Make AWS credentials configurable easily

[shyamjvs]

Follow-up of #10866
This change standardizes way we pass credentials to kops/eks jobs - allowing to do testing in newer accounts.

/cc @gyuho

[gyuho]

Ok this is more readable 👍

/lgtm
/approve

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 543fbdf5bec90392425c253c18c3ed61636e29ec

[shyamjvs]

Btw - the label value is our testing account's ID. We can add new presets with different accounts.

[BenTheElder]

I suspect this will be error prone as nearly all of us (including me) don't have access to and have no idea what these are so we'll just be copying around mysterious number strings. I'd strongly suggest giving these a human readable name and commenting with the ID# on the preset instead.

Doing that would also mean you can swap accounts without mass updating all of the job config files, which is a big reason presets are useful.

[BenTheElder]

Something like:
preset-aws-credential: cncf-prow
preset-aws-credential: aws-eks

Which will also be useful because eventually @kubernetes/k8s-infra-wg will probably want to track usage on the CNCF credentials.

[BenTheElder]

Naming them with intent should also help job writers to figure out which they should be using from example jobs. The opaque strings will probably lead to someone creating a charts job on the wrong account or something.

[shyamjvs]

@BenTheElder Sounds reasonable.. Will change it to something more meaningful, thanks.

[shyamjvs]

Done, PTAL.

[shyamjvs]

Presubmit failed due to duplicated preset label : preset-aws-credential. I changed the validation function to check uniqueness of (key, value) pair instead of uniqueness of just key - which is what should be done FMU.

/cc @BenTheElder

[BenTheElder]

can we put a comment describing what the usage should be?

[shyamjvs]

Done. Added comment above preset definition.

[BenTheElder]

thanks, this should be a nice step towards being easier to follow the config :-)

[BenTheElder]

will leave for a follow-up, but perhaps the intention of who should be using this account for what kind of testing? :^)

[shyamjvs]

I'm soon planning to organize all aws testing account creds at a central place under jobs/sig-aws/. Working with @krzyzacy to get the prow secrets right. I'll clarify it in follow-up PR.

[shyamjvs]

See #10886

[BenTheElder]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: BenTheElder, gyuho, shyamjvs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• config/OWNERS [BenTheElder]
• prow/OWNERS [BenTheElder]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 650d8d00cb430b39462c8e900d9a8e862aff351a

[k8s-ci-robot]

@shyamjvs: Updated the job-config configmap using the following files:

• key k8s-aws-eks-presets.yaml using file config/jobs/kubernetes/sig-aws/eks/k8s-aws-eks-presets.yaml
• key k8s-aws-eks-presubmits.yaml using file config/jobs/kubernetes/sig-aws/eks/k8s-aws-eks-presubmits.yaml
• key generated-security-jobs.yaml using file config/jobs/kubernetes-security/generated-security-jobs.yaml
• key k8s-aws-eks-periodics.yaml using file config/jobs/kubernetes/sig-aws/eks/k8s-aws-eks-periodics.yaml

In response to this:

Follow-up of #10866
This change standardizes way we pass credentials to kops/eks jobs - allowing to do testing in newer accounts.

/cc @gyuho

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.