diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/README.md b/clusters/app.ci/supplemental-ci-images/gcr-io/README.md index aad416fe9966a..d6af30aea52bd 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/README.md +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/README.md @@ -14,7 +14,7 @@ These images are build using `BuildConfig` and `CronJob`: - [ ] `gcr.io/distroless/static:nonroot` - [ ] `gcr.io/kubebuilder/kube-rbac-proxy` -- [x] `gcr.io/k8s-prow/commenter` +- [x] `gcr.io/k8s-prow/commenter` (retargeted to `ci_test-infra-commenter_latest` — `ci_commenter_latest` is now managed by `openshift/ci-tools-standalone`) - [ ] `gcr.io/istio-testing/build-tools` - [ ] `gcr.io/envoy-ci/envoy-build` - [x] `gcr.io/k8s-staging-test-infra/git` diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/admin_build-trigger_rbac.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/admin_build-trigger_rbac.yaml new file mode 100644 index 0000000000000..23d7e020dd8f7 --- /dev/null +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/admin_build-trigger_rbac.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: build-trigger + namespace: gcr-io +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: build-trigger + namespace: gcr-io +rules: +- apiGroups: + - build.openshift.io + resources: + - buildconfigs/instantiate + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: build-trigger + namespace: gcr-io +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: build-trigger +subjects: +- kind: ServiceAccount + name: build-trigger + namespace: gcr-io diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/boskos.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/boskos.yaml index 4bbb30fa2a80f..ddbd21f824f64 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/boskos.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/boskos.yaml @@ -46,5 +46,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *' diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/checkconfig.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/checkconfig.yaml index 619c2719e53e7..3dbef5783e780 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/checkconfig.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/checkconfig.yaml @@ -46,5 +46,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *' diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/cleaner.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/cleaner.yaml index 9413928578e1c..7bc5d38b31403 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/cleaner.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/cleaner.yaml @@ -46,5 +46,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *' diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/commenter.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/commenter.yaml index e26792c87ab60..46b6e345c0a0d 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/commenter.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/commenter.yaml @@ -27,7 +27,7 @@ spec: output: to: kind: "DockerImage" - name: "quay.io/openshift/ci:ci_commenter_latest" + name: "quay.io/openshift/ci:ci_test-infra-commenter_latest" --- apiVersion: batch/v1 kind: CronJob @@ -48,5 +48,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *' diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/gcsweb.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/gcsweb.yaml index da63b502b708a..1ea77dac635b9 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/gcsweb.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/gcsweb.yaml @@ -48,5 +48,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *' diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/git.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/git.yaml index 7151519fc3abb..6e0082f463eaa 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/git.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/git.yaml @@ -47,5 +47,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *' diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/label-sync.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/label-sync.yaml index 4eb5e9d6eb276..e1d0538a82cf4 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/label-sync.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/label-sync.yaml @@ -48,5 +48,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *' diff --git a/clusters/app.ci/supplemental-ci-images/gcr-io/reaper.yaml b/clusters/app.ci/supplemental-ci-images/gcr-io/reaper.yaml index faec660364f6b..288f1fa0b28b2 100644 --- a/clusters/app.ci/supplemental-ci-images/gcr-io/reaper.yaml +++ b/clusters/app.ci/supplemental-ci-images/gcr-io/reaper.yaml @@ -46,5 +46,5 @@ spec: image: registry.redhat.io/openshift4/ose-cli name: ose-cli restartPolicy: Never - serviceAccount: builder + serviceAccount: build-trigger schedule: '30 1 1,15 * *'