From 22994bad7b36e88d9a2c615f9808afcd0455a004 Mon Sep 17 00:00:00 2001 From: upodroid Date: Sat, 18 Oct 2025 04:44:09 +0300 Subject: [PATCH] drop storage migrator registry --- groups/restrictions.yaml | 1 - groups/sig-api-machinery/groups.yaml | 229 +++++++++--------- .../k8s-staging-storage-migrator/OWNERS | 5 - .../k8s-staging-storage-migrator/images.yaml | 9 - .../promoter-manifest.yaml | 48 ---- 5 files changed, 108 insertions(+), 184 deletions(-) delete mode 100644 registry.k8s.io/images/k8s-staging-storage-migrator/OWNERS delete mode 100644 registry.k8s.io/images/k8s-staging-storage-migrator/images.yaml delete mode 100644 registry.k8s.io/manifests/k8s-staging-storage-migrator/promoter-manifest.yaml diff --git a/groups/restrictions.yaml b/groups/restrictions.yaml index bf35fd31187..504a03a4834 100644 --- a/groups/restrictions.yaml +++ b/groups/restrictions.yaml @@ -20,7 +20,6 @@ restrictions: - "^leads@kubernetes.io$" - path: "sig-api-machinery/groups.yaml" allowedGroups: - - "^k8s-infra-staging-storage-migrator@kubernetes.io$" - "^sig-api-machinery-cel-dev@kubernetes.io$" - "^k8s-infra-staging-kubebuilder@kubernetes.io$" - "^sig-api-machinery-leads@kubernetes.io$" diff --git a/groups/sig-api-machinery/groups.yaml b/groups/sig-api-machinery/groups.yaml index 6d02742f5c8..ceee29562fa 100644 --- a/groups/sig-api-machinery/groups.yaml +++ b/groups/sig-api-machinery/groups.yaml @@ -1,5 +1,4 @@ groups: - # # Mailing lists # @@ -7,132 +6,120 @@ groups: # and is not intended to govern access to infrastructure # -- email-id: sig-api-machinery-leads@kubernetes.io - name: sig-api-machinery-leads - description: |- - SIG api-machinery leads - owners: - - jpbetz@google.com - - deads@redhat.com - - fbongiovanni@google.com - - stefan.schimanski@gmail.com - settings: - AllowWebPosting: "true" - ReconcileMembers: "true" - WhoCanPostMessage: "ANYONE_CAN_POST" - WhoCanViewGroup: "ALL_MEMBERS_CAN_VIEW" + - email-id: sig-api-machinery-leads@kubernetes.io + name: sig-api-machinery-leads + description: |- + SIG api-machinery leads + owners: + - jpbetz@google.com + - deads@redhat.com + - fbongiovanni@google.com + - stefan.schimanski@gmail.com + settings: + AllowWebPosting: "true" + ReconcileMembers: "true" + WhoCanPostMessage: "ANYONE_CAN_POST" + WhoCanViewGroup: "ALL_MEMBERS_CAN_VIEW" -- email-id: sig-api-machinery@kubernetes.io - name: sig-api-machinery - description: |- - SIG api-machinery general discussion group, for future migration from old googlegroups - owners: - - jpbetz@google.com - - deads@redhat.com - - fbongiovanni@google.com - - stefan.schimanski@gmail.com - settings: - WhoCanJoin: "ANYONE_CAN_JOIN" - WhoCanViewGroup: "ANYONE_CAN_VIEW" - WhoCanDiscoverGroup: "ANYONE_CAN_DISCOVER" - WhoCanPostMessage: "ANYONE_CAN_POST" - MessageModerationLevel: "MODERATE_NON_MEMBERS" - WhoCanViewMembership: "ALL_MANAGERS_CAN_VIEW" - WhoCanModerateMembers: "OWNERS_AND_MANAGERS" - WhoCanModerateContent: "OWNERS_AND_MANAGERS" - MembersCanPostAsTheGroup: "false" - ReconcileMembers: "false" + - email-id: sig-api-machinery@kubernetes.io + name: sig-api-machinery + description: |- + SIG api-machinery general discussion group, for future migration from old googlegroups + owners: + - jpbetz@google.com + - deads@redhat.com + - fbongiovanni@google.com + - stefan.schimanski@gmail.com + settings: + WhoCanJoin: "ANYONE_CAN_JOIN" + WhoCanViewGroup: "ANYONE_CAN_VIEW" + WhoCanDiscoverGroup: "ANYONE_CAN_DISCOVER" + WhoCanPostMessage: "ANYONE_CAN_POST" + MessageModerationLevel: "MODERATE_NON_MEMBERS" + WhoCanViewMembership: "ALL_MANAGERS_CAN_VIEW" + WhoCanModerateMembers: "OWNERS_AND_MANAGERS" + WhoCanModerateContent: "OWNERS_AND_MANAGERS" + MembersCanPostAsTheGroup: "false" + ReconcileMembers: "false" -- email-id: sig-api-machinery-cel-dev@kubernetes.io - name: sig-api-machinery-cel-dev - description: |- - Discussion of SIG api-machinery CEL based features - settings: + - email-id: sig-api-machinery-cel-dev@kubernetes.io + name: sig-api-machinery-cel-dev + description: |- + Discussion of SIG api-machinery CEL based features + settings: WhoCanPostMessage: "ANYONE_CAN_POST" ReconcileMembers: "true" - owners: - - jpbetz@google.com - - cic37@google.com - - deads@redhat.com - - hankang@google.com - members: - - cquirogapichincha@gmail.com - - sttts@redhat.com - - bluddy@redhat.com - - rita.z.zhang@gmail.com - - angoldst@redhat.com - - mok@vmware.com - - zielenski@google.com - - andrewsy@google.com - - apelisse@google.com - - bentheelder@google.com - - cicih@google.com - - davishaba@google.com - - soorena@google.com - - jhf@google.com - - jim@nirmata.com - - liggitt@google.com - - kermitalexandr@google.com - - leilajal@google.com - - smythe@google.com - - stevenlinde@google.com - - stclair@google.com - - # - # k8s-staging write access for SIG-owned subprojects - # - # Each group here represents privileged access to a staging project, - # allowing the members to directly write to GCS and GCR within the - # project, as well as trigger Cloud Build within the project. Ideally - # this level access is used solely for troubleshooting purposes. - # - # Membership should correspond roughly to subproject owners for the set of - # subproject artifacts being stored in a given staging project - # - -- email-id: k8s-infra-staging-storage-migrator@kubernetes.io - name: k8s-infra-staging-storage-migrator - description: |- - ACL for kube-storage-version-migrator - settings: - ReconcileMembers: "true" - members: - - xuchao@google.com - - haoweic@google.com + owners: + - jpbetz@google.com + - cic37@google.com + - deads@redhat.com + - hankang@google.com + members: + - cquirogapichincha@gmail.com + - sttts@redhat.com + - bluddy@redhat.com + - rita.z.zhang@gmail.com + - angoldst@redhat.com + - mok@vmware.com + - zielenski@google.com + - andrewsy@google.com + - apelisse@google.com + - bentheelder@google.com + - cicih@google.com + - davishaba@google.com + - soorena@google.com + - jhf@google.com + - jim@nirmata.com + - liggitt@google.com + - kermitalexandr@google.com + - leilajal@google.com + - smythe@google.com + - stevenlinde@google.com + - stclair@google.com -- email-id: k8s-infra-staging-kubebuilder@kubernetes.io - name: k8s-infra-staging-kubebuilder - description: |- - ACL for pushing kubebuilder artifacts - settings: - ReconcileMembers: "true" - members: - - camilamacedo86@gmail.com - - ricardo.katz@gmail.com - - varshaprasad96@gmail.com - - # - # k8s-infra gcs write access - # - # TODO: where is the bucket? is this prod or staging? - # - # Each group here governs access to one GCS bucket. Ideally this level of - # access is used solely for troubleshooting purposes. - # - # Membership should correspond roughly to subproject owners for the set of - # subproject artifacts being stored in the GCS bucket - # + # + # k8s-staging write access for SIG-owned subprojects + # + # Each group here represents privileged access to a staging project, + # allowing the members to directly write to GCS and GCR within the + # project, as well as trigger Cloud Build within the project. Ideally + # this level access is used solely for troubleshooting purposes. + # + # Membership should correspond roughly to subproject owners for the set of + # subproject artifacts being stored in a given staging project + # + - email-id: k8s-infra-staging-kubebuilder@kubernetes.io + name: k8s-infra-staging-kubebuilder + description: |- + ACL for pushing kubebuilder artifacts + settings: + ReconcileMembers: "true" + members: + - camilamacedo86@gmail.com + - ricardo.katz@gmail.com + - varshaprasad96@gmail.com - # k8s-infra owners for sig-owned subprojects - # - # Each group here represents highly privileged access to kubernetes project - # infrastructure owned or managed by this SIG. A high level of trust is - # required for membership in these groups. - # + # + # k8s-infra gcs write access + # + # TODO: where is the bucket? is this prod or staging? + # + # Each group here governs access to one GCS bucket. Ideally this level of + # access is used solely for troubleshooting