infra/gcp/aaa: add k8s-infra-prow #2235
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
the
size/XXL
ameukam
force-pushed
the
aaa-k8s-infra-prow
branch
3 times, most recently
from
30b4b55 to
1376465
Compare
ameukam
force-pushed
the
aaa-k8s-infra-prow
branch
from
1376465 to
eb9c129
Compare
k8s-ci-robot
added
the
sig/testing
ameukam
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
ameukam
force-pushed
the
aaa-k8s-infra-prow
branch
from
eb9c129 to
63aa983
Compare
|
/test pull-k8sio-verify |
ameukam
force-pushed
the
aaa-k8s-infra-prow
branch
2 times, most recently
from
6dd07f9 to
c0cefd5
Compare
k8s-ci-robot
added
area/access
ameukam
force-pushed
the
aaa-k8s-infra-prow
branch
from
b7e7710 to
b691f90
Compare
spiffxp
force-pushed
the
aaa-k8s-infra-prow
branch
from
e3f8856 to
f2d5f65
Compare
spiffxp
reviewed
Jul 27, 2021
There was a problem hiding this comment.
I feel like maybe you grabbed a copy from or were at least inspired by my attempts at setting up github.com/bashfire/prow-config. The problem is that's fallen way stale at this point. I would recommend a refresh from https://github.com/kubernetes/test-infra/tree/master/config/prow just to be sure
I dropped some notes to self that I'll try and answer as followup
| @@ -0,0 +1,23 @@ | |||
| periodics: | |||
There was a problem hiding this comment.
nit: I am more used to seeing apps/prow/jobs/{org}/{repo}
we're gonna want to move this to be top-level or easy to find anyway, so maybe the particular name right now doesn't matter as much
There was a problem hiding this comment.
We'll update location when I'll add prow self-maintenance jobs.
ameukam
force-pushed
the
aaa-k8s-infra-prow
branch
from
f2d5f65 to
e943787
Compare
k8s-ci-robot
added
area/apps
k8s-ci-robot
added
the
area/infra
spiffxp
suggested changes
Aug 5, 2021
apps/prow/config.yaml
Outdated
Comment on lines
26
to
27
| default_org: "kubernetes" | ||
| default_repo: "k8s.io" |
There was a problem hiding this comment.
I edited the suggestion to remove these two lines, I'd like to see this change accepted before lgtm
Add kubernetes manifests for k8s-infra-prow Move ghproxy to cluster folder Add configuration for k8s-infra-prow Add plugins configuration for k8s-infra-prow Ensure deploy.sh targets cluster folder Add ingress and GKE managed certificate Add a Makefile for prow config and plugins deployments. Add a Makefile with commands allowing to update prow config and plugins once changes are merged. Create and Add Github HMAC Token to GCP Secrets Manager of project kubernetes-public. Create Github OAuth config and add it to GCP Secrets Manager. Fix yamllint
ameukam
force-pushed
the
aaa-k8s-infra-prow
branch
from
e943787 to
d68d628
Compare
@spiffxp removed the lines. |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ameukam, spiffxp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
This failed to auto-deploy because RBAC: |
|
Retriggered job via re-run button https://prow.k8s.io/?job=post-k8sio-deploy-app-prow |
|
OK I think the remaining errors are token / typo related https://prow.k8s.io/view/gs/kubernetes-jenkins/logs/post-k8sio-deploy-app-prow/1423707644174012416 will leave to @ameukam to fix for now |
ameukam
added a commit
to ameukam/k8s.io
that referenced
this pull request
Aug 6, 2021
Fix typos found during deployment of : kubernetes#2235
ameukam
added a commit
to ameukam/k8s.io
that referenced
this pull request
Aug 6, 2021
Fix typos and mistakes found during deployment of : kubernetes#2235
|
Some issues we have post-deployment :
E0807 22:07:54.495104 1 reflector.go:138] external/io_k8s_client_go/tools/cache/reflector.go:167: Failed to watch *v1.Pod: failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:prow:sinker" cannot list resource "pods" in API group "" in the namespace "k8s-infra-test-pods"
kubectl -n prow logs -l app=deck
...
{"component":"deck","error":"Get \"https://storage.googleapis.com/k8s-testgrid/config\": compute: Received 403 `Unable to generate access token; IAM returned 403 Forbidden: The caller does not have permission\nThis error could be caused by a missing IAM policy binding on the target IAM service account.\nFor more information, refer to the Workload Identity documentation:\n\thttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to\n\n`","file":"prow/spyglass/testgrid.go:50","func":"k8s.io/test-infra/prow/spyglass.(*TestGrid).Start.func1","level":"error","msg":"Couldn't update TestGrid config.","path":"gs://k8s-testgrid/config","severity":"error","time":"2021-08-06T21:50:08Z"}@spiffxp I believe this is under a Google GCP Org. IAM binding may need to be done by Googlers.
{"component":"tide","error":"error initializing history client from \"gs://k8s-infra-prow-results/tide-history.json\": open: Get \"https://storage.googleapis.com/k8s-infra-prow-results/tide-history.json\": compute: Received 403 `Unable to generate access token; IAM returned 403 Forbidden: The caller does not have permission\nThis error could be caused by a missing IAM policy binding on the target IAM service account.\nFor more information, refer to the Workload Identity documentation:\n\thttps://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to\n\n`","file":"prow/cmd/tide/main.go:176","func":"main.main","level":"fatal","msg":"Error creating Tide controller.","severity":"fatal","time":"2021-08-06T22:55:38Z"} |
ameukam
added a commit
to ameukam/k8s.io
that referenced
this pull request
Aug 6, 2021
Fix typos and mistakes found during deployment of : kubernetes#2235
ameukam
added a commit
to ameukam/k8s.io
that referenced
this pull request
Aug 7, 2021
Fix typos and mistakes found during deployment of : kubernetes#2235
|
Ref: #1394 |
ameukam
added a commit
to ameukam/k8s.io
that referenced
this pull request
Aug 9, 2021
Followup of kubernetes#2235. Ref: kubernetes#1394. sinker & prow-controller-manager require a namespace is present and they can list and update the pods presents in this namespace: ```shell E0807 22:07:54.495104 1 reflector.go:138] external/io_k8s_client_go/tools/cache/reflector.go:167: Failed to watch *v1.Pod: failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:prow:sinker" cannot list resource "pods" in API group "" in the namespace "k8s-infra-test-pods" ``` Signed-off-by: Arnaud Meukam <[email protected]>
ameukam
added a commit
to ameukam/k8s.io
that referenced
this pull request
Aug 9, 2021
Followup of kubernetes#2235. Ref: kubernetes#1394. sinker & prow-controller-manager require a namespace is present and they can list and update the pods presents in this namespace: ```shell E0807 22:07:54.495104 1 reflector.go:138] external/io_k8s_client_go/tools/cache/reflector.go:167: Failed to watch *v1.Pod: failed to list *v1.Pod: pods is forbidden: User "system:serviceaccount:prow:sinker" cannot list resource "pods" in API group "" in the namespace "k8s-infra-test-pods" ``` Signed-off-by: Arnaud Meukam <[email protected]>
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Deploy k8s-infra prow instance for configuration focused on k8s.io repo.
Signed-off-by: Arnaud Meukam [email protected]