/
groups.yaml
103 lines (94 loc) · 3.01 KB
/
groups.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
groups:
#
# k8s-infra owners for Knative
#
# Each group here represents highly privileged access to knative project
# infrastructure owned or managed by the Productivity WG. A high level of trust is
# required for membership in these groups.
#
###
### GROUPS FOR GKE/GCP RBAC
###
- email-id: kn-infra-gcp-org-admins@knative.dev
name: kn-infra-gcp-org-admins
description: |-
grants owner access to the knative.dev GCP organization, as well as
additional privileges necessary for billing and admin purposes
settings:
ReconcileMembers: "true"
members:
- cy@knative.team
- cy@borg.dev # Mahamed Ali
- kmahapatra@vmware.com
- krsna@knative.team
- hh@knative.team
- hh@cncf.io
- jeffrey@cncf.io
# Every GKE RBAC group should be added here.
- email-id: gke-security-groups@knative.dev
name: gke-security-groups
description: |-
Security Groups for GKE clusters
settings:
ReconcileMembers: "true"
WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # needed for RBAC
members:
- k8s-infra-rbac-prow@knative.dev
- k8s-infra-rbac-release@knative.dev
- k8s-infra-rbac-perf-tests@knative.dev
# GKE RBAC groups:
# - grant access to the `namespace-user` role for a single namespace on a cluster
# - must have WhoCanViewMemberShip: "ALL_MEMBERS_CAN_VIEW"
# - must be members of gke-security-groups@knative.dev
- email-id: k8s-infra-rbac-prow@knative.dev
name: k8s-infra-rbac-prow
description: |-
Grants access to the prow cluster
settings:
ReconcileMembers: "true"
WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
members:
- kmahapatra@vmware.com
- cy@borg.dev # Mahamed Ali
- email-id: k8s-infra-rbac-release@knative.dev
name: k8s-infra-rbac-release
description: |-
Grants access to submit prowjobs via Kubernetes API
settings:
ReconcileMembers: "true"
WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
members:
- evana@vmware.com
- evan.k.anderson@gmail.com
- paul@paulschweigert.com
- paulschw@us.ibm.com
- email-id: k8s-infra-rbac-perf-tests@knative.dev
name: k8s-infra-rbac-perf-tests
description: |-
Grants access to the shared community cluster perf-tests namespace
settings:
ReconcileMembers: "true"
WhoCanViewMembership: "ALL_MEMBERS_CAN_VIEW" # required
members:
- retocode@gmail.com
##
### Productivity WG related mailing lists
###
- email-id: automation@knative.team
name: automation
description: |-
User group for administrators of Knative GitHub bots
settings:
AllowExternalMembers: "true"
ReconcileMembers: "true"
WhoCanPostMessage: "ANYONE_CAN_POST"
owners:
- evana@vmware.com
- evankanderson@knative.team
- dprotaso@gmail.com
- paul@paulschweigert.com
- paulschw@us.ibm.com
- kmahapatra@vmware.com
- krsna@knative.team
managers:
- cy@borg.dev # Mahamed Ali