capg: enable compute api for CAPG to build the node images

[cpanato]

This PR enables the compute API to be used in the k8s-staging-cluster-api-gcp project to build the nightly images for CAPG

Related PRs:

• prow job: image-build/capg: add periodic job to build gce images test-infra#22041
• image-builder scripts: gce: add scripts for CI test and nightly builds kubernetes-sigs/image-builder#445

Fixes: #1993

Open questions

• It is not clear to me is how to use the credentials for this project in the prow job.

/assign @dims @ameukam @spiffxp

[ameukam]

It is not clear to me is how to use the credentials for this project in the prow job.

@cpanato Good question. We use workoadIdentity to ensure the service account used by the job have the right set of permissions.

[ameukam]

Ref: #1993

[cpanato]

It is not clear to me is how to use the credentials for this project in the prow job.

@cpanato Good question. We use workoadIdentity to ensure the service account used by the job have the right set of permissions.

thanks @ameukam , do we have any PR as an example of how to set up this? I need to make sure that this job https://github.com/kubernetes/test-infra/pull/22041/files receives the right credential

[spiffxp]

This should unblock you. I am still interested in seeing all of this move back into GCB though.

@dims @cpanato have you all looked into https://cloud.google.com/build/docs/building/build-vm-images-with-packer at all? My glance of the CI scripts is that they boil down to packer calls

https://cloud.google.com/build/docs/building/build-vm-images-with-packer#required_iam_permissions is something we would want scripted, just for this project

https://cloud.google.com/build/docs/building/build-vm-images-with-packer#creating_a_packer_builder_image is something we might want to push to k8s-staging-test-infra or something

[spiffxp]

/hold
Remove when ready to deploy. Or I can do this when at keyboard

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [spiffxp]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[spiffxp]

/hold cancel

[spiffxp]

OK, looks like I'll have to PR up a fix to get this working

$ ./ensure-staging-storage.sh cluster-api-gcp
# ...
Configuring special case for k8s-staging-cluster-api-gcp
Operation "operations/acf.p2-606075400249-63b89821-c81a-42cf-b6d9-4e2fb8d60b10" finished successfully.
ERROR: (gcloud.iam.service-accounts.create) argument NAME: Bad value [gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com]: Service account name must be between 6 and 30 characters (inclusive), must begin with a lowercase letter, and consist of lowercase alphanumeric characters that can be separated by hyphens.
Usage: gcloud iam service-accounts create NAME [optional flags]
  optional flags may be  --description | --display-name | --help

[spiffxp]

OK, re-ran with changes from #2057

Should be good to go