@@ -16,7 +16,7 @@ limitations under the License.
1616
1717module "gcb_bucket" {
1818 source = " terraform-google-modules/cloud-storage/google//modules/simple_bucket"
19- version = " ~> 11.0 "
19+ version = " ~> 11.1 "
2020
2121 name = " k8s-infra-prow-gcb"
2222 project_id = . project . project_id
@@ -47,7 +47,7 @@ module "gcb_bucket" {
4747// Create gs://k8s-testgrid-config to store K8s TestGrid config.
4848module "testgrid_config_bucket" {
4949 source = " terraform-google-modules/cloud-storage/google//modules/simple_bucket"
50- version = " ~> 5 "
50+ version = " ~> 11.1 "
5151
5252 name = " k8s-testgrid-config"
5353 project_id = . project . project_id
@@ -82,10 +82,10 @@ module "testgrid_config_bucket" {
8282 ]
8383}
8484
85- // Create gs://k8s -ci-logs to store logs from Prow jobs.
85+ // Create gs://kubernetes -ci-logs to store logs from Prow jobs.
8686module "prow_bucket" {
8787 source = " terraform-google-modules/cloud-storage/google//modules/simple_bucket"
88- version = " ~> 5 "
88+ version = " ~> 11.1 "
8989
9090 name = " kubernetes-ci-logs"
9191 project_id = . project . project_id
@@ -144,3 +144,30 @@ resource "google_pubsub_topic" "kubernetes_ci_logs_topic" {
144144 name = " kubernetes-ci-logs-updates"
145145 project = . project . project_id
146146}
147+
148+ // Create gs://kubernetes-security-ci-logs private bucket to store logs from Prow jobs running in
149+ // the kubernetes-security org.
150+ module "prow_security_bucket" {
151+ source = " terraform-google-modules/cloud-storage/google//modules/simple_bucket"
152+ version = " ~> 11.1"
153+
154+ name = " kubernetes-security-ci-logs"
155+ project_id = . project . project_id
156+ location = " us-central1"
157+ lifecycle_rules =
158+ action = {
159+ type = " Delete"
160+ }
161+ condition = {
162+ age = 14 # 14d
163+ with_state = " ANY"
164+ }
165+ }]
166+
167+ iam_members =
168+ {
169+ role = " roles/storage.objectAdmin"
170+ member = " serviceAccount:${ google_service_account . prow . email } "
171+ },
172+ ]
173+ }
0 commit comments