Skip to content

Latest commit

 

History

History
112 lines (56 loc) · 11.3 KB

index.md

File metadata and controls

112 lines (56 loc) · 11.3 KB

Rotate Gardener Service Account Secrets Using Cloud Run - The Cloud Run application creates a new key for a GCP service account, updates the required secret data, and deletes old versions of a key. The function is triggered by a Pub/Sub message sent by a secret stored in Secret Manager.

Rotate Service Account Secrets - RotateServiceAccount creates a new key for a GCP service account and updates the required secret data. It's triggered by a Pub/Sub message sent by a secret stored in Secret Manager. It runs as a cloud run container.

Cleanup of Service Account Secrets - The Cloud Run service deletes old keys for a GCP service account and updates the required secret data for all service account secrets stored in the Secret Manager. The service is triggered by a Cloud Scheduler job.

Automated Approver - With the Automated Approver tool, you can automatically approve a pull request (PR) based on the rules you define. The tool enables automation of the approval process for PRs in repositories that need reviews before merge. The tool automates the PR review process without limiting user write permission on the repository. It can provide an automated review process for all PR authors.

gardener-rotate - The gardener-rotate tool allows you to generate a new access token for the Gardener service accounts and update kubeconfig stored in Secret Manager.

Image Builder - Image Builder is a tool for building OCI-compliant images.

Image Builder GitHub Workflow Integration - The Image Builder solution integrates with GitHub workflows and uses an Azure DevOps pipeline to run the process of building OCI

Image Detector - Image Detector is a tool for updating the security scanner config with the list of images in the Prow cluster. To achieve that, it receives paths to files used to deploy Prow or its components.

image-syncer - image-syncer is used to copy container images from one registry to another.

Image URL Helper - Image URL Helper is a tool that provides the following subcommands:

JobGuard - JobGuard is a simple tool that fetches all statuses for GitHub pull requests and waits for some of them to finish.

Clusters Garbage Collector - This command finds and removes orphaned clusters created by the kyma-gke-integration job in a Google Cloud Platform (GCP) project.

Disks Garbage Collector - This command finds and removes orphaned disks created by the kyma-gke-integration job in a Google Cloud Platform (GCP) project.

IP Address and DNS Record Garbage Collector - This command finds and removes orphaned IP Addresses and related DNS records created by GKE integration jobs in a Google Cloud Platform (GCP) project.

External Secrets Checker - This command checks external Secrets synchronization status, and if every Secret has a corresponding external Secret.

GCR cleaner - This command finds and removes old GCR images created by Jobs in the Google Cloud Platform (GCP) project.

GitHub release - This command creates GitHub releases.

IP cleaner - This command finds and removes orphaned IP addresses created by jobs in the Google Cloud Platform (GCP) project.

Job Guard - Job Guard was moved here.

Prow Job tester - Prow Job tester is a tool for testing changes to the Prow Jobs' definitions and code running in Prow Jobs. It uses the production Prow instance to run chosen Prow Jobs with changes from pull requests (PRs) without going through multiple cycles of new PRs, reviews, and merges. The whole development can be done within one cycle.

Render Templates - The Render Templates is a tool that reads the configuration from a config.yaml file and data files to generate output files, such as Prow component jobs. While the config.yaml file can hold configuration for an output file, you can place such data within the data files that hold configuration for related output files. Having separate files with grouped data is cleaner and easier to maintain than one huge config file.

Virtual Machines Garbage Collector - This command finds and removes orphaned virtual machines (VMs) created by Prow jobs in a Google Cloud Platform (GCP) project.

Artifact Registry creator tool (GCP, Terraform) - This is the GCP image registry creator tool. Use the registry to publish modules that should be accessible to internal SAP teams.

Documentation Guidelines - Follow the rules listed in this document to provide high-quality documentation.

Add custom secret to Prow - This tutorial shows how to add and use a custom secret in the Prow pipeline.

