Deprecate and migrate away from gs://kubernetes-release-dev and gcr.io/kubernetes-ci-images #2318
Description
Part of umbrella issue to migrate the kubernetes project away from use of GCP project google-containers: #1571
This issue covers the deprecation of and migration away from two google.com assets:
- the google.com-owned GCS bucket
gs://kubernetes-release-devliving in GCP projectgoogle-containers, in favor of the community-owned GCS bucketgs://k8s-release-devliving in GCP projectk8s-release - the google.com-owned GCR repo
gcr.io/kubernetes-ci-images, in favor of the community-owned GCR repogcr.io/k8s-staging-ci-images
Step 1: Set and announce deprecation window
The first part is setting and announcing a deprecation window for CI artifacts placed in gs://kubernetes-release-dev, and their companion images in gcr.io/kubernetes-ci-images e.g.
- v1.17 was the first release that had CI builds of kubernetes land in
gs://k8s-release-dev/ciandgs://kubernetes-release-dev/cisimultaneously - v1.18 was the first release that cluster-api and kubeadm started defaulting to
gcr.io/k8s-staging-ci-imagesinstead ofgcr.io/kubernetes-ci-images - v1.20 was the last release that had CI builds land in
gs://kubernetes-release-dev/ci-cross - v1.22 is the last release to have CI builds of kubernetes land in
gs://kubernetes-release-devandgcr.io/kubernetes-ci-images - we will stop using
gs://kubernetes-release-devandgcr.io/kubernetes-ci-imagescompletely once older CI jobs have aged out according to the kubernetes version support policy, or when we see no remaining traffic togs://kubernetes-release-devfor a period of N weeks
Step 2: Setup community-owned alternatives, and use them for release-blocking / merge-blocking CI
This is a rough breakdown of the work necessary to complete the heavy lifting before we can shard out work to all repos across the project
- Add k8s-release GCP project and gs://k8s-release-dev buckets - Add k8s-release project and buckets for ci #1110 (@spiffxp)
- Ensure gs://k8s-release-dev visible via https://gcsweb.k8s.io - Add k8s-release-dev bucket to gcsweb #1195 (@spiffxp), Fix typo in ensure-release-projects.sh #1196 (@spiffxp)
- Ensure GCP project hosting gs://k8s-release-dev is audited - results of running audit script as of 2021-01-13 #1534 (@spiffxp)
- Write CI builds to gs://k8s-release-dev - create ci-kubernetes-build-fast canary job to validate job running in the cluster test-infra#19487 (@cpanato), Add canary jobs for ci-kubernetes-build job variants. test-infra#19904 (@ameukam)
- Audit and enforce jobs reading/writing to gs://k8s-release-dev - Log or enforce kubernetes jobs pull from k8s-infra buckets test-infra#20885 (@spiffxp, @amwat), jobs: enforce kubernetes CI policy for blocking jobs test-infra#20989 (@spiffxp)
- Deprecate build jobs writing to gs://kubernetes-release-dev - Deprecate google-hosted kubernetes-build jobs test-infra#20964 (@spiffxp)
- Update kinder to pull from gs://k8s-release-dev - kinder: use "k8s-release-dev" for CI artifacts kubeadm#2379 (@neolit123)
- Update kubeadm to pull from gcr.io/k8s-staging-ci-images - kubeadm: change the default image repository for CI images from gcr.io/kubernetes-ci-images to gcr.io/k8s-staging-ci-images kubernetes#97087 (@SataQiu)
- Update kubeadm to pull from gs://k8s-release-dev - kubeadm: get k8s CI version markers from k8s infra bucket kubernetes#98836 (@hasheddan)
- Ensure permissions on gs://k8s-release-dev are such that jobs running on google.com k8s-prow and k8s-prow-builds can write to it - infra/gcp/release: redo kubernetes ci buckets #2333 (@spiffxp)
- Migrate dl.k8s.io/ci traffic away from
gs://kubernetes-release-devtogs://k8s-release-dev- dl.k8s.io: Redirect CI URIs to Kubernetes Community infra #1857 (@justaugustus), k8s.io: fix dl.k8s.io/ci redirect #2292 (@spiffxp) - Migrate kops away from
gs://kubernetes-release-dev/kops/ci- remove references to kubernetes-release-dev kops#11997 (@spiffxp) - Migrate job tooling defaults to
k8s-release-devinstead ofkubernetes-release-dev- use gs://k8s-release-dev for kubernetes CI builds test-infra#22840 (@spiffxp) - Migrate release tooling defaults to
k8s-release-devinstead ofkubernetes-release-dev- bash: use k8s-release-dev for CI builds release#2158 (@spiffxp)
Step 3: Ensure no references to kubernetes-release-dev within project
The next part of this is ensuring there are no remaining references to kubernetes-release-dev outside of vendor/ directories (except those necessary for the ci-kubernetes-build-.*deprecated.* jobs to satisfy the deprecation window)
- Migrate documentation to refer to
k8s-release-devinstead ofkubernetes-release-dev - Migrate any remaining scripts / tooling across the project to use k8s-release-dev
This is pretty easily verifiable (with human inspection of results) using https://cs.k8s.io
