diff --git a/k8s_config b/k8s_config index b61efec..aab3320 100644 --- a/k8s_config +++ b/k8s_config @@ -3,3 +3,4 @@ GCP_ZONE="us-central1-a" GCP_CLUSTER="llvm-premerge-checks" GCP_PROJECT="llvm-premerge-checks" GCR_HOSTNAME="gcr.io" +GCS_BUCKET='llvm-premerge-checks' \ No newline at end of file diff --git a/kubernetes/storage_create.sh b/kubernetes/storage_create.sh new file mode 100755 index 0000000..bab009c --- /dev/null +++ b/kubernetes/storage_create.sh @@ -0,0 +1,54 @@ +#!/bin/bash +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the the Apache License v2.0 with LLVM Exceptions (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://llvm.org/LICENSE.txt +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +#------------------------------------------------------------------------------- +# set up Google Cloud Storage for the build results + +set -eux + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +ROOT_DIR="$(dirname ${DIR})" + +# get config options +source "${ROOT_DIR}/k8s_config" + +# create a bucket +gsutil mb --retention 90d gs://${GCS_BUCKET} + +# put a dummy file there so we can set the path ACLs +echo "hello world" | gsutil cp - gs://${GCS_BUCKET}/results/hello.txt + +# make results folder world-readable, now files are accessable via +# https://storage.googleapis.com/llvm-premerge-checks/results/ +gsutil iam ch allUsers:objectViewer gs://${GCS_BUCKET} +gsutil acl ch -u AllUsers:R gs://${GCS_BUCKET}/results/* + +AGENT_SERVICE_ACCOUNT="build-agent-results" +KEY_FILE="${AGENT_SERVICE_ACCOUNT}_key.json" + +# create service account and key +gcloud iam service-accounts create ${AGENT_SERVICE_ACCOUNT} \ + --description "account for build agent to upload build results" +gcloud iam service-accounts keys create ${KEY_FILE} \ + --iam-account "${AGENT_SERVICE_ACCOUNT}@${GCP_PROJECT}.iam.gserviceaccount.com" + +# upload the key to the kubernetes secret storage +kubectl create secret generic "${AGENT_SERVICE_ACCOUNT}" \ + --from-file ${KEY_FILE} + +# give write permissions to service account +gsutil acl ch \ + -u "${AGENT_SERVICE_ACCOUNT}@${GCP_PROJECT}.iam.gserviceaccount.com":WRITER \ + gs://${GCS_BUCKET} diff --git a/kubernetes/windows_agent_create.sh b/kubernetes/windows_agent_create.sh index 6946536..2d3ef19 100755 --- a/kubernetes/windows_agent_create.sh +++ b/kubernetes/windows_agent_create.sh @@ -12,6 +12,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +#------------------------------------------------------------------------------- +# create a new windows agent set -eux