Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

capg: enable compute api for CAPG to build the node images #2025

Merged
merged 1 commit into from
May 19, 2021
Merged

capg: enable compute api for CAPG to build the node images #2025

merged 1 commit into from
May 19, 2021

Conversation

cpanato
Copy link
Member

@cpanato cpanato commented May 10, 2021
edited
Loading

This PR enables the compute API to be used in the k8s-staging-cluster-api-gcp project to build the nightly images for CAPG

Related PRs:

Fixes: #1993

Open questions

  • It is not clear to me is how to use the credentials for this project in the prow job.

/assign @dims @ameukam @spiffxp

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 10, 2021
@k8s-ci-robot k8s-ci-robot requested review from nikhita and spiffxp May 10, 2021 08:38
@ameukam
Copy link
Member

ameukam commented May 10, 2021

It is not clear to me is how to use the credentials for this project in the prow job.

@cpanato Good question. We use workoadIdentity to ensure the service account used by the job have the right set of permissions.

@ameukam
Copy link
Member

ameukam commented May 10, 2021

Ref: #1993

@cpanato cpanato force-pushed the enable-api-capg branch from 1065e40 to 9bbbcf5 Compare May 10, 2021 13:25
@cpanato
Copy link
Member Author

cpanato commented May 10, 2021

It is not clear to me is how to use the credentials for this project in the prow job.

@cpanato Good question. We use workoadIdentity to ensure the service account used by the job have the right set of permissions.

thanks @ameukam , do we have any PR as an example of how to set up this? I need to make sure that this job https://github.com/kubernetes/test-infra/pull/22041/files receives the right credential

spiffxp
spiffxp suggested changes May 10, 2021
View reviewed changes
Copy link
Member

@spiffxp spiffxp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should unblock you. I am still interested in seeing all of this move back into GCB though.

@dims @cpanato have you all looked into https://cloud.google.com/build/docs/building/build-vm-images-with-packer at all? My glance of the CI scripts is that they boil down to packer calls

https://cloud.google.com/build/docs/building/build-vm-images-with-packer#required_iam_permissions is something we would want scripted, just for this project

https://cloud.google.com/build/docs/building/build-vm-images-with-packer#creating_a_packer_builder_image is something we might want to push to k8s-staging-test-infra or something

infra/gcp/ensure-staging-storage.sh Show resolved Hide resolved
@cpanato cpanato force-pushed the enable-api-capg branch from 9bbbcf5 to 91317bc Compare May 16, 2021 07:48
@k8s-ci-robot k8s-ci-robot added area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels May 16, 2021
@cpanato cpanato mentioned this pull request May 16, 2021
Merged
@cpanato cpanato force-pushed the enable-api-capg branch from 91317bc to 123f2d9 Compare May 18, 2021 13:39
spiffxp
spiffxp approved these changes May 18, 2021
View reviewed changes
Copy link
Member

@spiffxp spiffxp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/hold
Remove when ready to deploy. Or I can do this when at keyboard

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm "Looks good to me", indicates that a PR is ready to be merged. labels May 18, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 18, 2021
@spiffxp
Copy link
Member

spiffxp commented May 19, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 19, 2021
@k8s-ci-robot k8s-ci-robot merged commit c514963 into kubernetes:main May 19, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone May 19, 2021
@spiffxp
Copy link
Member

spiffxp commented May 19, 2021

OK, looks like I'll have to PR up a fix to get this working

$ ./ensure-staging-storage.sh cluster-api-gcp
# ...
Configuring special case for k8s-staging-cluster-api-gcp
Operation "operations/acf.p2-606075400249-63b89821-c81a-42cf-b6d9-4e2fb8d60b10" finished successfully.
ERROR: (gcloud.iam.service-accounts.create) argument NAME: Bad value [gcb-builder-cluster-api-gcp@k8s-staging-cluster-api-gcp.iam.gserviceaccount.com]: Service account name must be between 6 and 30 characters (inclusive), must begin with a lowercase letter, and consist of lowercase alphanumeric characters that can be separated by hyphens.
Usage: gcloud iam service-accounts create NAME [optional flags]
  optional flags may be  --description | --display-name | --help

@spiffxp spiffxp mentioned this pull request May 19, 2021
Merged
@spiffxp
Copy link
Member

spiffxp commented May 19, 2021

OK, re-ran with changes from #2057

Should be good to go

@cpanato cpanato deleted the enable-api-capg branch May 19, 2021 07:24
@cpanato cpanato mentioned this pull request May 19, 2021
Merged
@spiffxp spiffxp mentioned this pull request May 19, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ameukam ameukam ameukam left review comments

@spiffxp spiffxp spiffxp approved these changes

@nikhita nikhita Awaiting requested review from nikhita

Assignees

@dims dims

@spiffxp spiffxp

@ameukam ameukam

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.

switching on compute api and other APIs in k8s-staging-cluster-api-gcp
5 participants
@cpanato @ameukam @k8s-ci-robot @spiffxp @dims