purposes. + # + # Membership should correspond roughly to subproject owners for the set of + # subproject artifacts being stored in the GCS bucket + # + # k8s-infra owners for sig-owned subprojects + # + # Each group here represents highly privileged access to kubernetes project + # infrastructure owned or managed by this SIG. A high level of trust is + # required for membership in these groups. + # - # RBAC groups: - # - grant access to the `namespace-user` role for a single namespace on the `aaa` cluster - # - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW" - # - must be members of gke-security-groups@kubernetes.io + # RBAC groups: + # - grant access to the `namespace-user` role for a single namespace on the `aaa` cluster + # - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW" + # - must be members of gke-security-groups@kubernetes.io diff --git a/registry.k8s.io/images/k8s-staging-storage-migrator/OWNERS b/registry.k8s.io/images/k8s-staging-storage-migrator/OWNERS deleted file mode 100644 index 869b3da0dca..00000000000 --- a/registry.k8s.io/images/k8s-staging-storage-migrator/OWNERS +++ /dev/null @@ -1,5 +0,0 @@ -# See the OWNERS docs at https://go.k8s.io/owners - -approvers: - - caesarxuchao - - roycaihw diff --git a/registry.k8s.io/images/k8s-staging-storage-migrator/images.yaml b/registry.k8s.io/images/k8s-staging-storage-migrator/images.yaml deleted file mode 100644 index 08fbe5a3d2b..00000000000 --- a/registry.k8s.io/images/k8s-staging-storage-migrator/images.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- name: storage-version-migration-initializer - dmap: - "sha256:2231d173b68c377c60e44ea4cdf2c0993abbf8b9e830e22ac34912570ea21240": ["v0.0.5"] -- name: storage-version-migration-migrator - dmap: - "sha256:21f4600cea4f4019a7723bb67116fdb652a61a9d959a02be28b1bcb3f07b3ee7": ["v0.0.5"] -- name: storage-version-migration-trigger - dmap: - "sha256:a02fb9312857ddecd12bf53d171d5f208840b31f694d2f44fc9ec4d97dd85cb1": ["v0.0.5"] diff --git a/registry.k8s.io/manifests/k8s-staging-storage-migrator/promoter-manifest.yaml b/registry.k8s.io/manifests/k8s-staging-storage-migrator/promoter-manifest.yaml deleted file mode 100644 index 85649fdc4a3..00000000000 --- a/registry.k8s.io/manifests/k8s-staging-storage-migrator/promoter-manifest.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# google group for gcr.io/k8s-staging-storage-migrator is k8s-infra-staging-storage-migrator@kubernetes.io -registries: -- name: gcr.io/k8s-staging-storage-migrator - src: true -- name: asia-east1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: asia-south1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: asia-northeast1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: asia-northeast2-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: australia-southeast1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-north1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-southwest1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-west1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-west2-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-west3-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-west4-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-west8-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-west9-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: europe-west10-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: southamerica-west1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: us-central1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: us-east1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: us-east4-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: us-east5-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: us-south1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: us-west1-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com -- name: us-west2-docker.pkg.dev/k8s-artifacts-prod/images/storage-migrator - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com