profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/spiffxp/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Aaron Crickenberger spiffxp Google Seattle, WA http://spiffxp.com Pinky and the Brain, but it's Kubernetes

cncf/apisnoop 72

⭕️Snooping on the Kubernetes OpenAPI communications

spiffxp/adventures-in-k8s-conformance 2

Companion repo for my KubeCon China 2018 talk "Adventures in Conformance"

bashfire/prow-config 1

configs for prow.bashfire.dev

justincbeck/juggler_assigner 1

Assigns Jugglers to Courses based on preference and ability

spiffxp/api 0

Soon-to-be the canonical location of the Kubernetes API definition.

spiffxp/apiextensions-apiserver 0

API server for API extensions like CustomResourceDefinitions

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

delete branch spiffxp/k8s.io

delete branch : fix-typo

delete time in 6 days

pull request commentkubernetes/k8s.io

terraform/kubernetes-public: add k8s-keps

Rebased to avoid merge conflicts. AFAIK still waiting to hear from enhancements subproject if they actually want / plan on using this.

spiffxp

comment created time in 6 days

Pull request review commentkubernetes/k8s.io

terraform/kubernetes-public: add k8s-keps

+/*+Copyright 2021 The Kubernetes Authors.++Licensed under the Apache License, Version 2.0 (the "License");+you may not use this file except in compliance with the License.+You may obtain a copy of the License at++    http://www.apache.org/licenses/LICENSE-2.0++Unless required by applicable law or agreed to in writing, software+distributed under the License is distributed on an "AS IS" BASIS,+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.+See the License for the specific language governing permissions and+limitations under the License.+*/+ +/*+This file defines:+- GCS bucket to serve KEP reports+- IAM bindings+*/++locals {+  keps_owners = "k8s-infra-keps@kubernetes.io"+}++// Use a data source for the service account+data "google_service_account" "keps_sa" {+  account_id = "k8s-keps@k8s-infra-prow-build-trusted.iam.gserviceaccount.com"+}++// Create a GCS bucket for KEP reports+resource "google_storage_bucket" "keps_bucket" {+  name                        = "k8s-keps"+  project                     = data.google_project.project.project_id+  location                    = "US"+  storage_class               = "STANDARD"+  uniform_bucket_level_access = true+}++data "google_iam_policy" "keps_bucket_iam_bindings" {+  // Ensure prow owners have admin privileges, and keep existing+  // legacy bindings since we're overwriting all existing bindings below+  binding {+    members = [+      "group:${local.prow_owners}",+      "group:${local.keps_owners}",+    ]+    role = "roles/storage.admin"+  }+  // Preserve legacy storage bindings, give storage.admim members legacy bucket owner

good catch, found it in k8s-metrics as well

spiffxp

comment created time in 6 days

PullRequestReviewEvent

push eventspiffxp/k8s.io

Aaron Crickenberger

commit sha 48d5f2a38667f50cd2773cd33c6d767d62e06936

terraform/kubernetes-public: add k8s-keps Add a world-readable bucket gs://k8s-keps along with a service account and dedicated k8s-infra-keps@kubernetes.io group with privileged access to the bucket and its contents. I took an arbitrary guess for k8s-infra-keps membership, and used emails for folks listed in kubernetes/enhancements/OWNERS_ALIASES under the enhancements-approvers alias. I took educated guesses based on other memberships in this repo

view details

push time in 6 days

push eventspiffxp/k8s.io

Jim Angel

commit sha 242083247c0265b441cb02712f7ce2328e44aced

adding CAA record

view details

Arnaud Meukam

commit sha a4acee604da3ab6974f5dfc81bdc7508884873c4

Domain validation k8s.io Google Search is a free service that can help monitor web traffic and improve SEO for websites acting as docs of projects and subjects of the community using domain k8s.io. Signed-off-by: Arnaud Meukam <ameukam@gmail.com>

view details

Madhav Jivrajani

commit sha 0a5e9841bb284032cfc9cb97498e07db320c7042

Refactor groups reconciliation in order for functionalities to be mocked - Introduce mockable client interfaces that represent interaction with the admins API. - Introduce mockable service interfaces that represent high level operations that are performed during reconcilation. - Misc: fix a few warnings and linter errors Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>

view details

Adolfo García Veytia (Puerco)

commit sha 46de8c126fb57337c2e76180d2957e66291b36de

releng: Image promotion for v1.23.0-alpha.2 Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>

view details

Kubernetes Prow Robot

commit sha c0fe7194c3e6d17c4374dc2bfe8660d00b6110bb

Merge pull request #2721 from puerco/v1.23.0-alpha.2-image-promotion releng: Image promotion for v1.23.0-alpha.2

view details

Adolfo García Veytia (Puerco)

commit sha 0dc6f3b1fb46b0c0282f099116a4c3b11b569393

releng: Drop palnabarun temporary access Nabarun Pal is a Release Manager Associate who was granted temporary elevated access to cut the v1.23.0-alpha.2 release. The release is out so we drop the elevated privileges. SIG Release issue: kubernetes/sig-release#1700 Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>

view details

Kubernetes Prow Robot

commit sha 1ad8f5630e28f0e132a0adabc6d80dd7b1f46daf

Merge pull request #2722 from puerco/nabarun-rm releng: Drop palnabarun temporary access

view details

Gabriel De Obieta (deobieta)

commit sha 1b8b551ae99d7d2639841b7ec3eb6e36a7871009

terraform/kubernetes-public: mv public IPs to for_each

view details

Stephen Augustus

commit sha e66141371c6046dab9794115057068686a059ae3

releng: Promote debian-iptables and go-runner bullseye variants - debian-iptables:bullseye-v1.0.0 - go-runner:v2.3.1-go1.17.1-bullseye.0 Signed-off-by: Stephen Augustus <foo@auggie.dev>

view details

Kubernetes Prow Robot

commit sha cb39913fe81acf99d9f29ac43744bcc05d18fccc

Merge pull request #2723 from justaugustus/its-a-bullseye releng: Promote debian-iptables and go-runner bullseye variants

view details

Arnaud Meukam

commit sha dec20cc2c95d62a1717afc02af00d0d0c5b7a0d6

gcp/bash: Add GCP secrets for kops ssh key Related: - https://github.com/kubernetes/k8s.io/issues/2625. The kops e2e tests needs a SSH key (passwordless is allowed) to be able to access to instances running on AWS. Add GCP secret for the SSH key. The values of the secret will be accessible by `k8s-infra-kops-maintainers@kubernetes.io`. Signed-off-by: Arnaud Meukam <ameukam@gmail.com>

view details

Carlos Panato

commit sha 44905f6d8d0c50f2c1837ab36a8b8e071bc60344

kube-cross: tagging kube-cross to use the same iamge for v1.21.0-go1.16.8-buster.0 Signed-off-by: Carlos Panato <ctadeu@gmail.com>

view details

Kubernetes Prow Robot

commit sha bcd8822e93908351959154e9878f14147944763d

Merge pull request #2730 from cpanato/cross-tag kube-cross: tagging kube-cross to use the same iamge for v1.21.0-go1.16.8-buster.0

view details

Kubernetes Prow Robot

commit sha d2f9933a0c9cf0a007439504a393a516e6c248dd

Merge pull request #2718 from ameukam/kops-ci-ssh-key gcp/bash: Add GCP secrets for kops ssh key

view details

Arnaud Meukam

commit sha 2444c35eb9bec3972e88d2b98df9fd152593ac49

apps: Switch jobs to ClusterIP and NEG Ref: https://github.com/kubernetes/k8s.io/issues/2488. Convert kubernetes services for world-accessible from NodePort to ClusterIP. Signed-off-by: Arnaud Meukam <ameukam@gmail.com>

view details

Adolfo García Veytia (Puerco)

commit sha e2038a5da790fcbcde2a34a9978070144ce62eb7

releng: Image promotion for v1.19.15 / v1.19.16-rc.0 Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>

view details

Kubernetes Prow Robot

commit sha 725d8270134c0b16d198305b6654a2ae7aad8897

Merge pull request #2732 from puerco/v1.19.15-image-promotion releng: Image promotion for v1.19.15 / v1.19.16-rc.0

view details

Adolfo García Veytia (Puerco)

commit sha 085e4b89f883b347d056e740e83349cb75a0a9d4

releng: Image promotion for v1.20.11 / v1.20.12-rc.0 Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>

view details

Kubernetes Prow Robot

commit sha b4ee6c8cf5f18db53f273100be66d1611dec50dc

Merge pull request #2733 from puerco/v1.20.11-image-promotion releng: Image promotion for v1.20.11 / v1.20.12-rc.0

view details

Vince Prignano

commit sha b540356b0b2464e04b78cb49c35858d48411be37

Add releaase-0.4 alias for Cluster API book Signed-off-by: Vince Prignano <vincepri@vmware.com>

view details

push time in 6 days

PR opened kubernetes/k8s.io

tf/k8s-infra-monitoring: add missing project field

Related:

