Add gcs public bucket for prow staging logs. #1474
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
The service account key generated should be added as a secret in namespace |
|
/assign @BenTheElder @spiffxp |
|
/hold |
k8s-ci-robot
added
the
do-not-merge/hold
Following prow [documentation](https://github.com/kubernetes/test-infra/blob/master/prow/getting_started_deploy.md#configure-a-gcs-buckethttps://github.com/kubernetes/test-infra/blob/master/prow/getting_started_deploy.md#configure-a-gcs-bucket) guidance : Create a GCS bucket for tide history and build logs. Create a service account and grant admin access to the bucket. Create a service account key and add the generated key to Secret Manager. Signed-off-by: Arnaud Meukam <[email protected]>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: ameukam The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Same comment as #1475 (comment) - I would like to better understand what the plan is
| # Buckets for the logs of prow | ||
| PROW_BUCKETS=( | ||
| k8s-prow-staging-logs | ||
| ) |
There was a problem hiding this comment.
If the intent is to use this like gs://kubernetes-jenkins, I feel like we're going to want those sorts of buckets not in kubernetes-public. It'll be easier to keep track of CI artifact costs if they're in their own project. I'm open to suggestions.
There was a problem hiding this comment.
The PR is more in favor of the support multiple buckets by tide. I didn't consider the billing aspect.
| --project "${PROJECT}" \ | ||
| --iam-account "${SERVICE_ACCOUNT_EMAIL}" | ||
|
|
||
| color 6 "Creating secret to store private key" |
There was a problem hiding this comment.
Who can access the secret? I would expect to see a gcloud secrets add-iam-policy-binding call
My suggestion would be k8s-infra-prow-oncall@ (I'm happy to approve a PR adding you as a member to that group)
There was a problem hiding this comment.
I'll push the binding once the right option is chosen for gs://kubernetes-jenkins migration.
|
@ameukam: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/test pull-k8sio-yamllint |
|
@ameukam: The specified target(s) for
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test all |
|
🤔 Force push on this branch doesn't update the PR. 2 things changed:
|
|
/close |
|
@ameukam: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Following prow documentation guidance :
Create a gcs bucket for tide history and build logs.
Create a service account and grant admin access to the bucket.
Create a service account key and add the generated key to Secret Manager.
Signed-off-by: Arnaud Meukam [email protected]