Skip to content

Various fixes for private cluster #4855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
istio-testing merged 2 commits into from
Jun 29, 2023
Merged

Various fixes for private cluster #4855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d6151e8
Various fixes to private build infra
howardjohn Jun 29, 2023
8ceddc6
Cleanup presets
howardjohn Jun 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion infra/gcp/istio-prow-private/iam.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,9 @@ resource "google_project_iam_member" "prow_control_gke" {
project = local.project_id
role = "roles/container.developer"
member = "serviceAccount:prow-control-plane@istio-testing.iam.gserviceaccount.com"
}
}
resource "google_project_iam_member" "prow_deployer_gke" {
project = local.project_id
role = "roles/container.developer"
member = "serviceAccount:prow-deployer@istio-testing.iam.gserviceaccount.com"
}
6 changes: 6 additions & 0 deletions infra/gcp/istio-prow-private/storage.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,3 +31,9 @@ resource "google_storage_bucket" "istio_prow_private" {
prevent_destroy = true
}
}
# Give control plane (deck-private) read access to the bucket so logs can be read
resource "google_storage_bucket_iam_member" "istio_prow_private_deck" {
bucket = google_storage_bucket.istio_prow_private.name
role = "roles/storage.objectViewer"
member = "serviceAccount:prow-control-plane@istio-testing.iam.gserviceaccount.com"
}
2 changes: 2 additions & 0 deletions infra/gcp/modules/gke-nodepool/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ resource "google_container_node_pool" "node_pool" {
lifecycle {
create_before_destroy = true
ignore_changes = [
# https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/container_node_pool#initial_node_count
initial_node_count,
# https://www.terraform.io/docs/providers/google/r/container_cluster.html#taint
node_config[0].taint,
# Terraform does not yet support this mode, so we have to just set it manually and ignore changes
Expand Down
92 changes: 1 addition & 91 deletions prow/cluster/jobs/all-presets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,94 +2,4 @@
# However, the generator pins requirements per-version. Rather than backfilling
# all versions, we keep the presets. These should not be used for new use cases and can be removed
# as release branches are pruned
presets:
- labels:
preset-enable-ssh: "true"
env:
- name: GIT_SSH_COMMAND
value: "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
volumeMounts:
- mountPath: /root/.ssh
name: ssh
readOnly: true
volumes:
- name: ssh
secret:
secretName: ssh-key-secret
items:
- key: secret
path: id_rsa
mode: 0600
- labels:
preset-enable-netrc: "true"
volumeMounts:
- mountPath: /home/.netrc
subPath: .netrc
name: netrc
readOnly: true
volumes:
- name: netrc
secret:
secretName: netrc-secret
items:
- key: secret
path: .netrc
mode: 0600
- labels:
preset-override-envoy: "true"
env:
- name: ISTIO_ENVOY_BASE_URL
value: https://storage.googleapis.com/istio-private-build/proxy
- name: AUTH_HEADER
valueFrom:
secretKeyRef:
name: authentikos-token
key: token
- labels:
preset-override-deps: "master-release"
env:
- name: DEPENDENCIES
valueFrom:
configMapKeyRef:
name: master-release-deps
key: dependencies
- labels:
preset-override-deps: "master-istio"
env:
- name: DEPENDENCIES
valueFrom:
configMapKeyRef:
name: master-istio-deps
key: dependencies
- labels:
preset-override-deps: "release-1.16-release"
env:
- name: DEPENDENCIES
valueFrom:
configMapKeyRef:
name: release-1.16-release-deps
key: dependencies
- labels:
preset-override-deps: "release-1.16-istio"
env:
- name: DEPENDENCIES
valueFrom:
configMapKeyRef:
name: release-1.16-istio-deps
key: dependencies
- labels:
preset-override-deps: "release-1.17-release"
env:
- name: DEPENDENCIES
valueFrom:
configMapKeyRef:
name: release-1.17-release-deps
key: dependencies
- labels:
preset-override-deps: "release-1.17-istio"
env:
- name: DEPENDENCIES
valueFrom:
configMapKeyRef:
name: release-1.17-istio-deps
key: dependencies
presets: []
14 changes: 4 additions & 10 deletions prow/cluster/jobs/istio-private/api/istio-private.api.master.gen.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 0 additions & 6 deletions prow/cluster/jobs/istio-private/api/istio-private.api.release-1.16.gen.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 0 additions & 6 deletions prow/cluster/jobs/istio-private/api/istio-private.api.release-1.17.gen.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 0 additions & 6 deletions prow/cluster/jobs/istio-private/api/istio-private.api.release-1.18.gen.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading