Skip to content

Configure Terraform presubmits and postsubmit jobs #3918

New issue
New issue
Open
Open
Configure Terraform presubmits and postsubmit jobs#3918
Labels
kind/featureCategorizes issue or PR as related to a new feature.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.sig/k8s-infraCategorizes an issue or PR as relevant to SIG K8s Infra.
@upodroid

Description

@upodroid
upodroid
opened on Jun 29, 2022

We have a number of projects managed by terraform at https://github.com/kubernetes/k8s.io/tree/main/infra/gcp/terraform.

However, these currently projects require manual deployment by sig-k8s-infra leads and others which is blocking rapid iteration of the GCP infra.

We need to configure some automation to deploy these changes safely.

Google Cloud Changes:

  1. Create a new project that holds a privileged service account. Something like https://github.com/knative/test-infra/tree/main/infra/gcp#bootstrapping-terraform---one-time-setup
  2. Grant this ServiceAccount some roles on the organization. https://github.com/knative/test-infra/blob/main/infra/gcp/iam.tf
  3. Create a k8s service account
  4. Complete the Workload Identity Configuration

AWS Changes:

  1. Implement Consider using Kubernetes Service Accounts to authenticate with AWS #3807.

Prow Changes:

  1. We will need a postsubmit job that runs when changes in infra/gcp/* are merged
  2. We will also need a presubmit that runs terraform plan only and prints that output to the PR. This will be running in the trusted cluster and that isn't allowed by default. Need to work something out.

Lets talk about it at the next sig-k8s-infra meeting.

/cc @ameukam

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.priority/important-soonMust be staffed and worked on either currently, or very soon, ideally in time for the next release.sig/k8s-infraCategorizes an issue or PR as relevant to SIG K8s Infra.

    Type

    No type

    Projects

    SIG K8S Infra

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions