam.json +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/iam.json @@ -3,6 +3,7 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "projectEditor:k8s-release", "projectOwner:k8s-release" ], @@ -18,6 +19,7 @@ "members": [ "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], "role": "roles/storage.legacyBucketWriter" @@ -25,8 +27,10 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], "role": "roles/storage.objectAdmin" diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-asia/lifecycle.json b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/lifecycle.json new file mode 100644 index 00000000000..d0bb77ab2f4 --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/lifecycle.json @@ -0,0 +1 @@ +{"rule": [{"action": {"type": "Delete"}, "condition": {"age": 90}}]} diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-asia/logging.json b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/logging.json new file mode 100644 index 00000000000..c0b31c4f02f --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/logging.json @@ -0,0 +1 @@ +{"logBucket": "k8s-infra-artifacts-gcslogs", "logObjectPrefix": "k8s-release-dev-asia"} diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-asia/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/metadata.txt index 4af13ae581b..a494e032e62 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-dev-asia/metadata.txt +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-asia/metadata.txt @@ -3,16 +3,16 @@ gs://k8s-release-dev-asia/ : Location type: multi-region Location constraint: US Versioning enabled: None - Logging configuration: None + Logging configuration: Present Website configuration: None CORS configuration: None - Lifecycle configuration: None + Lifecycle configuration: Present Requester Pays enabled: None Labels: None Default KMS key: None Time created: Mon, 31 Aug 2020 23:11:19 GMT - Time updated: Mon, 31 Aug 2020 23:11:44 GMT - Metageneration: 11 + Time updated: Thu, 15 Jul 2021 22:40:22 GMT + Metageneration: 18 Bucket Policy Only enabled: True ACL: [] Default ACL: [] diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-eu/iam.json b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/iam.json index 2be7d4b581a..e03c476041e 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-dev-eu/iam.json +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/iam.json @@ -3,6 +3,7 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "projectEditor:k8s-release", "projectOwner:k8s-release" ], @@ -18,6 +19,7 @@ "members": [ "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], "role": "roles/storage.legacyBucketWriter" @@ -25,8 +27,10 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], "role": "roles/storage.objectAdmin" diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-eu/lifecycle.json b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/lifecycle.json new file mode 100644 index 00000000000..d0bb77ab2f4 --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/lifecycle.json @@ -0,0 +1 @@ +{"rule": [{"action": {"type": "Delete"}, "condition": {"age": 90}}]} diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-eu/logging.json b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/logging.json new file mode 100644 index 00000000000..8ebd0bc51b2 --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/logging.json @@ -0,0 +1 @@ +{"logBucket": "k8s-infra-artifacts-gcslogs", "logObjectPrefix": "k8s-release-dev-eu"} diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev-eu/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/metadata.txt index 4422814ea8c..19efe251574 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-dev-eu/metadata.txt +++ b/audit/projects/k8s-release/buckets/k8s-release-dev-eu/metadata.txt @@ -3,16 +3,16 @@ gs://k8s-release-dev-eu/ : Location type: multi-region Location constraint: US Versioning enabled: None - Logging configuration: None + Logging configuration: Present Website configuration: None CORS configuration: None - Lifecycle configuration: None + Lifecycle configuration: Present Requester Pays enabled: None Labels: None Default KMS key: None Time created: Mon, 31 Aug 2020 23:11:48 GMT - Time updated: Mon, 31 Aug 2020 23:12:12 GMT - Metageneration: 11 + Time updated: Thu, 15 Jul 2021 22:40:55 GMT + Metageneration: 18 Bucket Policy Only enabled: True ACL: [] Default ACL: [] diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev/iam.json b/audit/projects/k8s-release/buckets/k8s-release-dev/iam.json index 2be7d4b581a..e03c476041e 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-dev/iam.json +++ b/audit/projects/k8s-release/buckets/k8s-release-dev/iam.json @@ -3,6 +3,7 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "projectEditor:k8s-release", "projectOwner:k8s-release" ], @@ -18,6 +19,7 @@ "members": [ "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], "role": "roles/storage.legacyBucketWriter" @@ -25,8 +27,10 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], "role": "roles/storage.objectAdmin" diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev/logging.json b/audit/projects/k8s-release/buckets/k8s-release-dev/logging.json new file mode 100644 index 00000000000..36b4427d773 --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-dev/logging.json @@ -0,0 +1 @@ +{"logBucket": "k8s-infra-artifacts-gcslogs", "logObjectPrefix": "k8s-release-dev"} diff --git a/audit/projects/k8s-release/buckets/k8s-release-dev/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release-dev/metadata.txt index 5822f568311..46c122e9087 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-dev/metadata.txt +++ b/audit/projects/k8s-release/buckets/k8s-release-dev/metadata.txt @@ -3,7 +3,7 @@ gs://k8s-release-dev/ : Location type: multi-region Location constraint: US Versioning enabled: None - Logging configuration: None + Logging configuration: Present Website configuration: None CORS configuration: None Lifecycle configuration: Present @@ -11,8 +11,8 @@ gs://k8s-release-dev/ : Labels: None Default KMS key: None Time created: Tue, 04 Aug 2020 20:14:09 GMT - Time updated: Mon, 31 Aug 2020 23:12:43 GMT - Metageneration: 14 + Time updated: Thu, 15 Jul 2021 22:39:48 GMT + Metageneration: 20 Bucket Policy Only enabled: True ACL: [] Default ACL: [] diff --git a/audit/projects/k8s-release/buckets/k8s-release-pull/iam.json b/audit/projects/k8s-release/buckets/k8s-release-pull/iam.json index 27e77b9aff1..f51a0430534 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-pull/iam.json +++ b/audit/projects/k8s-release/buckets/k8s-release-pull/iam.json @@ -3,6 +3,7 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "projectEditor:k8s-release", "projectOwner:k8s-release" ], @@ -19,6 +20,7 @@ "members": [ "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], "role": "roles/storage.legacyBucketWriter" @@ -26,8 +28,10 @@ { "members": [ "group:k8s-infra-artifact-admins@kubernetes.io", + "group:k8s-infra-prow-oncall@kubernetes.io", "group:k8s-infra-release-admins@kubernetes.io", "group:k8s-infra-release-editors@kubernetes.io", + "serviceAccount:pr-kubekins@kubernetes-jenkins-pull.iam.gserviceaccount.com", "serviceAccount:project-304687256732@storage-transfer-service.iam.gserviceaccount.com", "serviceAccount:prow-build@k8s-infra-prow-build.iam.gserviceaccount.com" ], diff --git a/audit/projects/k8s-release/buckets/k8s-release-pull/logging.json b/audit/projects/k8s-release/buckets/k8s-release-pull/logging.json new file mode 100644 index 00000000000..de088ca99fd --- /dev/null +++ b/audit/projects/k8s-release/buckets/k8s-release-pull/logging.json @@ -0,0 +1 @@ +{"logBucket": "k8s-infra-artifacts-gcslogs", "logObjectPrefix": "k8s-release-pull"} diff --git a/audit/projects/k8s-release/buckets/k8s-release-pull/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release-pull/metadata.txt index 93ded9a58ca..f054a541ee6 100644 --- a/audit/projects/k8s-release/buckets/k8s-release-pull/metadata.txt +++ b/audit/projects/k8s-release/buckets/k8s-release-pull/metadata.txt @@ -3,7 +3,7 @@ gs://k8s-release-pull/ : Location type: multi-region Location constraint: US Versioning enabled: None - Logging configuration: None + Logging configuration: Present Website configuration: None CORS configuration: None Lifecycle configuration: Present @@ -11,8 +11,8 @@ gs://k8s-release-pull/ : Labels: None Default KMS key: None Time created: Tue, 04 Aug 2020 20:14:16 GMT - Time updated: Fri, 08 Jan 2021 21:10:11 GMT - Metageneration: 15 + Time updated: Thu, 15 Jul 2021 22:41:28 GMT + Metageneration: 21 Bucket Policy Only enabled: True ACL: [] Default ACL: [] diff --git a/audit/projects/k8s-release/buckets/k8s-release/metadata.txt