$ curl -s -X POST \
-F "q=kubernetes-release-dev" \
-F "repos=*" \
-F "excludeFiles=vendor/" \
"https://cs.k8s.io/api/v1/search" \
| jq -r '.Results | keys | .[]' \
| sort \
| sed -e 's/^/- [ ] /g'
- kubernetes-sigs/cluster-api - 🌱 test/framework: improve the way we inject the ci-artifacts script kubernetes-sigs/cluster-api#4420 (@sbueringer @jackfrancis), 🌱 Use dl.k8s.io instead of hardcoded GCS URIs kubernetes-sigs/cluster-api#4958 (@spiffxp)
- kubernetes-sigs/cluster-api-provider-azure - update upstream k8s CI image store reference kubernetes-sigs/cluster-api-provider-azure#1512 (@CecileRobertMichon @jackfrancis)
- kubernetes-sigs/cluster-api-provider-gcp - use dl.k8s.io instead of hardcoded GCS URIs kubernetes-sigs/cluster-api-provider-gcp#399 (@spiffxp)
- kubernetes-sigs/cluster-api-provider-openstack - Use the kubernetesversions package of the cluster-api repo again kubernetes-sigs/cluster-api-provider-openstack#905 (@sbueringer)
- kubernetes-sigs/image-builder - Use dl.k8s.io instead of hardcoded GCS URIs kubernetes-sigs/image-builder#656 (@spiffxp)
- kubernetes-sigs/poseidon - use dl.k8s.io instead of hardcoded GCS URIs kubernetes-retired/poseidon#188 (@spiffxp)
- kubernetes/cloud-provider-gcp - use dl.k8s.io where possible cloud-provider-gcp#252 (@spiffxp)
- kubernetes/community - contributors/devel/sig-release: use dl.k8s.io where possible community#5893 (@spiffxp)
- kubernetes/k8s.io - remaining gcsweb reference must remain as long as deprecated build jobs - remove references to kubernetes-release-dev #2363 (@spiffxp)
- kubernetes/kops - remove references to kubernetes-release-dev kops#11997 (@spiffxp), hack/upload: avoid ACLs for GCS buckets with UBLA enabled kops#11994 (@spiffxp)
- kubernetes/kubeadm - use k8s-release-dev instead of kubernetes-release-dev kubeadm#2528 (@spiffxp)
- kubernetes/release - remaining reference can be removed once deprecated build jobs removed - bash: use k8s-release-dev for CI builds release#2158 (@spiffxp)
- kubernetes/sig-release - ci-signal: use k8s-release-dev for CI builds sig-release#1642
- kubernetes/test-infra - remaining references are the deprecated build jobs, which must remain - use gs://k8s-release-dev for kubernetes CI builds test-infra#22840 (@spiffxp)
Step 4: Ensure no references to kubernetes-ci-images within project
- Migrate documentation to refer to
k8s-staging-ci-imagesinstead ofkubernetes-ci-images - Migrate any remaining scripts / tooling across the project to use k8s-staging-ci-images
$ curl -s -X POST \
> -F "q=kubernetes-ci-images" \
> -F "repos=*" \
> -F "excludeFiles=vendor/" \
> "https://cs.k8s.io/api/v1/search" \
> | jq -r '.Results | keys | .[]' \
> | sort \
> | sed -e 's/^/- [ ] /g'
- kubernetes-sigs/cluster-api-bootstrap-provider-kubeadm - 📖 use k8s-staging-ci-images vs kubernetes-ci-images kubernetes-retired/cluster-api-bootstrap-provider-kubeadm#300 (@spiffxp)
- kubernetes-sigs/reference-docs - use k8s-staging-images vs kubernetes-ci-images kubernetes-sigs/reference-docs#248 (@spiffxp)
- kubernetes-sigs/release-notes - n/a, these are historical release notes that shouldn't be changed
- kubernetes/kubeadm - docs: use k8s-staging-ci-images kubeadm#2536 (@spiffxp)
- kubernetes/kubernetes - n/a, these are historical changelogs that shouldn't be changed
- kubernetes/release - n/a, historical test data
- kubernetes/sig-release - n/a, historical release notes
- kubernetes/test-infra - n/a, deprecated build jobs that must remain during deprecation window
- kubernetes/website - kubeadm: use k8s-staging-ci-images instead of kubernetes-ci-images website#29159 (@spiffxp)
Step 5: Complete deprecation
- Ensure kubernetes v1.23 builds don't land in gs://kubernetes-release-dev - config/jobs: remove ci-kubernetes-build-deprecated test-infra#23002 (@spiffxp)
Related issues
- Migrate jobs away from gs://kubernetes-release-dev #846
- release-blocking jobs must run in dedicated cluster: ci-kubernetes-build test-infra#19483
/wg k8s-infra
/sig testing
/area prow
FYI @kubernetes/sig-testing-leads
/sig release
/area artifacts
/area release-eng
FYI @kubernetes/release-engineering
/kind cleanup
/kind deprecation
/priority important-soon
/milestone v1.22
/assign
Metadata
Metadata
Assignees
Labels
Issues or PRs related to the hosting of release artifacts for subprojectsSetting up or working with prow in general, prow.k8s.io, prow build clustersIssues or PRs related to the Release Engineering subprojectCategorizes issue or PR as related to cleaning up code, process, or technical debt.Categorizes issue or PR as related to a feature/enhancement marked for deprecation.Must be staffed and worked on either currently, or very soon, ideally in time for the next release.Categorizes an issue or PR as relevant to SIG Release.Categorizes an issue or PR as relevant to SIG Testing.