  • Followup to: https://github.com/kubernetes/k8s.io/pull/2944

Missed a project field for the monitoring channel resources

Have already run terraform apply for these resources

+1 -0

0 comment

1 changed file

pr created time in 6 days

create barnchspiffxp/k8s.io

branch : fix-typo

created branch time in 6 days

pull request commentkubernetes-sigs/slack-infra

Tombstone content moved to kubernetes/k8s.io

/close Going to close this since I doubt we'll get back to it

ameukam

comment created time in 6 days

Pull request review commentkubernetes/k8s.io

audit: update as of 2021-10-18

   "bindings": [     {       "members": [+        "serviceAccount:k8s-infra-prow-build-trusted.svc.id.goog[test-pods/tf-monitoring-deployer]",

FYI @ameukam

k8s-infra-ci-robot

comment created time in 7 days

PullRequestReviewEvent

pull request commentkubernetes/k8s.io

audit: update as of 2021-10-18

/hold cancel

k8s-infra-ci-robot

comment created time in 7 days

Pull request review commentkubernetes/k8s.io

audit: update as of 2021-10-18

   "bindings": [     {       "members": [+        "serviceAccount:k8s-infra-prow-build-trusted.svc.id.goog[test-pods/tf-monitoring-deployer]",
$ gcloud iam service-accounts remove-iam-policy-binding --member "serviceAccount:kubernetes-public.svc.id.goog[test-pods/tf-monitoring-deployer]" --role "roles/iam.workloadIdentityUser" tf-monitoring-deployer@kubernetes-public.iam.gserviceaccount.com --project=kubernetes-public
Updated IAM policy for serviceAccount [tf-monitoring-deployer@kubernetes-public.iam.gserviceaccount.com].
bindings:
- members:
  - serviceAccount:k8s-infra-prow-build-trusted.svc.id.goog[test-pods/tf-monitoring-deployer]
  role: roles/iam.workloadIdentityUser
etag: BwXOt-ipjeQ=
version: 1
k8s-infra-ci-robot

comment created time in 7 days

PullRequestReviewEvent

issue commentkubernetes/k8s.io

Raise quotas for scalability project pool

Shall we call this done?

ameukam

comment created time in 7 days

delete branch spiffxp/k8s.io

delete branch : k8s-infra-sandbox-capg

delete time in 7 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentkubernetes/k8s.io

audit: update as of 2021-10-18

   "bindings": [     {       "members": [-        "user:spiffxp@google.com"+        "group:k8s-infra-gcp-org-admins@kubernetes.io"

This is https://github.com/kubernetes/k8s.io/pull/2944

k8s-infra-ci-robot

comment created time in 7 days

Pull request review commentkubernetes/k8s.io

audit: update as of 2021-10-18

   "bindings": [     {       "members": [+        "serviceAccount:k8s-infra-prow-build-trusted.svc.id.goog[test-pods/tf-monitoring-deployer]",

This is https://github.com/kubernetes/k8s.io/pull/2951

We should probably remove the kubernetes-public binding?

k8s-infra-ci-robot

comment created time in 7 days

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

issue commentkubernetes/k8s.io

failure when re-casting a ballot in the 2021 Steering election

I'm saying it also happened for me when entering an incorrect password

bridgetkromhout

comment created time in 7 days

issue commentkubernetes/k8s.io

failure when re-casting a ballot in the 2021 Steering election

Notably the code does a Redirect as part of the re-casting:

I don't get that far. Entering an incorrect password should error out earlier, and hits the same 502.

As far as the load balancer is concerned, the app is timing out after 30s. Could there be some part of the flask middleware that's failing to respond within 30s or timing out on elekto's end, e.g. https://github.com/elekto-io/elekto/blob/main/elekto/controllers/elections.py#L130

bridgetkromhout

comment created time in 7 days

PullRequestReviewEvent
PullRequestReviewEvent