Skip to content

connect the s390x cluster to argocd #8332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

connect the s390x cluster to argocd #8332

wants to merge 2 commits into from

Conversation

upodroid
Copy link
Member

Part of #8082

/hold

@jeefy Did IBM handover this account correctly yet?

@k8s-ci-robot k8s-ci-robot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/infra Infrastructure management, infrastructure design, code in infra/ area/infra/gcp Issues or PRs related to Kubernetes GCP infrastructure area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jul 27, 2025
@k8s-ci-robot k8s-ci-robot requested review from aojea and xmudrii July 27, 2025 19:12
@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Jul 27, 2025
@k8s-infra-ci-robot
Copy link
Contributor

Ran Plan for dir: infra/gcp/terraform/k8s-infra-prow workspace: default

Plan Error

Show Output 
running 'sh -c' '/atlantis/bin/terraform1.6.5 init -input=false -upgrade' in '/atlantis/repos/kubernetes/k8s.io/8332/default/infra/gcp/terraform/k8s-infra-prow': exit status 1

Initializing the backend...

Successfully configured the backend "gcs"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 11.0.0 for gcb_bucket...
- gcb_bucket in .terraform/modules/gcb_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/kms/google 4.0.0 for gcb_bucket.encryption_key...
- gcb_bucket.encryption_key in .terraform/modules/gcb_bucket.encryption_key
Downloading registry.terraform.io/terraform-google-modules/iam/google 8.1.0 for iam...
- iam in .terraform/modules/iam/modules/projects_iam
- iam.helper in .terraform/modules/iam/modules/helper
Downloading registry.terraform.io/terraform-google-modules/cloud-nat/google 5.3.0 for nat...
- nat in .terraform/modules/nat
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 14.5.0 for project...
- project in .terraform/modules/project
- project.budget in .terraform/modules/project/modules/budget
- project.essential_contacts in .terraform/modules/project/modules/essential_contacts
- project.gsuite_group in .terraform/modules/project/modules/gsuite_group
- project.project-factory in .terraform/modules/project/modules/core_project_factory
- project.project-factory.project_services in .terraform/modules/project/modules/project_services
- project.quotas in .terraform/modules/project/modules/quota_manager
- project.shared_vpc_access in .terraform/modules/project/modules/shared_vpc_access
Downloading registry.terraform.io/terraform-google-modules/kubernetes-engine/google 30.3.0 for prow...
- prow in .terraform/modules/prow/modules/beta-private-cluster
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 11.0.0 for prow_bucket...
- prow_bucket in .terraform/modules/prow_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/kms/google 4.0.0 for prow_bucket.encryption_key...
- prow_bucket.encryption_key in .terraform/modules/prow_bucket.encryption_key
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 11.0.0 for testgrid_config_bucket...
- testgrid_config_bucket in .terraform/modules/testgrid_config_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/kms/google 4.0.0 for testgrid_config_bucket.encryption_key...
- testgrid_config_bucket.encryption_key in .terraform/modules/testgrid_config_bucket.encryption_key
Downloading registry.terraform.io/terraform-google-modules/kubernetes-engine/google 30.3.0 for utility_cluster...
- utility_cluster in .terraform/modules/utility_cluster/modules/beta-private-cluster
Downloading registry.terraform.io/terraform-google-modules/network/google 9.3.0 for vpc...
- vpc in .terraform/modules/vpc
- vpc.firewall_rules in .terraform/modules/vpc/modules/firewall-rules
- vpc.routes in .terraform/modules/vpc/modules/routes
- vpc.subnets in .terraform/modules/vpc/modules/subnets
- vpc.vpc in .terraform/modules/vpc/modules/vpc
╷
│ Error: Duplicate data "http" configuration
│ 
│   on iam.tf line 182:
│  182: data "http" "ppc64le_jwks" {
│ 
│ A http data resource named "ppc64le_jwks" was already declared at
│ iam.tf:154,1-27. Resource names must be unique per type in each module.
╵

@upodroid upodroid requested a review from BenTheElder July 27, 2025 19:14
@k8s-infra-ci-robot
Copy link
Contributor

Ran Plan for dir: infra/gcp/terraform/k8s-infra-prow workspace: default

Plan Error

Show Output 
running 'sh -c' '/atlantis/bin/terraform1.6.5 init -input=false -upgrade' in '/atlantis/repos/kubernetes/k8s.io/8332/default/infra/gcp/terraform/k8s-infra-prow': exit status 1

Initializing the backend...

