From d617aa89e6a6d8714841a71323e953a4032177cc Mon Sep 17 00:00:00 2001 From: upodroid Date: Sat, 18 Oct 2025 12:57:29 +0300 Subject: [PATCH] drop kubebuilder image registry --- groups/restrictions.yaml | 1 - groups/sig-api-machinery/groups.yaml | 228 ++++++++---------- .../images/k8s-staging-kubebuilder/OWNERS | 10 - .../k8s-staging-kubebuilder/images.yaml | 20 -- .../promoter-manifest.yaml | 48 ---- 5 files changed, 107 insertions(+), 200 deletions(-) delete mode 100644 registry.k8s.io/images/k8s-staging-kubebuilder/OWNERS delete mode 100644 registry.k8s.io/images/k8s-staging-kubebuilder/images.yaml delete mode 100644 registry.k8s.io/manifests/k8s-staging-kubebuilder/promoter-manifest.yaml diff --git a/groups/restrictions.yaml b/groups/restrictions.yaml index bf35fd31187..01225a550c5 100644 --- a/groups/restrictions.yaml +++ b/groups/restrictions.yaml @@ -22,7 +22,6 @@ restrictions: allowedGroups: - "^k8s-infra-staging-storage-migrator@kubernetes.io$" - "^sig-api-machinery-cel-dev@kubernetes.io$" - - "^k8s-infra-staging-kubebuilder@kubernetes.io$" - "^sig-api-machinery-leads@kubernetes.io$" - "^sig-api-machinery@kubernetes.io$" - path: "sig-apps/groups.yaml" diff --git a/groups/sig-api-machinery/groups.yaml b/groups/sig-api-machinery/groups.yaml index 6d02742f5c8..d7d1e4891fb 100644 --- a/groups/sig-api-machinery/groups.yaml +++ b/groups/sig-api-machinery/groups.yaml @@ -1,5 +1,4 @@ groups: - # # Mailing lists # @@ -7,132 +6,119 @@ groups: # and is not intended to govern access to infrastructure # -- email-id: sig-api-machinery-leads@kubernetes.io - name: sig-api-machinery-leads - description: |- - SIG api-machinery leads - owners: - - jpbetz@google.com - - deads@redhat.com - - fbongiovanni@google.com - - stefan.schimanski@gmail.com - settings: - AllowWebPosting: "true" - ReconcileMembers: "true" - WhoCanPostMessage: "ANYONE_CAN_POST" - WhoCanViewGroup: "ALL_MEMBERS_CAN_VIEW" + - email-id: sig-api-machinery-leads@kubernetes.io + name: sig-api-machinery-leads + description: |- + SIG api-machinery leads + owners: + - jpbetz@google.com + - deads@redhat.com + - fbongiovanni@google.com + - stefan.schimanski@gmail.com + settings: + AllowWebPosting: "true" + ReconcileMembers: "true" + WhoCanPostMessage: "ANYONE_CAN_POST" + WhoCanViewGroup: "ALL_MEMBERS_CAN_VIEW" -- email-id: sig-api-machinery@kubernetes.io - name: sig-api-machinery - description: |- - SIG api-machinery general discussion group, for future migration from old googlegroups - owners: - - jpbetz@google.com - - deads@redhat.com - - fbongiovanni@google.com - - stefan.schimanski@gmail.com - settings: - WhoCanJoin: "ANYONE_CAN_JOIN" - WhoCanViewGroup: "ANYONE_CAN_VIEW" - WhoCanDiscoverGroup: "ANYONE_CAN_DISCOVER" - WhoCanPostMessage: "ANYONE_CAN_POST" - MessageModerationLevel: "MODERATE_NON_MEMBERS" - WhoCanViewMembership: "ALL_MANAGERS_CAN_VIEW" - WhoCanModerateMembers: "OWNERS_AND_MANAGERS" - WhoCanModerateContent: "OWNERS_AND_MANAGERS" - MembersCanPostAsTheGroup: "false" - ReconcileMembers: "false" + - email-id: sig-api-machinery@kubernetes.io + name: sig-api-machinery + description: |- + SIG api-machinery general discussion group, for future migration from old googlegroups + owners: + - jpbetz@google.com + - deads@redhat.com + - fbongiovanni@google.com + - stefan.schimanski@gmail.com + settings: + WhoCanJoin: "ANYONE_CAN_JOIN" + WhoCanViewGroup: "ANYONE_CAN_VIEW" + WhoCanDiscoverGroup: "ANYONE_CAN_DISCOVER" + WhoCanPostMessage: "ANYONE_CAN_POST" + MessageModerationLevel: "MODERATE_NON_MEMBERS" + WhoCanViewMembership: "ALL_MANAGERS_CAN_VIEW" + WhoCanModerateMembers: "OWNERS_AND_MANAGERS" + WhoCanModerateContent: "OWNERS_AND_MANAGERS" + MembersCanPostAsTheGroup: "false" + ReconcileMembers: "false" -- email-id: sig-api-machinery-cel-dev@kubernetes.io - name: sig-api-machinery-cel-dev - description: |- - Discussion of SIG api-machinery CEL based features - settings: + - email-id: sig-api-machinery-cel-dev@kubernetes.io + name: sig-api-machinery-cel-dev + description: |- + Discussion of SIG api-machinery CEL based features + settings: WhoCanPostMessage: "ANYONE_CAN_POST" ReconcileMembers: "true" - owners: - - jpbetz@google.com - - cic37@google.com - - deads@redhat.com - - hankang@google.com - members: - - cquirogapichincha@gmail.com - - sttts@redhat.com - - bluddy@redhat.com - - rita.z.zhang@gmail.com - - angoldst@redhat.com - - mok@vmware.com - - zielenski@google.com - - andrewsy@google.com - - apelisse@google.com - - bentheelder@google.com - - cicih@google.com - - davishaba@google.com - - soorena@google.com - - jhf@google.com - - jim@nirmata.com - - liggitt@google.com - - kermitalexandr@google.com - - leilajal@google.com - - smythe@google.com - - stevenlinde@google.com - - stclair@google.com - - # - # k8s-staging write access for SIG-owned subprojects - # - # Each group here represents privileged access to a staging project, - # allowing the members to directly write to GCS and GCR within the - # project, as well as trigger Cloud Build within the project. Ideally - # this level access is used solely for troubleshooting purposes. - # - # Membership should correspond roughly to subproject owners for the set of - # subproject artifacts being stored in a given staging project - # - -- email-id: k8s-infra-staging-storage-migrator@kubernetes.io - name: k8s-infra-staging-storage-migrator - description: |- - ACL for kube-storage-version-migrator - settings: - ReconcileMembers: "true" - members: - - xuchao@google.com - - haoweic@google.com + owners: + - jpbetz@google.com + - cic37@google.com + - deads@redhat.com + - hankang@google.com + members: + - cquirogapichincha@gmail.com + - sttts@redhat.com + - bluddy@redhat.com + - rita.z.zhang@gmail.com + - angoldst@redhat.com + - mok@vmware.com + - zielenski@google.com + - andrewsy@google.com + - apelisse@google.com + - bentheelder@google.com + - cicih@google.com + - davishaba@google.com + - soorena@google.com + - jhf@google.com + - jim@nirmata.com + - liggitt@google.com + - kermitalexandr@google.com + - leilajal@google.com + - smythe@google.com + - stevenlinde@google.com + - stclair@google.com -- email-id: k8s-infra-staging-kubebuilder@kubernetes.io - name: k8s-infra-staging-kubebuilder - description: |- - ACL for pushing kubebuilder artifacts - settings: - ReconcileMembers: "true" - members: - - camilamacedo86@gmail.com - - ricardo.katz@gmail.com - - varshaprasad96@gmail.com - - # - # k8s-infra gcs write access - # - # TODO: where is the bucket? is this prod or staging? - # - # Each group here governs access to one GCS bucket. Ideally this level of - # access is used solely for troubleshooting purposes. - # - # Membership should correspond roughly to subproject owners for the set of - # subproject artifacts being stored in the GCS bucket - # + # + # k8s-staging write access for SIG-owned subprojects + # + # Each group here represents privileged access to a staging project, + # allowing the members to directly write to GCS and GCR within the + # project, as well as trigger Cloud Build within the project. Ideally + # this level access is used solely for troubleshooting purposes. + # + # Membership should correspond roughly to subproject owners for the set of + # subproject artifacts being stored in a given staging project + # + - email-id: k8s-infra-staging-storage-migrator@kubernetes.io + name: k8s-infra-staging-storage-migrator + description: |- + ACL for kube-storage-version-migrator + settings: + ReconcileMembers: "true" + members: + - xuchao@google.com + - haoweic@google.com - # k8s-infra owners for sig-owned subprojects - # - # Each group here represents highly privileged access to kubernetes project - # infrastructure owned or managed by this SIG. A high level of trust is - # required for membership in these groups. - # + # + # k8s-infra gcs write access + # + # TODO: where is the bucket? is this prod or staging? + # + # Each group here governs access to one GCS bucket. Ideally this level of + # access is used solely for troubleshooting purposes. + # + # Membership should correspond roughly to subproject owners for the set of + # subproject artifacts being stored in the GCS bucket + # + # k8s-infra owners for sig-owned subprojects + # + # Each group here represents highly privileged access to kubernetes project + # infrastructure owned or managed by this SIG. A high level of trust is + # required for membership in these groups. + # - # RBAC groups: - # - grant access to the `namespace-user` role for a single namespace on the `aaa` cluster - # - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW" - # - must be members of gke-security-groups@kubernetes.io + # RBAC groups: + # - grant access to the `namespace-user` role for a single namespace on the `aaa` cluster + # - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW" + # - must