-
Notifications
You must be signed in to change notification settings - Fork 834
/
Copy pathgroups.yaml
147 lines (134 loc) · 4.71 KB
/
groups.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
groups:
#
# Mailing lists
#
# Each group here represents a mailing list for the SIG or its subprojects,
# and is not intended to govern access to infrastructure
#
#
# k8s-staging write access for SIG-owned subprojects
#
# Each group here represents privileged access to a staging project,
# allowing the members to directly write to GCS and GCR within the
# project, as well as trigger Cloud Build within the project. Ideally
# this level access is used solely for troubleshooting purposes.
#
# Membership should correspond roughly to subproject owners for the set of
# subproject artifacts being stored in a given staging project
#
- email-id: k8s-infra-staging-perf-tests@kubernetes.io
name: k8s-infra-staging-perf-tests
description: |-
ACL for staging perf-tests artifacts
settings:
ReconcileMembers: "true"
members:
- k8s-infra-sig-scalability-oncall@kubernetes.io
#
# k8s-infra gcs write access
#
# TODO: where is the bucket? is this prod or staging?
#
# Each group here governs access to one GCS bucket. Ideally this level of
# access is used solely for troubleshooting purposes.
#
# Membership should correspond roughly to subproject owners for the set of
# subproject artifacts being stored in the GCS bucket
#
- email-id: sig-scalability-leads@kubernetes.io
name: sig-scalability-leads
description: |-
sig-scalability leads
owners:
- marcel.zieba@isovalent.com
- shyam123.jvs95@gmail.com
- wojtekt@google.com
settings:
AllowWebPosting: "true"
ReconcileMembers: "true"
WhoCanPostMessage: "ANYONE_CAN_POST"
WhoCanViewGroup: "ALL_MEMBERS_CAN_VIEW"
WhoCanModerateContent: "OWNERS_AND_MANAGERS"
MessageModerationLevel: "MODERATE_NONE"
- email-id: sig-scalability@kubernetes.io
name: sig-scalability
description: |-
SIG scalability general discussion group
owners:
- marcel.zieba@isovalent.com
- shyam123.jvs95@gmail.com
- wojtekt@google.com
settings:
WhoCanJoin: "ANYONE_CAN_JOIN"
WhoCanViewGroup: "ANYONE_CAN_VIEW"
WhoCanDiscoverGroup: "ANYONE_CAN_DISCOVER"
WhoCanPostMessage: "ANYONE_CAN_POST"
MessageModerationLevel: "MODERATE_NON_MEMBERS"
WhoCanViewMembership: "ALL_MANAGERS_CAN_VIEW"
WhoCanModerateMembers: "OWNERS_AND_MANAGERS"
WhoCanModerateContent: "OWNERS_AND_MANAGERS"
MembersCanPostAsTheGroup: "false"
ReconcileMembers: "false"
#
# k8s-infra owners for sig-owned subprojects
#
# Each group here represents highly privileged access to kubernetes project
# infrastructure owned or managed by this SIG. A high level of trust is
# required for membership in these groups.
#
- email-id: k8s-infra-sig-scalability-oncall@kubernetes.io
name: k8s-infra-sig-scalability-oncall
description: |-
ACL for oncall/break-glass access to projects used by sig-scalability tests (k8s-infra-e2e-boskos-scale-*)
settings:
ReconcileMembers: "true"
members:
# scalability-oncall
- aleksandram@google.com
- azimjon@google.com
- azylinski@google.com
- jdzikowski@google.com
- jkaniuk@google.com
- jprzychodzen@google.com
- jupblb@google.com
- konryd@google.com
- maciejborsz@google.com
- magdaz@google.com
- michalwozniak@google.com
- mrajch@google.com
- pbanaszewski@google.com
- rfranken@google.com
- rsvarinskis@google.com
- xkm@google.com
- zawodny@google.com
- maciejwyrzuc@google.com
- siarkowicz@google.com
- polynomial@redhat.com
# sig-scalability leads
- jeedigv@amazon.com
- mmatejczyk@google.com
- wojtekt@google.com
- dordel@google.com
- marcel.zieba@isovalent.com
# RBAC groups:
# - grant access to the `namespace-user` role for a single namespace on the `aaa` cluster
# - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW"
# - must be members of gke-security-groups@kubernetes.io
- email-id: k8s-infra-rbac-perfdash@kubernetes.io
name: k8s-infra-rbac-perfdash
description: |-
Grants access to the `namespace-user` role in the `perfdash` namespace on the `aaa` cluster
settings:
ReconcileMembers: "true"
WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
members:
- k8s-infra-sig-scalability-oncall@kubernetes.io
- email-id: k8s-infra-rbac-triageparty-scalability@kubernetes.io
name: k8s-infra-rbac-triageparty-scalability
description: |-
ACL for Bug Triage Scalability Team
settings:
ReconcileMembers: "true"
WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
members:
- k8s-infra-sig-scalability-oncall@kubernetes.io