diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 30ccce6ba4c..7d0887f66e7 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -168,6 +168,11 @@ aliases: - nikhita - parispittman ## BEGIN CUSTOM CONTENT + build-admins: + - amwat + - BenTheElder + - MushuEE + - spiffxp build-image-approvers: - BenTheElder - cblecker diff --git a/groups/sig-release/groups.yaml b/groups/sig-release/groups.yaml index ae615dc3863..fce76e63b74 100644 --- a/groups/sig-release/groups.yaml +++ b/groups/sig-release/groups.yaml @@ -20,6 +20,22 @@ groups: - sayan.chowdhury2012@gmail.com # 1.20 Bug Triage Shadow - v@gor.io # 1.20 Bug Triage Lead + - email-id: k8s-infra-google-build-admins@kubernetes.io + name: k8s-infra-google-build-admins + description: |- + ACL for Google Build Admins (edit access to Docker Hub mirror, view + access to Release GCP projects) + + https://git.k8s.io/sig-release/release-managers.md#build-admins + settings: + ReconcileMembers: "true" + members: + - k8s-infra-release-editors@kubernetes.io + - amwat@google.com + - bentheelder@google.com + - mushuee@google.com + - spiffxp@google.com + - email-id: k8s-infra-release-admins@kubernetes.io name: k8s-infra-release-admins description: |- @@ -59,6 +75,7 @@ groups: ReconcileMembers: "true" members: - k8s-infra-release-editors@kubernetes.io + - k8s-infra-google-build-admins@kubernetes.io - ameukam@gmail.com - gianarb92@gmail.com - gveronicalg@gmail.com @@ -150,6 +167,22 @@ groups: members: - k8s-infra-release-editors@kubernetes.io + - email-id: k8s-infra-staging-mirror@kubernetes.io + name: k8s-infra-staging-mirror + description: |- + ACL for staging mirror images + + This project is used to stage images mirrored from Docker Hub. + settings: + ReconcileMembers: "true" + members: + - k8s-infra-release-editors@kubernetes.io + - k8s-infra-google-build-admins@kubernetes.io + - cblecker@gmail.com # wg-k8s-infra-oncall + - davanum@gmail.com # wg-k8s-infra-oncall + - spiffxp@google.com # wg-k8s-infra-oncall + - thockin@google.com # wg-k8s-infra-oncall + - email-id: k8s-infra-staging-releng@kubernetes.io name: k8s-infra-staging-releng description: |- diff --git a/infra/gcp/ensure-staging-storage.sh b/infra/gcp/ensure-staging-storage.sh index e19b04df6b3..e7da985fbed 100755 --- a/infra/gcp/ensure-staging-storage.sh +++ b/infra/gcp/ensure-staging-storage.sh @@ -86,6 +86,7 @@ STAGING_PROJECTS=( kubernetes kustomize metrics-server + mirror multitenancy networking nfd @@ -106,6 +107,7 @@ STAGING_PROJECTS=( RELEASE_STAGING_PROJECTS=( kubernetes + mirror releng ) diff --git a/k8s.gcr.io/images/k8s-staging-mirror/OWNERS b/k8s.gcr.io/images/k8s-staging-mirror/OWNERS new file mode 100644 index 00000000000..dbf43866ce8 --- /dev/null +++ b/k8s.gcr.io/images/k8s-staging-mirror/OWNERS @@ -0,0 +1,16 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +options: + no_parent_owners: true +approvers: + - sig-release-leads + - sig-testing-leads + - release-engineering-approvers + - wg-k8s-infra-leads + - build-admins +reviewers: + - release-engineering-reviewers + +labels: + - sig/release + - area/release-eng diff --git a/k8s.gcr.io/images/k8s-staging-mirror/images.yaml b/k8s.gcr.io/images/k8s-staging-mirror/images.yaml new file mode 100644 index 00000000000..09a8acf3f91 --- /dev/null +++ b/k8s.gcr.io/images/k8s-staging-mirror/images.yaml @@ -0,0 +1 @@ +# NO IMAGES YET diff --git a/k8s.gcr.io/manifests/k8s-staging-mirror/promoter-manifest.yaml b/k8s.gcr.io/manifests/k8s-staging-mirror/promoter-manifest.yaml new file mode 100644 index 00000000000..754586c0ebd --- /dev/null +++ b/k8s.gcr.io/manifests/k8s-staging-mirror/promoter-manifest.yaml @@ -0,0 +1,10 @@ +# google group for gcr.io/k8s-staging-mirror is k8s-infra-staging-mirror@kubernetes.io +registries: +- name: gcr.io/k8s-staging-mirror + src: true +- name: us.gcr.io/k8s-artifacts-prod/mirror + service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com +- name: eu.gcr.io/k8s-artifacts-prod/mirror + service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com +- name: asia.gcr.io/k8s-artifacts-prod/mirror + service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com