be members of gke-security-groups@kubernetes.io diff --git a/registry.k8s.io/images/k8s-staging-kubebuilder/OWNERS b/registry.k8s.io/images/k8s-staging-kubebuilder/OWNERS deleted file mode 100644 index be9de6a833d..00000000000 --- a/registry.k8s.io/images/k8s-staging-kubebuilder/OWNERS +++ /dev/null @@ -1,10 +0,0 @@ -# See the OWNERS file documentation: -# https://github.com/kubernetes/community/blob/master/contributors/devel/owners.md - -approvers: -- pwittrock -- camilamacedo86 -- varshaprasad96 - -labels: -- sig/api-machinery diff --git a/registry.k8s.io/images/k8s-staging-kubebuilder/images.yaml b/registry.k8s.io/images/k8s-staging-kubebuilder/images.yaml deleted file mode 100644 index 56cd93a99d1..00000000000 --- a/registry.k8s.io/images/k8s-staging-kubebuilder/images.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# kube-rbac-proxy images -# https://github.com/kubernetes-sigs/kubebuilder/tree/kube-rbac-proxy-releases/build -- name: kube-rbac-proxy - dmap: - "sha256:771a9a173e033a3ad8b46f5c00a7036eaa88c8d8d1fbd89217325168998113ea": ["v0.16.0"] - "sha256:d8cc6ffb98190e8dd403bfe67ddcb454e6127d32b87acc237b3e5240f70a20fb": ["v0.15.0"] - "sha256:fcca9269424da38cfd216f4731de9fe5dea9f98e32c00da767b8e6e1ce9613cb": ["v0.14.4"] - "sha256:928e64203edad8f1bba23593c7be04f0f8410c6e4feb98d9e9c2d00a8ff59048": ["v0.14.1"] - "sha256:e2670fb55b3211fb101f17afa3d81ba816d7c0b76ed31bd3d93fa2affb491595": ["v0.14.0"] - "sha256:d4883d7c622683b3319b5e6b3a7edfbf2594c18060131a8bf64504805f875522": ["v0.13.1"] - "sha256:d99a8d144816b951a67648c12c0b988936ccd25cf3754f3cd85ab8c01592248f": ["v0.13.0"] - "sha256:5542d9a8d8472772733ad4ad1cdd6634e3e4f0e9d7542b1a2d3e6f4947ddca95": ["v0.12.0"] - "sha256:0df4ae70e3bd0feffcec8f5cdb428f4abe666b667af991269ec5cb0bbda65869": ["v0.11.0"] - "sha256:1c62bc13a710f2306d47fa922c146a97e230c77470f8a8635a8cc82537dc91a3": ["v0.10.0"] - "sha256:12178caa19e0500f3ed5c1da72f8ec1758291b38cbcd9fd1d6ed4ad0978b5cb4": ["v0.9.0"] - "sha256:db06cc4c084dd0253134f156dddaaf53ef1c3fb3cc809e5d81711baa4029ea4c": ["v0.8.0"] - # images older than 0.8 are not multiarch images - "sha256:e10d1d982dd653db74ca87a1d1ad017bc5ef1aeb651bdea089debf16485b080b": ["v0.5.0"] - "sha256:6c915d948d4781d366300d6e75d67a7830a941f078319f0fecc21c7744053eff": ["v0.4.1"] - "sha256:297896d96b827bbcb1abd696da1b2d81cab88359ac34cce0e8281f266b4e08de": ["v0.4.0"] diff --git a/registry.k8s.io/manifests/k8s-staging-kubebuilder/promoter-manifest.yaml b/registry.k8s.io/manifests/k8s-staging-kubebuilder/promoter-manifest.yaml deleted file mode 100644 index 0ff487a7c1c..00000000000 --- a/registry.k8s.io/manifests/k8s-staging-kubebuilder/promoter-manifest.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# google group for gcr.io/k8s-staging-kubebuilder is k8s-infra-staging-kubebuilder@kubernetes.io -registries: - - name: gcr.io/k8s-staging-kubebuilder - src: true - - name: asia-east1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: asia-south1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: asia-northeast1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: asia-northeast2-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: australia-southeast1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-north1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-southwest1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-west1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-west2-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-west3-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-west4-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-west8-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-west9-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: europe-west10-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: southamerica-west1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: us-central1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: us-east1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: us-east4-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: us-east5-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: us-south1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: us-west1-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com - - name: us-west2-docker.pkg.dev/k8s-artifacts-prod/images/kubebuilder - service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com