Add cloudbuild.yaml for staging

[mnaser]

What this PR does / why we need it:
Adds a cloudbuild.yaml so we can start pushing things out of DockerHub

Which issue this PR fixes(if applicable):
related to #1540

Special notes for reviewers:

Release note:

NONE

[k8s-ci-robot]

Hi @mnaser. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[jichenjc]

could you please help elaborate the way to solve the issue you pointed out with this PR? Thanks

@mnaser

[jichenjc]

/ok-to-test

[zetaab]

@mnaser could you please open little bit how this is supposed to work? As we are using github actions in this repo and so on, we do not have any cloudbuild access.

[mdbooth]

Here's what we currently do for release builds:

cloud-provider-openstack/.github/workflows/release-cpo.yaml

Line 36 in 847eadd

REGISTRY=docker.io/k8scloudprovider ARCHS='amd64 arm arm64 ppc64le s390x' GOOS=linux VERSION=${{ steps.get_version.outputs.VERSION }} make upload-images

This looks correct to me and I recall this being a required part of the release puzzle. I can't find the docs, though. A link in the PR would be nice.

/lgtm

[mdbooth]

AFAICT this is the correct registry, defined here: https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/manifests/k8s-staging-cloud-provider-os/promoter-manifest.yaml

[mdbooth]

We're not using this. However, as it seems to be a standard substitution probably simpler to leave it in to reduce friction if we want to use it in the future.

[jichenjc]

seems correct? CPO didn't switch to main currently, still using master as primary dev branch..

[zetaab]

I can easily add our images to k8s.io registry. However, I do not have credentials or contact where to ask those. So if someone could help with that.

[mdbooth]

I can easily add our images to k8s.io registry. However, I do not have credentials or contact where to ask those. So if someone could help with that.

I think Prow already has them? IIUC they are managed by the k8s org.

[mdbooth]

@zetaab @mnaser Found the reference: https://github.com/kubernetes/test-infra/blob/master/config/jobs/image-pushing/README.md

E.g. Here's how it works in CAPO, which is in kubernetes-sigs but it works the same way:

There's a postsubmit job which runs after commits to main or release branches: https://github.com/kubernetes/test-infra/blob/c7adcaabf4800775a2b3ccfdff5545c4119a5c43/config/jobs/image-pushing/k8s-staging-cluster-api.yaml#L184-L208

It automatically pushes a new image to the staging repo by running the cloud build. Maintainers then promote staging images to production manually by pushing a PR to update https://github.com/kubernetes/k8s.io/blob/main/k8s.gcr.io/images/k8s-staging-capi-openstack/images.yaml

It's documented in our release doc: https://github.com/kubernetes-sigs/cluster-api-provider-openstack/blob/main/RELEASE.md

[mdbooth]

I can easily add our images to k8s.io registry. However, I do not have credentials or contact where to ask those. So if someone could help with that.

Incidentally, I believe the answer to this is suggested in the image-pushing job:

https://github.com/kubernetes/test-infra/blob/e8be84d7787b4864ac5b53130defa743625eecc9/config/jobs/image-pushing/k8s-staging-cloud-provider-openstack.yaml#L5

      cluster: k8s-infra-prow-build-trusted

My guess is that the reason you aren't permitted to run arbitrary code in the trusted cluster is that it has these credentials. Guessing this also implies they won't share them except via prow.

[jichenjc]

@mdbooth thanks for the detailed info

To confirm my understanding, So we need get this PR merged then we have a pre-requirement satisfied
then get https://github.com/kubernetes/test-infra/pull/28817/files merged
after that we will have a similar output / method of release corresponding to CAPO ?

[mnaser]

Based on my understanding is that yes, this is the first step to being able to upload into the staging repo.

[mdbooth]

@mnaser Probably want to remove the word 'fixes' before #1540 because IIUC it'll close the issue again. I think this is just step 1.

[jichenjc]

I updated the commit message and let's get this

[jichenjc]

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jichenjc

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jichenjc]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment