Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use workload identity to push prow and boskos #16261

Merged
merged 1 commit into from
Feb 13, 2020
Merged

Use workload identity to push prow and boskos #16261

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 3 additions & 19 deletions config/jobs/kubernetes/test-infra/test-infra-trusted.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,22 +131,14 @@ postsubmits:
run_if_changed: '^(prow|ghproxy|label_sync|robots/commenter|robots/pr-creator|robots/issue-creator|testgrid/cmd/transfigure)/'
decorate: true
spec:
serviceAccountName: pusher
containers:
- image: gcr.io/k8s-testimages/bazelbuild:v20200212-b304d89-2.0.0 # whatever image you use here must have bash 4.4+
command:
- prow/push.sh
env:
- name: USE_BAZEL_VERSION
value: real # Ignore .bazelversion
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /creds/service-account.json
volumeMounts:
- name: creds
mountPath: /creds
volumes:
- name: creds
secret:
secretName: pusher-service-account
annotations:
testgrid-dashboards: sig-testing-prow
testgrid-tab-name: push-prow
Expand Down Expand Up @@ -200,22 +192,14 @@ postsubmits:
branches:
- master
spec:
serviceAccountName: pusher
containers:
- image: gcr.io/k8s-testimages/bazelbuild:v20200212-b304d89-2.0.0 # whatever image you use here must have bash 4.4+
command:
- boskos/push.sh
env:
- name: USE_BAZEL_VERSION
value: real # Ignore .bazelversion
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /creds/service-account.json
volumeMounts:
- name: creds
mountPath: /creds
volumes:
- name: creds
secret:
secretName: pusher-service-account
- name: post-test-infra-push-kettle
cluster: test-infra-trusted
annotations:
Expand Down Expand Up @@ -849,7 +833,7 @@ postsubmits:
volumes:
- name: service-account
secret:
secretName: pusher-service-account
secretName: pusher-service-account # TODO(fejta): use pusher serviceAccountName
annotations:
testgrid-dashboards: sig-testing-prow
testgrid-tab-name: cip-prow
Expand Down