Merge pull request #6985 from michelle192837/migrateimagejobs

k8s-ci-robot · web-flow · commit 1eefb787204f · 2024-07-16T11:07:07.000-07:00
Add bucket + service account for TestGrid upload.
diff --git a/infra/gcp/terraform/k8s-infra-prow-build-trusted/serviceaccounts.tf b/infra/gcp/terraform/k8s-infra-prow-build-trusted/serviceaccounts.tf
@@ -57,6 +57,11 @@ locals {
       project_roles     = ["roles/secretmanager.secretAccessor"]
       cluster_namespace = "kubernetes-external-secrets"
     }
+    // also assigned roles by:
+    // - terraform/k8s-infra-prow
+    k8s-testgrid-config-updater = {
+      description = "writes TestGrid config to gs://k8s-testgrid-config"
+    }
   }
 }
 
diff --git a/infra/gcp/terraform/k8s-infra-prow/buckets.tf b/infra/gcp/terraform/k8s-infra-prow/buckets.tf
@@ -43,3 +43,30 @@ module "gcb_bucket" {
     }
   ]
 }
+
+// Create gs://k8s-testgrid-config to store K8s TestGrid config.
+module "testgrid_config_bucket" {
+  source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
+  version = "~> 5"
+
+  name       = "k8s-testgrid-config"
+  project_id = module.project.project_id
+  location   = "us"
+
+  lifecycle_rules = [{
+    action = {
+      type = "Delete"
+    }
+    condition = {
+      age        = 90 # 90d
+      with_state = "ANY"
+    }
+  }]
+
+  iam_members = [
+    {
+      role   = "roles/storage.objectAdmin"
+      member = "serviceAccount:k8s-testgrid-config-updater@k8s-infra-prow-build-trusted.iam.gserviceaccount.com"
+    }
+  ]
+}

Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,11 @@ locals {`
`57`	`57`	`project_roles = ["roles/secretmanager.secretAccessor"]`
`58`	`58`	`cluster_namespace = "kubernetes-external-secrets"`
`59`	`59`	`}`
	`60`	`+ // also assigned roles by:`
	`61`	`+ // - terraform/k8s-infra-prow`
	`62`	`+ k8s-testgrid-config-updater = {`
	`63`	`+ description = "writes TestGrid config to gs://k8s-testgrid-config"`
	`64`	`+ }`
`60`	`65`	`}`
`61`	`66`	`}`
`62`	`67`