Merge pull request #7048 from nilekhc/nilekh/f/add-secerts-store-sync-controller

k8s-ci-robot · web-flow · commit 9743e0fe9c06 · 2024-07-29T17:22:50.000-07:00
feat: adds secrets-store-sync-controller project
diff --git a/groups/restrictions.yaml b/groups/restrictions.yaml
@@ -46,6 +46,7 @@ restrictions:
   - path: "sig-auth/groups.yaml"
     allowedGroups:
       - "^k8s-infra-staging-csi-secrets-store@kubernetes.io$"
+      - "^k8s-infra-staging-secrets-store-sync@kubernetes.io$"
       - "^k8s-infra-staging-multitenancy@kubernetes.io$"
       - "^k8s-infra-staging-sig-auth@kubernetes.io$"
   - path: "sig-autoscaling/groups.yaml"
diff --git a/groups/sig-auth/groups.yaml b/groups/sig-auth/groups.yaml
@@ -62,6 +62,16 @@ groups:
       - tasha.drew@gmail.com
       - srajakum@amazon.com
 
+  - email-id: k8s-infra-staging-secrets-store-sync@kubernetes.io
+    name: k8s-infra-staging-secrets-store-sync
+    description: |-
+      ACL for staging secrets-store-sync-controller
+    settings:
+      ReconcileMembers: "true"
+    members:
+      - anish.ramasekar@gmail.com
+      - nilekhc@gmail.com
+
   #
   # k8s-infra gcs write access
   #
diff --git a/registry.k8s.io/images/k8s-staging-secrets-store-sync/OWNERS b/registry.k8s.io/images/k8s-staging-secrets-store-sync/OWNERS
@@ -0,0 +1,10 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+approvers:
+- aramase
+- enj
+
+reviewers:
+- aramase
+- enj
+- nilekhc
diff --git a/registry.k8s.io/images/k8s-staging-secrets-store-sync/generate.sh b/registry.k8s.io/images/k8s-staging-secrets-store-sync/generate.sh
@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+readonly repo="us-central1-docker.pkg.dev/k8s-staging-images/secrets-store-sync"
+# release candidates will be created for >=1.0.0 releases that we want published to the prod registry
+readonly tag_filter="(tags~^v[0-9]+.[0-9]+.[0-9]+$) OR (tags~^v[0-9]+.[0-9]+.[0-9]+-rc.[0-9]+$ AND tags >= v1.0.0)"
+readonly images=(
+    controller
+)
+
+for image in "${images[@]}"; do
+    echo "- name: ${image}"
+    echo "  dmap:"
+    gcloud container images list-tags \
+        "${repo}/$image" \
+        --format="get(digest, tags)" \
+        --sort-by="tags" \
+        --filter="${tag_filter}" | \
+    sed -e 's/\([^ ]*\)\t\(.*\)/    "\1": [ "\2" ]/'
+done
diff --git a/registry.k8s.io/images/k8s-staging-secrets-store-sync/images.yaml b/registry.k8s.io/images/k8s-staging-secrets-store-sync/images.yaml
diff --git a/registry.k8s.io/manifests/k8s-staging-secrets-store-sync/promoter-manifest.yaml b/registry.k8s.io/manifests/k8s-staging-secrets-store-sync/promoter-manifest.yaml
@@ -0,0 +1,48 @@
+# google group for gcr.io/k8s-staging-secrets-store-sync is k8s-infra-staging-secrets-store-sync@kubernetes.io
+registries:
+- name: us-central1-docker.pkg.dev/k8s-staging-images/secrets-store-sync
+  src: true
+- name: asia-east1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: asia-south1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: asia-northeast1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: asia-northeast2-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: australia-southeast1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-north1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-southwest1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-west1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-west2-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-west3-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-west4-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-west8-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-west9-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: europe-west10-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: southamerica-west1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: us-central1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: us-east1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: us-east4-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: us-east5-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: us-south1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: us-west1-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com
+- name: us-west2-docker.pkg.dev/k8s-artifacts-prod/images/secrets-store-sync
+  service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com

-Original file line number
+Diff line change
   - path: "sig-auth/groups.yaml"
     allowedGroups:
       - "^[email protected]$"
 +      - "^[email protected]$"
       - "^[email protected]$"
       - "^[email protected]$"
   - path: "sig-autoscaling/groups.yaml"