Open cpanato opened 1 month ago
/assign @saschagrunert @xmudrii @puerco
/hold
Putting my SIG K8s Infra contributor hat on
The AWS account that we are using is part of the Kubernetes AWS organization (or at least it should be) which is managed by SIG K8s Infra. At the moment, SIG K8s Infra don't have very strict rules about how accounts under the organization should be managed, but there are some (more or less stronger) recommendations.
Speaking of the infrastructure part, it's recommended that everything related to the infrastructure, especially to the long-term infrastructure, lives in kubernetes/k8s.io repo, even if it's managed by other SIGs. That's because of multiple reasons:
This might be kind of a new thing for SIG K8s Infra too (as in SIGs maintaining their own infrastructure and Terraform configs), so I'm going to cc some of infra folks if they have any stronger opinions: @upodroid @BenTheElder @dims
Putting my SIG Release contributor hat on
I'm a little bit more towards the infrastructure code living in k/k8s.io for the sake of having all the configs in the single place. For the reference, all the infrastructure code related to pkgs.k8s.io is already living in k/k8s.io and is pretty much completely managed and maintained by us. If we have different pieces of the infrastructure in different places, there's a more significant risk that some parts of the infrastructure gets a little bit neglected.
thanks, i will split it
it's recommended that everything related to the infrastructure, especially to the long-term infrastructure, lives in kubernetes/k8s.io repo, even if it's managed by other SIGs
+100
@xmudrii @dims terraform code moved to k8s.io: https://github.com/kubernetes/k8s.io/pull/6853
+1 to https://github.com/kubernetes/release/pull/3627#issuecomment-2139335855
Yeah, k8s.io is a clearing house for "how did/do we setup this infra?", the implementation sources for components shouldn't live there but the cloud / infra configuration does and we have strongly delegated ownership to sub-accounts, directories, etc. We hope to have more automation and self service over time and we'll need to be careful to secure it so we want to avoid sprawl.
Thanks for splitting this.
Also: Thanks for taking a moment to automate away toil and keep the community better informed about deadlines ❤️
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: cpanato, xmudrii
The full list of commands accepted by this bot can be found here.
The pull request process is described here
@cpanato I'll leave it up to you to remove the hold when ready :)
/unhold
PR needs rebase.
What type of PR is this?
/kind feature
What this PR does / why we need it:
We will apply the terraform manually by logging in the aws account we have for sig-release. maybe in the future we can automation with github actions and OIDC federation.
It is in a mock by default to we test the email sending, and then we will need to open a ticket with aws to move the aws ses config to prod then we can send emails to the
dev@kubernetes.io
(i will do that as a follow up)sample email that will be sent by the automation (note this is valid for the next cycle.
/assign @saschagrunert @xmudrii @puerco cc @kubernetes/release-managers
Which issue(s) this PR fixes:
Fixes #2174
Special notes for your reviewer:
Does this PR introduce a user-facing change?