Standard Terraform configuration - This document describes the standard Terraform configuration that is used in test-infra repository.

How to name a secret - This tutorial describes how to name a secret in the Google Secret Manager.

Docs - The folder contains documents that provide an insight into Prow configuration, development, and testing.

Authorization - To deploy a Prow cluster, configure the following service accounts in the GCP project you own.

Crier - Crier reports the Prow Job status changes. For now, it is responsible for Slack notifications as Plank is still reporting the Prow Job statuses to GitHub.

Run K3d cluster inside ProwJobs - This document provides simple instructions, with examples, on how to prepare a ProwJob to use a K3d cluster and Docker.

Manage component jobs with templates - This document describes how to define, modify, and remove Prow jobs for Kyma components using predefined templates that create both presubmit and postsubmit jobs for your component. Also, this document gives you the steps required to prepare your component for the Prow CI pipeline.

Obligatory security measures - Read about the obligatory security measures to take on a regular basis and when a Kyma organization member leaves the project.

Run ProwJobs in KinD or k3d - This document provides brief instructions on how to run ProwJobs in local kind (Kubernetes-in-Docker) or k3d locally.

Presets - This document contains the list of all Presets available in the config.yaml file. Use them to define Prow Jobs for your components.

Prow Architecture - The document outlines Prow architecture and interconnections between different systems and components that are involved in it.

Prow cluster update - Updating a Prow cluster requires an improved Prow version. The Kubernetes Prow instance gets updated via a shell script. The shell script offers only a short list of the last pushed container tags and as a result, limits the versions to choose from. To cherry-pick updates, monitor Prow announcements to see when fixes or important changes are merged into the Kubernetes repository. This document describes how to update a Prow cluster using a cherry-picked Prow version.

HTML lens - Spyglass HTML lens allows to render HTML files in the job results.

Image autobump - This document provides an overview of autobump Prow Jobs.

Prow Jobs QuickStart - This document provides an overview of how to quickly start working with Prow jobs.

Prow Cluster Monitoring Setup - This document describes how to install and manage Prow cluster monitoring.

Security Leaks Scanner - Security Leaks Scanner is a tool that scans a repository for potential security leaks, thus providing protection against any potential security threats and vulnerabilities. It operates using Gitleaks, which ensures a thorough and efficient examination of your repository.

Prow Test Clusters - This document gathers information about test clusters that Prow jobs build. All test clusters are built in the sap-kyma-prow-workloads project.

Tide introduction - Along with the Prow upgrade, we want to introduce Tide for merging the PRs automatically.

Prow Workload Clusters - This document describes workload clusters on which Prow schedules Pods to execute the logic of a given Prow job. All workload clusters are aggregated under the kyma-prow GCP project. We use two workload clusters for trusted and untrusted Prow jobs.

Changelog Generator - This project is a Docker image that is used to generate a changelog in the kyma repository. It uses GitHub API to get pull requests with specified labels.

Prow runtime images - This directory contains images that can be used as runtime images for all ProwJobs in Kyma's Prow Instance.

E2E DinD K3d - This image contains common tools for all jobs/tasks that test Kyma modules in K3d.

PR Tag Builder - PR Tag Builder is a tool that finds a pull request number for a commit.

Cluster - This folder contains files related to the configuration of the Prow production cluster that are used during the cluster provisioning.

Resources - This directory contains Helm charts used by a Prow cluster.

External Secrets - Kubernetes Secrets are synchronized with GCP Secret Manager using External Secrets Operator.

Images - > DEPRECATED: Use the images directory instead.

Golangci-lint image - This folder contains the Golangci-lint image that is based on the upstream Golangci-lint image. Use it to lint Go source files.

Vulnerability Scanner - This folder contains the WhiteSource Unified Agent image that is based on the Java Buildpack image. Use it to perform WhiteSource vulnerability scans.

Templates - Jobs and Prow configuration are generated from templates by the Render Templates tool. Check