b/audit/projects/k8s-release/buckets/k8s-release/metadata.txt index 9e900145e66..9316665b095 100644 --- a/audit/projects/k8s-release/buckets/k8s-release/metadata.txt +++ b/audit/projects/k8s-release/buckets/k8s-release/metadata.txt @@ -11,8 +11,8 @@ gs://k8s-release/ : Labels: None Default KMS key: None Time created: Fri, 07 Aug 2020 20:50:17 GMT - Time updated: Fri, 07 Aug 2020 20:50:37 GMT - Metageneration: 9 + Time updated: Thu, 15 Jul 2021 23:25:55 GMT + Metageneration: 12 Bucket Policy Only enabled: True ACL: [] Default ACL: [] diff --git a/audit/projects/k8s-release/iam.json b/audit/projects/k8s-release/iam.json index a5017c1e7b5..39310415568 100644 --- a/audit/projects/k8s-release/iam.json +++ b/audit/projects/k8s-release/iam.json @@ -38,6 +38,12 @@ ], "role": "roles/containeranalysis.ServiceAgent" }, + { + "members": [ + "serviceAccount:service-304687256732@containerregistry.iam.gserviceaccount.com" + ], + "role": "roles/containerregistry.ServiceAgent" + }, { "members": [ "serviceAccount:service-304687256732@gcp-sa-containerscanning.iam.gserviceaccount.com" diff --git a/audit/projects/k8s-release/services/enabled.txt b/audit/projects/k8s-release/services/enabled.txt index ab1ef15e4e2..6b7478e6a58 100644 --- a/audit/projects/k8s-release/services/enabled.txt +++ b/audit/projects/k8s-release/services/enabled.txt @@ -3,7 +3,6 @@ cloudbuild.googleapis.com Cloud Build API cloudkms.googleapis.com Cloud Key Management Service (KMS) API containeranalysis.googleapis.com Container Analysis API containerregistry.googleapis.com Container Registry API -containerscanning.googleapis.com Container Scanning API logging.googleapis.com Cloud Logging API monitoring.googleapis.com Cloud Monitoring API pubsub.googleapis.com Cloud Pub/Sub API diff --git a/audit/projects/k8s-release/services/logging/logs.json b/audit/projects/k8s-release/services/logging/logs.json index fe51488c706..51ff563f6cd 100644 --- a/audit/projects/k8s-release/services/logging/logs.json +++ b/audit/projects/k8s-release/services/logging/logs.json @@ -1 +1,4 @@ -[] +[ + "projects/k8s-release/logs/cloudaudit.googleapis.com%2Factivity", + "projects/k8s-release/logs/cloudaudit.googleapis.com%2Fsystem_event" +] diff --git a/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json b/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json index 24fdf5d8823..144cb014f3e 100644 --- a/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json +++ b/audit/projects/k8s-staging-cluster-api-gcp/services/logging/logs.json @@ -1,7 +1,6 @@ [ "projects/k8s-staging-cluster-api-gcp/logs/cloudaudit.googleapis.com%2Factivity", "projects/k8s-staging-cluster-api-gcp/logs/cloudaudit.googleapis.com%2Fdata_access", - "projects/k8s-staging-cluster-api-gcp/logs/cloudaudit.googleapis.com%2Fsystem_event", "projects/k8s-staging-cluster-api-gcp/logs/cloudbuild", "projects/k8s-staging-cluster-api-gcp/logs/compute.googleapis.com%2Fshielded_vm_integrity" ] diff --git a/audit/projects/kubernetes-public/iam.json b/audit/projects/kubernetes-public/iam.json index 446bd888aca..0ccf4d06bfd 100644 --- a/audit/projects/kubernetes-public/iam.json +++ b/audit/projects/kubernetes-public/iam.json @@ -123,7 +123,7 @@ }, { "members": [ - "serviceAccount:service-127754664067@serverless-robot-prod.iam.gserviceaccount.com" + "deleted:serviceAccount:service-127754664067@serverless-robot-prod.iam.gserviceaccount.com?uid=118182660088477675409" ], "role": "roles/run.serviceAgent" }, diff --git a/audit/projects/kubernetes-public/services/container/clusters/aaa.json b/audit/projects/kubernetes-public/services/container/clusters/aaa.json index e95b354b57c..48a658f7006 100644 --- a/audit/projects/kubernetes-public/services/container/clusters/aaa.json +++ b/audit/projects/kubernetes-public/services/container/clusters/aaa.json @@ -37,7 +37,7 @@ "clusterIpv4Cidr": "10.40.0.0/14", "createTime": "2019-09-18T23:39:24+00:00", "currentMasterVersion": "1.19.9-gke.1900", - "currentNodeVersion": "1.18.17-gke.1901 *", + "currentNodeVersion": "1.19.9-gke.1900", "databaseEncryption": { "state": "DECRYPTED" }, @@ -168,7 +168,7 @@ "upgradeSettings": { "maxSurge": 1 }, - "version": "1.18.17-gke.1901" + "version": "1.19.9-gke.1900" }, { "autoscaling": { @@ -219,7 +219,7 @@ "upgradeSettings": { "maxSurge": 1 }, - "version": "1.18.17-gke.1901" + "version": "1.19.9-gke.1900" } ], "releaseChannel": {