Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Donate Azure subscription to CNCF #1637

Closed
chewong opened this issue Feb 10, 2021 · 14 comments
Closed

Donate Azure subscription to CNCF #1637

chewong opened this issue Feb 10, 2021 · 14 comments
Assignees
@hh
Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.

Comments

@chewong
Copy link
Member

chewong commented Feb 10, 2021
edited
Loading

We have an Azure subscription dedicated to testing for various Kubernetes-related projects. It's been running well until we have to rotate this specific secret, which includes sharing with the test-infra on-call folks our credential (i.e. username, password, subscription ID, storage account key, etc all in plain text) used to authenticate test instances to create Kubernetes clusters on our Azure subscription. It's definitely not ideal and we would like to eliminate this process.

After having a conversation on Slack, it seems that the first step would be donating our Azure subscription/resources to the CNCF, which we would like to get some help with.

Our goals:

  • Manage and rotate secrets by core maintainers instead of sharing them in plain text with test-infra on-call folks
  • Schedule all Azure-related ProwJobs to an Azure cluster instead of a GKE cluster via the cluster field in prow job config to reduce the chance of secrets being leaked
  • Allow the Kubernetes community to run tests on Azure infrastructure

Here is a list of projects that use the Azure subscription, and their core maintainers:

Project Maintainers
https://github.com/kubernetes/kubernetes @feiskyer, @andyzhangx, @nilo19
https://github.com/kubernetes-sigs/cloud-provider-azure @feiskyer, @nilo19
https://github.com/kubernetes-sigs/azuredisk-csi-driver @andyzhangx
https://github.com/kubernetes-sigs/azurefile-csi-driver @andyzhangx
https://github.com/kubernetes-sigs/blob-csi-driver @andyzhangx
https://github.com/kubernetes-sigs/secrets-store-csi-driver @aramase, @ritazh
https://github.com/kubernetes-csi/csi-driver-smb @andyzhangx
https://github.com/kubernetes-csi/csi-driver-nfs @andyzhangx
https://github.com/kubernetes-sigs/cluster-api-provider-azure @CecileRobertMichon, @devigned
https://github.com/kubernetes-sigs/image-builder @CecileRobertMichon
sig-windows testing @chewong, @marosset, @jsturtevant
dualstack and IPv6 testing @aramase

Thanks!

/cc @dims
@justaugustus
Copy link
Member

cc: @kubernetes/k8s-infra-team @caniszczyk

FYI @kubernetes/release-engineering

@idvoretskyi
Copy link
Member

/cc

@chewong chewong mentioned this issue Feb 17, 2021
Closed
@hh
Copy link
Member

hh commented Feb 17, 2021

/cc

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 18, 2021
@rifelpet
Copy link
Member

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label May 19, 2021
@ameukam ameukam added the sig/testing Categorizes an issue or PR as relevant to SIG Testing. label May 19, 2021
@spiffxp
Copy link
Member

spiffxp commented May 19, 2021

/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label May 19, 2021
@dims
Copy link
Member

dims commented Jul 12, 2021

@caniszczyk @idvoretskyi - will this fit into the new program around cloud credits at CNCF?

@idvoretskyi
Copy link
Member

@dims can we kick-off the email thread please (with me and @caniszczyk)?

@hh
Copy link
Member

hh commented Jul 12, 2021 via email

@spiffxp
Copy link
Member

spiffxp commented Sep 2, 2021

/priority important-longterm

@k8s-ci-robot k8s-ci-robot added the priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. label Sep 2, 2021
@idvoretskyi
Copy link
Member

/assign @hh

@hh
Copy link
Member

hh commented Sep 6, 2021

Looping in Lachie.

/cc @lachie83

@k8s-ci-robot k8s-ci-robot added sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. and removed wg/k8s-infra labels Sep 29, 2021
@BenTheElder BenTheElder mentioned this issue Sep 29, 2023
Closed
@ameukam
Copy link
Member

ameukam commented Nov 15, 2023

/close

@k8s-ci-robot
Copy link
Contributor

@ameukam: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@github-project-automation github-project-automation bot moved this to Reporting, Audit & Logging in registry.k8s.io (SIG K8S Infra) Nov 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hh hh

Labels
lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Projects
registry.k8s.io (SIG K8S Infra)
Status: Reporting, Audit & Logging
sig-k8s-infra
Status: Done
Milestone
No milestone
Development

No branches or pull requests
10 participants
@dims @hh @spiffxp @idvoretskyi @justaugustus @rifelpet @ameukam @chewong @k8s-ci-robot @fejta-bot