AWS: migrate kOps away from CNCF account

[ameukam]

All kOps e2e tests currently run under the CNCF management account.

There should be migrated to the AWS Kubernetes organization or any community infrastructure.

Phase 1: Periodics jobs We should start with the periodics and migrate them on those build clusters:

• e2e-kops-do-* : k8s-infra-prow-build-trusted
• e2e-kops-gce-*: k8s-infra-prow-build
• e2e-kops-aws-*: k8s-infra-kops-prow-build

It's not trivial to identify how a job belongs to a specific build cluster so they will be multiple tentatives

Phase 2: Presubmits & Postsubmits Once we have confidence that the periodics can run on the community infrastructure we can follow up with presubmits and postsubmits.

/assign @ameukam @justinsb /area aws /area infra/aws /priority important-soon /milestone v1.28

[k8s-ci-robot]

@ameukam: The label(s) area/aws cannot be applied, because the repository doesn't have them.

In response to [this](https://github.com/kubernetes/k8s.io/issues/5127): >All kOps e2e tests currently run under the CNCF management account. > >There should be migrated to the AWS Kubernetes organization. > >/assign @ameukam @justinsb >/area aws >/area infra/aws >/priority important-soon >/milestone v1.28 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[ameukam]

cc @jeefy

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[ameukam]

/remove-lifecycle stale

[ameukam]

/milestone v1.29

[ameukam]

/milestone v1.30

[ameukam]

A public bucket is needed otherwise we will get:

error writing s3://k8s-kops-ci-prow-sandbox/discovery/e2e-kops-eks-sandbox-cilium-deb12.tests-kops-aws.k8s.io/.well-known/openid-configuration (with ACL="public-read"): AccessDenied: Access Denied

I created a new one with the aws cli using: https://kops.sigs.k8s.io/getting_started/aws/#cluster-oidc-store

$aws s3api create-bucket \
    --bucket k8s-kops-ci-prow-sandbox \
    --region us-east-2 \
    --object-ownership BucketOwnerPreferred \
    --create-bucket-configuration LocationConstraint=us-east-2
$aws s3api put-public-access-block \
    --bucket k8s-kops-ci-prow-sandbox \
    --public-access-block-configuration BlockPublicAcls=false,IgnorePublicAcls=false,BlockPublicPolicy=false,RestrictPublicBuckets=false
$aws s3api put-bucket-acl \
    --bucket k8s-kops-ci-prow-sandbox \
    --acl public-read

[ameukam]

/milestone v1.31