kubernetes · k8s-ci-robot · Feb 12, 2021 · Feb 12, 2021 · spiffxp · Feb 12, 2021
diff --git a/...ects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/build-serviceaccounts.yaml b/...ects/k8s-infra-prow-build-trusted/prow-build-trusted/resources/build-serviceaccounts.yaml
@@ -63,11 +63,3 @@ metadata:
     iam.gke.io/gcp-service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod-bak.iam.gserviceaccount.com
   name: k8s-infra-gcr-promoter-bak
   namespace: test-pods
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  annotations:
-    iam.gke.io/gcp-service-account: k8s-infra-gcr-vuln-dashboard@k8s-artifacts-prod.iam.gserviceaccount.com
-  name: k8s-infra-gcr-vuln-dashboard
-  namespace: test-pods
diff --git a/infra/gcp/ensure-prod-storage.sh b/infra/gcp/ensure-prod-storage.sh
@@ -372,44 +372,6 @@ color 6 "Handling special cases"
             "${PROD_PROJECT}" \
             $(svc_acct_email "${PROD_PROJECT}" "${PROMOTER_VULN_SCANNING_SVCACCT}")
     done
-
-    color 6 "Ensuring prod promoter vuln-dashboard svcacct exists"
-    ensure_service_account \
-        "${PROD_PROJECT}" \
-        "${VULN_DASHBOARD_SVCACCT}" \
-        "k8s-infra container image vuln dashboard"
-
-    color 6 "Empowering promoter-scanning namespace to use prod promoter vuln-dashboard svcacct"
-    for project in "${PROW_TRUSTED_BUILD_CLUSTER_PROJECTS[@]}"; do
-        empower_ksa_to_svcacct \
-            "${project}.svc.id.goog[test-pods/k8s-infra-gcr-vuln-dashboard]" \
-            "${PROD_PROJECT}" \
-            $(svc_acct_email "${PROD_PROJECT}" "${VULN_DASHBOARD_SVCACCT}")
-    done
-
-    # Special case: grant the k8s-infra-gcr-vuln-dashboard account access to
-    # write to the prod vuln dashboard GCS bucket.
-    ensure_prod_gcs_bucket "${PROD_PROJECT}" "gs://${PROD_PROJECT}-vuln-dashboard" 2>&1 | indent
-
-    color 6 "Empowering vuln-dashboard svcacct to vuln-dashboard bucket"
-    empower_svcacct_to_write_gcs_bucket \
-        "$(svc_acct_email "${PROD_PROJECT}" "${VULN_DASHBOARD_SVCACCT}")" \
-        "gs://${PROD_PROJECT}-vuln-dashboard"
-
-    # Special case: grant the k8s-infra-gcr-vuln-dashboard account access to
-    # container analysis results for the prod project.
-    color 6 "Empowering vuln-dashboard svcacct to prod vulnerability scanning"
-    empower_service_account_for_cip_vuln_scanning \
-        "$(svc_acct_email "${PROD_PROJECT}" "${VULN_DASHBOARD_SVCACCT}")" \
-        "${PROD_PROJECT}"
-
-    # Special case: don't use retention on vulnerability dashboard bucket
-    #               'ci-release-vulndash-update' runs periodically in Prow and
-    #               requires access to overwrite the dashboard's html.
-    #               This should maybe one day be wired up as a Netlify site, but
-    #               one step at a time!
-    color 6 "Removing retention on the ${PROD_PROJECT}-vuln-dashboard bucket"
-    gsutil retention clear "gs://${PROD_PROJECT}-vuln-dashboard"
 ) 2>&1 | indent
 
 color 6 "Done"
diff --git a/infra/gcp/lib.sh b/infra/gcp/lib.sh
@@ -33,9 +33,6 @@ PROMOTER_SVCACCT="k8s-infra-gcr-promoter"
 # The service account name for the image promoter's vulnerability check.
 PROMOTER_VULN_SCANNING_SVCACCT="k8s-infra-gcr-vuln-scanning"
 
-# The service account name for the k8s vulnerability dashboard.
-VULN_DASHBOARD_SVCACCT="k8s-infra-gcr-vuln-dashboard"
-
 # The service account name for the GCR auditor (Cloud Run runtime service
 # account).
 AUDITOR_SVCACCT="k8s-infra-gcr-auditor"