Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move Publishing bot from development2 to aaa #503

Closed
thockin opened this issue Dec 11, 2019 · 20 comments
Closed

Move Publishing bot from development2 to aaa #503

thockin opened this issue Dec 11, 2019 · 20 comments
Assignees
@bartsmykla @nikhita
Labels
area/apps/publishing-bot publishing-bot, code in apps/publishing-bot/

Comments

@thockin
Copy link
Member

thockin commented Dec 11, 2019

figure out the correct config and yaml

document it and check it in to k8s.io

send a PR to make a group and namespace

deploy yaml to aaa

turn down dev2 cluster
@thockin thockin added help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. wg/k8s-infra labels Dec 11, 2019
@nikhita
Copy link
Member

nikhita commented Dec 12, 2019
edited
Loading

👋 I can help with this! :)

Assigning to me since moving the configs would also involve moving the token, and only a few folks have access to it (will work with @dims for this)
/assign

@nikhita
Copy link
Member

nikhita commented Dec 12, 2019

/cc @dims @sttts

@ameukam
Copy link
Member

ameukam commented Dec 12, 2019

Happy to help with this as well. :-)
From my understanding is about migrate those manifests in this repo ?

@nikhita
Copy link
Member

nikhita commented Dec 12, 2019
edited
Loading

From my understanding is about migrate those manifests in this repo ?

Also configs: https://github.com/kubernetes/publishing-bot/tree/master/configs and adding a makefile to help automatically deploy it

@nikhita
Copy link
Member

nikhita commented Dec 12, 2019

xref #395

This was referenced Dec 16, 2019
Merged
Closed
@ameukam
Copy link
Member

ameukam commented Feb 4, 2020

/area infra/publishing-bot

@k8s-ci-robot k8s-ci-robot added the area/apps/publishing-bot publishing-bot, code in apps/publishing-bot/ label Feb 4, 2020
@spiffxp
Copy link
Member

spiffxp commented Apr 15, 2020

/assign @bartsmykla
Was looking to get consensus on best approach to manage StorageClass. Consensus was we're fine restricting to running inside Cloud Shell, and can use terraform to manage this for now since it straddles the line between infra and cluster resources. Bart to create a pull request which he'll update

@spiffxp
Copy link
Member

spiffxp commented Apr 15, 2020

/remove-help
since this is actively being worked

@k8s-ci-robot k8s-ci-robot removed the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Apr 15, 2020
@nikhita
Copy link
Member

nikhita commented Apr 21, 2020
edited
Loading

Had a quick chat with @bartsmykla about this. The current plan is to:

  • Keep the publishing-bot configs and manifests in the publishing-bot repo
  • Turn down the old bot instance in the development2 cluster
  • I will then create the secret (containing the GitHub token for the bot) in the aaa cluster
    • The token exists in the publishing-bot repo and is encrypted via git-crypt. @sttts @dims and I have access to it.
    • Once the secret has been created, it would be accessible to only:

      k8s.io/groups/groups.yaml

      Lines 405 to 418 in 7e72aa7

      - email-id: k8s-infra-rbac-publishing-bot@kubernetes.io
      name: k8s-infra-rbac-publishing-bot
      description: |-
      ACL for Publishing Bot
      settings:
      ReconcileMembers: "true"
      WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
      members:
      - bartek@smykla.com
      - cblecker@gmail.com
      - davanum@gmail.com
      - nikitaraghunath@gmail.com
      - stefan.schimanski@gmail.com
      - thockin@google.com
  • I'll deploy the bot on a call with @ameukam
  • @ameukam / @bartsmykla will then help document steps (in the k8s.io repo) required to deploy the bot

The 1.19.0-alpha.2 tag is scheduled for today, so I can go ahead with switching off the old bot after that's published. I can wind down the old bot and deploy the new one tomorrow, there shouldn't be much downtime.

I'd like ack from the following folks before going ahead with this.

/cc @justaugustus
from a sig-release perspective

/cc @sttts @dims
from the publishing-bot perspective

@justaugustus
Copy link
Member

SGTM!

@sttts
Copy link
Contributor

sttts commented Apr 21, 2020

sgtm

@dims
Copy link
Member

dims commented Apr 21, 2020

Sounds like a good plan @nikhita !

This was referenced Apr 22, 2020
Closed
Closed
@nikhita nikhita mentioned this issue Apr 23, 2020
Merged
@nikhita
Copy link
Member

nikhita commented Apr 23, 2020
edited
Loading

Bot has been migrated to the aaa cluster 🎉

There weren't too many documentation updates, but I've created kubernetes/publishing-bot#223 and #792 to reflect the migration.

/close

@k8s-ci-robot
Copy link
Contributor

@nikhita: Closing this issue.

In response to this:

Bot has been migrated to the aaa cluster 🎉

There weren't too many documentation updates, but I've created kubernetes/publishing-bot#223 to reflect the migration.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@nikhita nikhita mentioned this issue Apr 23, 2020
Merged
@thockin
Copy link
Member Author

thockin commented Apr 23, 2020 via email

@nikhita