Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

infra/gcp: manage more secrets via bash #2078

Merged
merged 7 commits into from
May 24, 2021
Merged

infra/gcp: manage more secrets via bash #2078

merged 7 commits into from
May 24, 2021

Conversation

spiffxp
Copy link
Member

@spiffxp spiffxp commented May 21, 2021
edited
Loading

This addresses a lot of #1731

And is motivated by kubernetes/test-infra#22293 and kubernetes/test-infra#22298. I'd like to get kubernetes-external-secrets up and running on k8s-infra-prow-build trusted, we're behind the way things are now done for prow.k8s.io

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label May 21, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: spiffxp

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added sig/testing Categorizes an issue or PR as relevant to SIG Testing. wg/k8s-infra approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels May 21, 2021
@navidshaikh navidshaikh mentioned this pull request May 24, 2021
Closed
@spiffxp
Copy link
Member Author

spiffxp commented May 24, 2021

/hold
For rebase once #2076 merges

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 24, 2021
@spiffxp
Copy link
Member Author

spiffxp commented May 24, 2021

/hold cancel
Updated to use new group introduced in #2085 for the snyk secret

Changes in here have already been applied, the only thing that doesn't show up in the latest audit PR is the new group since that was too recent.

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 24, 2021
@spiffxp spiffxp mentioned this pull request May 24, 2021
Merged
@spiffxp
Copy link
Member Author

spiffxp commented May 24, 2021

/cc @ameukam @dims

@k8s-ci-robot k8s-ci-robot requested review from ameukam and dims May 24, 2021 20:04
@ameukam
Copy link
Member

ameukam commented May 24, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 24, 2021
ameukam
ameukam reviewed May 24, 2021
View reviewed changes
infra/gcp/ensure-main-project.sh
Comment on lines +316 to +319
# Eventually we would like to use kubernetes-external-secrets to manage
# all secrets in aaa; not sure how far we are on that. So for now, at least
# ensure that the existing kubernetes-public secrets created for humans
# to manually sync into the aaa cluster are managed by this script.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@spiffxp kubernetes-external-secrets is up and running. Before we switch to ExternalSecret, for each secret created in kubernetes-public we need to add a new version containing only the value of the data field instead of the whole Kubernetes Secret.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I opened #2091, I couldn't find an umbrella issue for this at a glance but may have missed it

@k8s-ci-robot k8s-ci-robot merged commit 0848af8 into kubernetes:main May 24, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone May 24, 2021
@spiffxp spiffxp mentioned this pull request May 24, 2021
Closed
4 tasks
@spiffxp spiffxp deleted the manage-secrets-via-bash branch May 24, 2021 20:27
@ameukam
Copy link
Member

ameukam commented Jun 4, 2021

Related to : #516

@spiffxp spiffxp mentioned this pull request Jun 7, 2021
Merged
@spiffxp spiffxp mentioned this pull request Jul 8, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ameukam ameukam ameukam left review comments

@chaodaiG chaodaiG Awaiting requested review from chaodaiG

@cpanato cpanato Awaiting requested review from cpanato

@dims dims Awaiting requested review from dims

Assignees

@ameukam ameukam

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.
3 participants
@spiffxp @k8s-ci-robot @ameukam