Skip to content

Commit 6ad4027

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #9299 from xmudrii/k8s-sec-bucket
Add a new kubernetes-security-ci-logs bucket
2 parents 2596d14 + d73a4af commit 6ad4027

File tree

1 file changed

+31
-4
lines changed

1 file changed

+31
-4
lines changed

infra/gcp/terraform/k8s-infra-prow/buckets.tf

Lines changed: 31 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ limitations under the License.
1616

1717
module "gcb_bucket" {
1818
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
19-
version = "~> 11.0"
19+
version = "~> 11.1"
2020

2121
name = "k8s-infra-prow-gcb"
2222
project_id = module.project.project_id
@@ -86,7 +86,7 @@ module "testgrid_config_bucket" {
8686
// See: https://github.com/kubernetes/k8s.io/issues/8973
8787
module "testgrid_config_external_bucket" {
8888
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
89-
version = "~> 5"
89+
version = "~> 12.1"
9090

9191
name = "k8s-testgrid-config-external"
9292
project_id = module.project.project_id
@@ -111,10 +111,10 @@ module "testgrid_config_external_bucket" {
111111
]
112112
}
113113

114-
// Create gs://k8s-ci-logs to store logs from Prow jobs.
114+
// Create gs://kubernetes-ci-logs to store logs from Prow jobs.
115115
module "prow_bucket" {
116116
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
117-
version = "~> 5"
117+
version = "~> 11.1"
118118

119119
name = "kubernetes-ci-logs"
120120
project_id = module.project.project_id
@@ -173,3 +173,30 @@ resource "google_pubsub_topic" "kubernetes_ci_logs_topic" {
173173
name = "kubernetes-ci-logs-updates"
174174
project = module.project.project_id
175175
}
176+
177+
// Create gs://k8s-security-ci-logs private bucket to store logs from Prow jobs running in
178+
// the kubernetes-security org.
179+
module "prow_security_bucket" {
180+
source = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
181+
version = "~> 11.1"
182+
183+
name = "k8s-security-ci-logs"
184+
project_id = module.project.project_id
185+
location = "us-central1"
186+
lifecycle_rules = [{
187+
action = {
188+
type = "Delete"
189+
}
190+
condition = {
191+
age = 14 # 14d
192+
with_state = "ANY"
193+
}
194+
}]
195+
196+
iam_members = [
197+
{
198+
role = "roles/storage.objectAdmin"
199+
member = "serviceAccount:${google_service_account.prow.email}"
200+
},
201+
]
202+
}

0 commit comments

Comments
 (0)