Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Push testgrid images using workload identity #219

Merged
merged 2 commits into from
Jan 10, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 1 addition & 31 deletions prow/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ plank:
gcs_configuration:
bucket: "oss-prow"
path_strategy: "explicit"
gcs_credentials_secret: "service-account"
gcs_credentials_secret: "service-account" # TODO(fejta): remove https://github.com/GoogleCloudPlatform/oss-test-infra/issues/202

sinker:
resync_period: 1m
Expand Down Expand Up @@ -87,33 +87,3 @@ deck:
rerun_auth_config:
github_orgs:
- GoogleCloudPlatform

presets:
- labels:
preset-service-account: "true"
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /etc/service-account/service-account.json
- name: E2E_GOOGLE_APPLICATION_CREDENTIALS
value: /etc/service-account/service-account.json
volumes:
- name: service
secret:
secretName: service-account
volumeMounts:
- name: service
mountPath: /etc/service-account
readOnly: true
- labels:
preset-prow-deployer-service-account: "true"
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /creds/service-account.json
volumeMounts:
- name: creds
mountPath: /creds
readOnly: true
volumes:
- name: creds
secret:
secretName: prow-deployer-service-account
19 changes: 14 additions & 5 deletions prow/prowjobs/GoogleCloudPlatform/esp-v2/esp-v2.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,10 +51,6 @@ presubmits:
- name: ESPv2-gke-e2e-tight-http-bookstore-managed
always_run: true
decorate: true
labels:
preset-k8s-ssh: "true"
preset-service-account: "true"
preset-dind-enabled: "true"
spec:
containers:
- args:
Expand All @@ -81,6 +77,19 @@ presubmits:
- runner.sh
- /workspace/scenarios/kubernetes_e2e.py
image: gcr.io/k8s-testimages/kubekins-e2e:v20190509-e418529-master
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /etc/service-account/service-account.json
- name: E2E_GOOGLE_APPLICATION_CREDENTIALS
value: /etc/service-account/service-account.json
volumeMounts:
- name: service
mountPath: /etc/service-account
readOnly: true
volumes:
- name: service # TODO(fejta): remove https://github.com/GoogleCloudPlatform/oss-test-infra/issues/202
secret:
secretName: service-account
- name: ESPv2-cloud-run-e2e-cloud-run-http-bookstore
always_run: true
decorate: true
Expand Down Expand Up @@ -119,4 +128,4 @@ periodics:
volumes:
- name: cloudesf-testing-github-prow-service-account
secret:
secretName: cloudesf-testing-github-prow-service-account
secretName: cloudesf-testing-github-prow-service-account
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,17 @@ postsubmits:
- prow
- deploy
- deploy-build
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /creds/service-account.json
volumeMounts:
- name: creds
mountPath: /creds
readOnly: true
volumes:
- name: creds
secret:
secretName: prow-deployer-service-account
- name: post-oss-test-infra-upload-testgrid-config
cluster: test-infra-trusted
run_if_changed: '^(prow/prowjobs/.*\.yaml)|(testgrid/config\.yaml)$'
Expand Down Expand Up @@ -110,20 +121,11 @@ postsubmits:
testgrid-dashboards: googleoss-test-infra
testgrid-alert-email: [email protected]
spec:
serviceAccountName: testgrid-pusher
containers:
- image: gcr.io/k8s-testimages/bazelbuild:v20190916-ec59af8-0.29.1
env:
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /creds/service-account.json
command:
- ./images/push.sh
volumeMounts:
- name: testgrid-service-account
mountPath: /creds
volumes:
- name: testgrid-service-account
secret:
secretName: testgrid-service-account

periodics:
- cron: "05 15-23 * * 1-5" # Run at 7:05-15:05 PST (15:05 UTC) Mon-Fri
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
annotations:
iam.gke.io/gcp-service-account: [email protected]
name: testgrid-pusher
namespace: test-pods