From c63b2a482a901912785dd7d53231a639c065cea8 Mon Sep 17 00:00:00 2001 From: Claudiu Belu Date: Wed, 7 Apr 2021 15:05:13 -0700 Subject: [PATCH] tests: Adds e2e-test-auth-images project The gcr.io/k8s-staging-e2e-test-auth-images and gcr.io/kubernetes-e2e-test-auth-images registries are meant to be private, to be used in a few E2E test scenarios, and it is meant to replace the gcr.io/authenticated-image-pulling. An auth token with read-only access will have to be generated afterwards, and then baked into the E2E tests. --- groups/groups.yaml | 14 ++++++++++++++ infra/gcp/ensure-staging-storage.sh | 15 +++++++++++++++ .../k8s-staging-e2e-test-auth-images/OWNERS | 16 ++++++++++++++++ .../promoter-manifest.yaml | 10 ++++++++++ 4 files changed, 55 insertions(+) create mode 100644 k8s.gcr.io/images/k8s-staging-e2e-test-auth-images/OWNERS create mode 100644 k8s.gcr.io/manifests/k8s-staging-test-auth-images/promoter-manifest.yaml diff --git a/groups/groups.yaml b/groups/groups.yaml index 66f993330991..802b642b5ec6 100644 --- a/groups/groups.yaml +++ b/groups/groups.yaml @@ -963,6 +963,20 @@ groups: - bowei@google.com - pavithrar@google.com + - email-id: k8s-infra-staging-e2e-test-auth-images@kubernetes.io + name: k8s-infra-staging-e2e-test-auth-images + description: |- + Group that owns pushing rights to the gcr.io/k8s-staging-e2e-test-auth-images staging registry + settings: + ReconcileMembers: "true" + members: + - cblecker@gmail.com + - davanum@gmail.com + - justinsb@google.com + - thockin@google.com + - spiffxp@google.com + - spiffxp@gmail.com + - email-id: k8s-infra-staging-e2e-test-images@kubernetes.io name: k8s-infra-staging-e2e-test-images description: |- diff --git a/infra/gcp/ensure-staging-storage.sh b/infra/gcp/ensure-staging-storage.sh index 10861f31af5a..6067df097cf6 100755 --- a/infra/gcp/ensure-staging-storage.sh +++ b/infra/gcp/ensure-staging-storage.sh @@ -68,6 +68,7 @@ readonly STAGING_PROJECTS=( csi-secrets-store descheduler dns + e2e-test-auth-images e2e-test-images etcd etcdadm @@ -126,6 +127,10 @@ readonly STAGING_PROJECT_SERVICES=( storage-component.googleapis.com ) +PRIVATE_PROJECTS=( + e2e-test-auth-images +) + if [ $# = 0 ]; then # default to all staging projects set -- "${STAGING_PROJECTS[@]}" @@ -310,3 +315,13 @@ color 6 "Configuring special case for k8s-staging-releng-test" ( ensure_staging_gcb_builder_service_account "releng-test" "k8s-infra-prow-build" ) + +# Special case: Create private registries thar require authentication +color 6 "Configuring special cases for authenticated access to private registries" +for repo in "${PRIVATE_PROJECTS[@]}"; do + ( + PROJECT="k8s-staging-${repo}" + local bucket=$(gcs_bucket_for_gcr "${PROJECT}") + ensure_private_gcs_bucket "${PROJECT}" "${bucket}" + ) 2>&1 | indent +done diff --git a/k8s.gcr.io/images/k8s-staging-e2e-test-auth-images/OWNERS b/k8s.gcr.io/images/k8s-staging-e2e-test-auth-images/OWNERS new file mode 100644 index 000000000000..13df266b6579 --- /dev/null +++ b/k8s.gcr.io/images/k8s-staging-e2e-test-auth-images/OWNERS @@ -0,0 +1,16 @@ +# See the OWNERS docs at https://go.k8s.io/owners + +approvers: +- BenTheElder +- dims +- listx +- mkumatag +- spiffxp +reviewers: +- BenTheElder +- dims +- listx +- mkumatag +- spiffxp +labels: +- sig/testing diff --git a/k8s.gcr.io/manifests/k8s-staging-test-auth-images/promoter-manifest.yaml b/k8s.gcr.io/manifests/k8s-staging-test-auth-images/promoter-manifest.yaml new file mode 100644 index 000000000000..d3c1c82c465c --- /dev/null +++ b/k8s.gcr.io/manifests/k8s-staging-test-auth-images/promoter-manifest.yaml @@ -0,0 +1,10 @@ +# google group for gcr.io/k8s-staging-e2e-test-auth-images is k8s-infra-staging-e2e-test-auth-images@kubernetes.io +registries: +- name: gcr.io/k8s-staging-e2e-test-auth-images + src: true +- name: us.gcr.io/k8s-artifacts-prod/e2e-test-auth-images + service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com +- name: eu.gcr.io/k8s-artifacts-prod/e2e-test-auth-images + service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com +- name: asia.gcr.io/k8s-artifacts-prod/e2e-test-auth-images + service-account: k8s-infra-gcr-promoter@k8s-artifacts-prod.iam.gserviceaccount.com