Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prow control plane migration (k8s-prow > k8s-infra-prow) #33350

Open
40 of 44 tasks
michelle192837 opened this issue Aug 21, 2024 · 10 comments
Open
40 of 44 tasks

Prow control plane migration (k8s-prow > k8s-infra-prow) #33350

michelle192837 opened this issue Aug 21, 2024 · 10 comments
Assignees
Labels
kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.

Comments

@michelle192837
Copy link
Contributor

michelle192837 commented Aug 21, 2024

Using this to track what's done/to-do, and communicate higher-traffic updates.
Broader updates should go to https://groups.google.com/a/kubernetes.io/g/dev/c/qzNYpcN5la4.

Based on the proposal doc at https://docs.google.com/document/d/1erBhuCwY26d0UfPbzt8lEj6bYT2hOUKzc2j36YHVqfM.

Pre-migration:

  • List and drop prowjobs that will not be migrated (k/t-i#33272)
  • Add banner warning people about migration date (Wed, August 21) (Prow + TestGrid, done)
  • Add tracking issue, and communicate migration progress as it happens
  • Track down additional infra in SIG K8s Infra that may be using workload identity (I believe Ben did this during migration)
  • Spin down Boskos use (k/t-i#33129)
  • Ban use of default/unspecified cluster (k/t-i#33272)
  • Prepare a quick "scale all the old controllers to 0 and scale the new ones up" PR
    - PR should update the deployment replicas; run the make target to manually deploy
    - cd test-infra/config/prow
    - make deploy-prow?
    - (Rollback is just a revert to a previous Git commit + make target)
  • Test new Prow with fake configmap (e.g. has a single job w/ "hello world")
  • Ensure that some key people have access to both the Google and community projects
    • Ben, Cole, and Michelle should or already have access on both (k8s-prow and k8s-infra-prow)
  • Prepare for switching Deck over

Right before migration:

During migration:
Begins ~10:30am PT, Wednesday August 21

Post-migration:

Other resources may need to remain in the k8s-prow project (esp. images)

@michelle192837 michelle192837 added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Aug 21, 2024
@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Aug 21, 2024
@michelle192837
Copy link
Contributor Author

/sig testing
/sig k8s-infra

@k8s-ci-robot k8s-ci-robot added sig/testing Categorizes an issue or PR as relevant to SIG Testing. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Aug 21, 2024
@BenTheElder
Copy link
Member

Delete logs buckets

We should probably just drop write permissions and park the buckets, when we delete them the name can be re-created by someone else and for a bucket that we're still widely using as of this morning that's iffy.

@michelle192837
Copy link
Contributor Author

Keep forgetting about that point >< Updated!

@michelle192837
Copy link
Contributor Author

Scale down PR for k8s-prow at #33351 (comment)

And I believe the corresponding scale-up is kubernetes/k8s.io#7141

@BenTheElder
Copy link
Member

resolving issue with webhook delivery:
https://kubernetes.slack.com/archives/C01672LSZL0/p1724268478788619

@michelle192837
Copy link
Contributor Author

PR to switch DNS over: kubernetes/k8s.io#7206

@BenTheElder
Copy link
Member

  • Turn down old Deck and old CRs
  • Delete remaining jobs on old Prow

Let's do these now.

  • Ensure no repositories are registered with k8s-prow

Going to confirm, but I think we already fully transitioned the webhook config.

  • Delete Prow components in k8s-prow

No big harm leaving them scaled down but I think we're also ready for this.

  • Remove deprecated code/references (for handling k8s-prow control plane)

This is going to take a bit but we should start on that and point people to the k8s.io configs.
We could probably file a seperate issue to coordinate cleaning up references and shard out that work.

I think mainly we need to sort out rotating off of gs://kubernetes-jenkins still, and that probably deserves it's own migration tracking issue / plan (it won't be super complex, but it does have a few parts and some follow-up, and it's not strictly required for the control plane migration).

  • Add TTL and remove permissions for gs://kubernetes-jenkins

Already has a TTL, crossing off that part. Removing permissions will have to be after we rotate the buckets.

@BenTheElder
Copy link
Member

kubernetes/k8s.io#7205 also needs doing soon I think.

@BenTheElder BenTheElder added the lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. label Aug 28, 2024
@michelle192837
Copy link
Contributor Author

michelle192837 commented Aug 28, 2024

I can handle deletion/turndown for the old CRs and components as well. (And clean up the deployment config while I'm at it).

ETA: lol nevermind, Ben got there first XD

@michelle192837
Copy link
Contributor Author

Cleaned up some of the resources in k8s-prow (scaled-down deployments/components, the public IP addresses for the former deck deployment). We can likely clear objects from most buckets in k8s-prow as well (most haven't been modified in years), but it's not a high priority.

Last remaining big item is to clear up files/references in this repo, though at low priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing.
Projects
None yet
Development

No branches or pull requests

5 participants