Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8s-infra-prow-oncall members should be empowered to manage and troubleshoot prow infrastructure #1743

Open
spiffxp opened this issue Mar 2, 2021 · 8 comments
Open

k8s-infra-prow-oncall members should be empowered to manage and troubleshoot prow infrastructure #1743

spiffxp opened this issue Mar 2, 2021 · 8 comments
Assignees
@spiffxp
Labels
area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.

Comments

@spiffxp
Copy link
Member

spiffxp commented Mar 2, 2021
edited
Loading

This is intended to be a punch list for ensuring test-infra-oncall has the access they're used to with k8s-prow and k8s-prow-builds (or identifying a subset of permissions/access that is more appropriate for k8s-infra). Beyond that, this list should ensure that group members have sufficient permissions to use our scripts/terraform to manage prow infrastructure.

Up until now I've mostly been managing prow infrastructure as an account that has organization.admin and roles/owner for the kubernetes.io organization. As able, I will switch to an alternate account that is solely within the oncall group.

It would also be helpful to get folks from @kubernetes/ci-signal in k8s-infra-prow-viewers@ to raise issues they have about being unable to see things they expect to.

Thanks to @ameukam and @cjwagner for pointing out some gaps to get me started:

  • Remote states access for k8s-infra-oncall #1681 - access to gcs bucket storing remote terraform state for prow clusters
    (co-mingled with state for aaa cluster, should split out)
  • TBD - unable to run ensure-e2e-projects.sh (should either get permission to link billing accounts, or ensure_project shouldn't require these privileges when the project already exists)
  • TBD - unable to view custom org roles within GCP console
  • Update k8s-infra-prow-build README to clarify access instructions. #1735 - instructions for how to access prow clusters out of date
  • TBD - consider moving these projects to a folder within the organization, and setting bindings here instead of per-project

I'll update this with what the group has access to, but for now:

  • roles/owner for cluster projects: k8s-infra-prow-build, k8s-infra-prow-build-trusted
  • roles/owner for e2e projects: k8s-infra-e2e-*

/sig testing
/area prow
/area access
/priority important-soon
@k8s-ci-robot k8s-ci-robot added sig/testing Categorizes an issue or PR as relevant to SIG Testing. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/access Define who has access to what via IAM bindings, role bindings, policy, etc. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Mar 2, 2021
@spiffxp spiffxp added this to the v1.21 milestone Mar 2, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Mar 2, 2021

/assign @spiffxp

This was referenced Mar 4, 2021
Closed
Merged
@ameukam
Copy link
Member

ameukam commented Apr 16, 2021

/milestone v1.22

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.21, v1.22 Apr 16, 2021
@ameukam
Copy link
Member

ameukam commented Apr 16, 2021

/milestone v1.22

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 17, 2021
@spiffxp
Copy link
Member Author

spiffxp commented Jul 19, 2021

/remove-lifecycle stale
/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 19, 2021
@ameukam ameukam mentioned this issue Jul 21, 2021
Closed
@spiffxp
Copy link
Member Author

spiffxp commented Jul 27, 2021

/milestone v1.23
I would like to see community members in test-infra-oncall / prow.k8s.io fully in the community's hands in the next 3-6 months.

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.22, v1.23 Jul 27, 2021
@k8s-ci-robot k8s-ci-robot added sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. and removed wg/k8s-infra labels Sep 29, 2021
@ameukam
Copy link
Member

ameukam commented Dec 6, 2021

/milestone v1.24

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.23, v1.24 Dec 6, 2021
@ameukam
Copy link
Member

ameukam commented May 12, 2022

/milestone clear

@k8s-ci-robot k8s-ci-robot removed this from the v1.24 milestone May 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spiffxp spiffxp

Labels
area/access Define who has access to what via IAM bindings, role bindings, policy, etc. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Projects
SIG K8S Infra
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spiffxp @ameukam @k8s-ci-robot @fejta-bot