aws s3api create-bucket --bucket tanzu-prow-logs --region us-east-1
aws iam create-user --user-name prow-logs-user
cat > prow-logs-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "QueryBuckets",
"Effect": "Allow",
"Action": [
"s3:GetAccessPoint",
"s3:PutAccountPublicAccessBlock",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"s3:ListAccessPoints"
],
"Resource": "*"
},
{
"Sid": "WriteBucketLogs",
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::tanzu-prow-logs",
"arn:aws:s3:::tanzu-prow-logs/*"
]
}
]
}
EOF
aws iam put-user-policy --user-name prow-logs-user --policy-name prow-logs-policy --policy-document prow-logs-policy.json
cat > tanzu-prow-logs-bucket-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowPublicRead",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::tanzu-prow-logs/*"
}
]
}
EOF
aws s3api put-bucket-policy --bucket tanzu-prow-logs --policy file://tanzu-prow-logs-bucket-policy.json
aws iam create-access-key --user-name prow-logs-user
#from https://github.com/kubernetes/test-infra/blob/78cc9236b3bafae66c24304ced23109577d2e1b4/prow/io/providers/providers.go#L48-L54
cat > service-account.json <<EOF
{
"access_key": "access_key",
"secret_key": "secret_key",
"region": "us-east-1",
"s3_force_path_style": true
}
EOF
kubectl -n test-pods create secret generic s3-credentials --from-file=s3-credentials
kubectl -n prow create secret generic s3-credentials --from-file=s3-credentials
Last active
March 31, 2022 18:14
-
-
Save rajaskakodkar/9f2791772cc083d4c0ffcc2a338498b7 to your computer and use it in GitHub Desktop.
S3 bucket for Prow
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment