From 71c861950ebe36d9674f63af1427a3cefabd0c09 Mon Sep 17 00:00:00 2001 From: Arnaud Meukam Date: Mon, 12 Feb 2024 22:29:49 +0100 Subject: [PATCH 1/2] Use community-owned project for the release process The release process is currently done in a Google-owned GCP project. Switchin to a community-owned project for all the releases. Signed-off-by: Arnaud Meukam --- pkg/release/release.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/release/release.go b/pkg/release/release.go index 141634c89b9..54d48b262be 100644 --- a/pkg/release/release.go +++ b/pkg/release/release.go @@ -51,7 +51,7 @@ const ( DefaultK8sRef = git.DefaultRef // TODO(vdf): Need to reference K8s Infra project here - DefaultKubernetesStagingProject = "kubernetes-release-test" + DefaultKubernetesStagingProject = "k8s-release" DefaultRelengStagingTestProject = "k8s-staging-releng-test" DefaultRelengStagingProject = "k8s-staging-releng" DefaultDiskSize = "500" @@ -100,7 +100,7 @@ const ( CIBucketK8sInfra = "k8s-release-dev" // TestBucket is the default bucket for mocked Kubernetes releases - TestBucket = "kubernetes-release-gcb" + TestBucket = "k8s-release-gcb" // ProductionBucket is the default bucket for Kubernetes releases ProductionBucket = "kubernetes-release" From 65594404599b4308c1460a0c9e7d2807f89effda Mon Sep 17 00:00:00 2001 From: Arnaud Meukam Date: Tue, 27 Feb 2024 19:47:04 +0100 Subject: [PATCH 2/2] Define a user-created service account Instead of use the CloudBuild Service Agent, we use a dedicated service account for the release process Signed-off-by: Arnaud Meukam --- gcb/stage/cloudbuild.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/gcb/stage/cloudbuild.yaml b/gcb/stage/cloudbuild.yaml index 90127a06db7..14997d92696 100644 --- a/gcb/stage/cloudbuild.yaml +++ b/gcb/stage/cloudbuild.yaml @@ -77,6 +77,7 @@ steps: secretEnv: - GITHUB_TOKEN - DOCKERHUB_TOKEN + serviceAccount: 'projects/k8s-release/serviceAccounts/k8s-relase-sa@k8s-release.iam.gserviceaccount.com' args: - "bin/krel" - "stage"