WIP: Use GCE dedicated service accounts

[justinsb]

Integration branch that shows the "big picture" of using per-InstanceGroup service accounts on GCE.

Will whittle this down to more reasonable PRs, but wanted to make my end-goal available.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: To complete the pull request process, please ask for approval from justinsb after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@justinsb: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-ci-robot]

@justinsb: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kops-verify-staticcheck	d48e7ab52e00c90d0a3564a81d500dc061f6fa2f	link	true	/test pull-kops-verify-staticcheck
pull-kops-verify-terraform	99e7fa3773551ee2fe94a62cc92e23500c68c13d	link	true	/test pull-kops-verify-terraform
pull-kops-bazel-test	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-bazel-test
pull-kops-verify-bazel	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-bazel
pull-kops-bazel-build	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-bazel-build
pull-kops-e2e-kubernetes-aws	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-kubernetes-aws
pull-kops-verify-govet	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-govet
pull-kops-verify-golangci-lint	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-golangci-lint
pull-kops-e2e-cni-weave	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-weave
pull-kops-e2e-cni-kuberouter	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-kuberouter
pull-kops-e2e-cni-calico-ipv6	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-calico-ipv6
pull-kops-e2e-cni-amazonvpc	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-amazonvpc
pull-kops-e2e-cni-cilium	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-cilium
pull-kops-e2e-cni-calico	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-calico
pull-kops-e2e-cni-flannel	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-flannel
pull-kops-e2e-k8s-gce-cilium	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-k8s-gce-cilium
pull-kops-e2e-aws-karpenter	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-aws-karpenter
pull-kops-e2e-k8s-aws-calico	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-k8s-aws-calico
pull-kops-build	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-build
pull-kops-test	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[hakman]

/reopen /kind office-hours

[k8s-ci-robot]

@hakman: Reopened this PR.

In response to this:

/reopen /kind office-hours

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from justinsb by writing /assign @justinsb in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

@justinsb: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kops-verify-staticcheck	d48e7ab52e00c90d0a3564a81d500dc061f6fa2f	link	true	/test pull-kops-verify-staticcheck
pull-kops-verify-terraform	99e7fa3773551ee2fe94a62cc92e23500c68c13d	link	true	/test pull-kops-verify-terraform
pull-kops-bazel-test	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-bazel-test
pull-kops-verify-bazel	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-bazel
pull-kops-bazel-build	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-bazel-build
pull-kops-e2e-kubernetes-aws	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-kubernetes-aws
pull-kops-e2e-cni-weave	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-weave
pull-kops-e2e-cni-kuberouter	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-kuberouter
pull-kops-e2e-cni-calico-ipv6	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-calico-ipv6
pull-kops-e2e-cni-amazonvpc	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-amazonvpc
pull-kops-e2e-cni-cilium	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-cilium
pull-kops-e2e-cni-calico	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-calico
pull-kops-e2e-cni-flannel	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-flannel
pull-kops-e2e-aws-karpenter	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-aws-karpenter
pull-kops-verify-boilerplate	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-boilerplate
pull-kops-verify-govet	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-govet
pull-kops-verify-gofmt	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-gofmt
pull-kops-e2e-k8s-gce-cilium	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-k8s-gce-cilium
pull-kops-build	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-build
pull-kops-verify-generated	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-generated
pull-kops-test	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-test
pull-kops-verify-golangci-lint	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-golangci-lint
pull-kops-e2e-k8s-aws-calico	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-k8s-aws-calico
pull-kops-verify-gomod	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-gomod

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[justinsb]

/reopen

We need to reach a conclusion here.

[k8s-ci-robot]

@justinsb: Reopened this PR.

In response to this:

/reopen

We need to reach a conclusion here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

@justinsb: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kops-verify-staticcheck	d48e7ab52e00c90d0a3564a81d500dc061f6fa2f	link	true	/test pull-kops-verify-staticcheck
pull-kops-verify-terraform	99e7fa3773551ee2fe94a62cc92e23500c68c13d	link	true	/test pull-kops-verify-terraform
pull-kops-bazel-test	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-bazel-test
pull-kops-verify-bazel	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-bazel
pull-kops-bazel-build	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-bazel-build
pull-kops-e2e-kubernetes-aws	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-kubernetes-aws
pull-kops-e2e-cni-weave	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-weave
pull-kops-e2e-cni-kuberouter	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-kuberouter
pull-kops-e2e-cni-calico-ipv6	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-calico-ipv6
pull-kops-e2e-cni-amazonvpc	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-amazonvpc
pull-kops-e2e-cni-cilium	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-cilium
pull-kops-e2e-cni-calico	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-calico
pull-kops-e2e-cni-flannel	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-cni-flannel
pull-kops-e2e-aws-karpenter	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-aws-karpenter
pull-kops-build	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-build
pull-kops-verify-generated	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-generated
pull-kops-verify-gomod	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-gomod
pull-kops-test	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-test
pull-kops-verify-govet	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-govet
pull-kops-verify-golangci-lint	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-golangci-lint
pull-kops-e2e-k8s-gce-cilium	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-k8s-gce-cilium
pull-kops-e2e-k8s-aws-calico	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-e2e-k8s-aws-calico
pull-kops-verify-gofmt	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-gofmt
pull-kops-verify-boilerplate	7e2d052ecaff7ad179509d041dc3aa8a8f9523e5	link	true	/test pull-kops-verify-boilerplate

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[k8s-ci-robot]

@Dixiejane: changing LGTM is restricted to collaborators

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Dixiejane Once this PR has been reviewed and has the lgtm label, please ask for approval from justinsb. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

[k8s-ci-robot]

@k8s-triage-robot: Closed this PR.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Reopen this PR with /reopen
• Mark this PR as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.