Successfully configured the backend "gcs"! Terraform will automatically
use this backend unless the backend configuration changes.
Upgrading modules...
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 11.0.0 for gcb_bucket...
- gcb_bucket in .terraform/modules/gcb_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/kms/google 4.0.0 for gcb_bucket.encryption_key...
- gcb_bucket.encryption_key in .terraform/modules/gcb_bucket.encryption_key
Downloading registry.terraform.io/terraform-google-modules/iam/google 8.1.0 for iam...
- iam in .terraform/modules/iam/modules/projects_iam
- iam.helper in .terraform/modules/iam/modules/helper
Downloading registry.terraform.io/terraform-google-modules/cloud-nat/google 5.3.0 for nat...
- nat in .terraform/modules/nat
Downloading registry.terraform.io/terraform-google-modules/project-factory/google 14.5.0 for project...
- project in .terraform/modules/project
- project.budget in .terraform/modules/project/modules/budget
- project.essential_contacts in .terraform/modules/project/modules/essential_contacts
- project.gsuite_group in .terraform/modules/project/modules/gsuite_group
- project.project-factory in .terraform/modules/project/modules/core_project_factory
- project.project-factory.project_services in .terraform/modules/project/modules/project_services
- project.quotas in .terraform/modules/project/modules/quota_manager
- project.shared_vpc_access in .terraform/modules/project/modules/shared_vpc_access
Downloading registry.terraform.io/terraform-google-modules/kubernetes-engine/google 30.3.0 for prow...
- prow in .terraform/modules/prow/modules/beta-private-cluster
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 11.0.0 for prow_bucket...
- prow_bucket in .terraform/modules/prow_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/kms/google 4.0.0 for prow_bucket.encryption_key...
- prow_bucket.encryption_key in .terraform/modules/prow_bucket.encryption_key
Downloading registry.terraform.io/terraform-google-modules/cloud-storage/google 11.0.0 for testgrid_config_bucket...
- testgrid_config_bucket in .terraform/modules/testgrid_config_bucket/modules/simple_bucket
Downloading registry.terraform.io/terraform-google-modules/kms/google 4.0.0 for testgrid_config_bucket.encryption_key...
- testgrid_config_bucket.encryption_key in .terraform/modules/testgrid_config_bucket.encryption_key
Downloading registry.terraform.io/terraform-google-modules/kubernetes-engine/google 30.3.0 for utility_cluster...
- utility_cluster in .terraform/modules/utility_cluster/modules/beta-private-cluster
Downloading registry.terraform.io/terraform-google-modules/network/google 9.3.0 for vpc...
- vpc in .terraform/modules/vpc
- vpc.firewall_rules in .terraform/modules/vpc/modules/firewall-rules
- vpc.routes in .terraform/modules/vpc/modules/routes
- vpc.subnets in .terraform/modules/vpc/modules/subnets
- vpc.vpc in .terraform/modules/vpc/modules/vpc

Initializing provider plugins...
- Finding latest version of hashicorp/http...
- Finding hashicorp/kubernetes versions matching "~> 2.10"...
- Finding hashicorp/random versions matching ">= 2.1.0, >= 2.2.0, ~> 3.0"...
- Finding hashicorp/null versions matching ">= 2.1.0"...
- Finding hashicorp/time versions matching ">= 0.5.0"...
- Finding hashicorp/google versions matching ">= 3.33.0, >= 3.43.0, >= 3.53.0, >= 3.64.0, >= 3.83.0, >= 4.25.0, >= 4.28.0, >= 4.51.0, >= 4.64.0, >= 5.9.0, >= 5.31.0, ~> 5.45.2, < 6.0.0, >= 6.9.0, < 7.0.0"...
- Finding hashicorp/google-beta versions matching ">= 3.43.0, >= 3.64.0, >= 4.11.0, >= 4.28.0, >= 4.64.0, >= 5.9.0, ~> 5.45.2, < 6.0.0, < 7.0.0"...
- Installing hashicorp/random v3.7.2...
- Installed hashicorp/random v3.7.2 (signed by HashiCorp)
- Installing hashicorp/null v3.2.4...
- Installed hashicorp/null v3.2.4 (signed by HashiCorp)
- Installing hashicorp/time v0.13.1...
- Installed hashicorp/time v0.13.1 (signed by HashiCorp)
- Installing hashicorp/google-beta v5.45.2...
- Installed hashicorp/google-beta v5.45.2 (signed by HashiCorp)
- Installing hashicorp/http v3.5.0...
- Installed hashicorp/http v3.5.0 (signed by HashiCorp)
- Installing hashicorp/kubernetes v2.38.0...
- Installed hashicorp/kubernetes v2.38.0 (signed by HashiCorp)
╷
│ Error: Failed to query available provider packages
│ 
│ Could not retrieve the list of available versions for provider
│ hashicorp/google: no available releases match the given constraints >=
│ 3.33.0, >= 3.43.0, >= 3.53.0, >= 3.64.0, >= 3.83.0, >= 4.25.0, >= 4.28.0,
│ >= 4.51.0, >= 4.64.0, >= 5.9.0, >= 5.31.0, ~> 5.45.2, < 6.0.0, >= 6.9.0, <
│ 7.0.0
╵

@k8s-infra-ci-robot
Copy link
Contributor

Ran Plan for dir: infra/gcp/terraform/k8s-infra-prow workspace: default

Show Output 
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place

Terraform will perform the following actions:

  # google_iam_workload_identity_pool_provider.s390x will be updated in-place
~ resource "google_iam_workload_identity_pool_provider" "s390x" {
        id                                 = "projects/k8s-infra-prow/locations/global/workloadIdentityPools/ibm-clusters/providers/s390x"
        name                               = "projects/16065310909/locations/global/workloadIdentityPools/ibm-clusters/providers/s390x"
        # (9 unchanged attributes hidden)

      ~ oidc {
          ~ jwks_json         = jsonencode( # whitespace changes
                {
                    keys = [
                        {
                            alg = "RS256"
                            e   = "AQAB"
                            kid = "hHfahcjER9vR0mTgZcfzeBP4UjeLcmR83X_JzwGBAnE"
                            kty = "RSA"
                            n   = "3vx5R6Tj0nnrjg0kAUog2NFipbv0J1Y_jdtxukaaDXldA8cT0RFHtiJ1OK3-NhL6OU1pDYEdo7vjtm22IJ5xEmOxjijkdgR0_ociVRUDyL_HalGPj54h7Uo_HeOE52oY37zGT9pFavswlwwGgnUw80l0c6BHCDMog9bYVR9D99ooE1ARS3RCBRlOyIxDNh4sIEVqbzycqz6v-Xe0e87f0GrqiSX5Yl74igY38Jl2kLX_7fmAD0_qaO4tvSenEQS0HS9G7D6jOBhm4bDmcxlsQROpOf4E9eVyWdrtN7L1uHlj2SjjPf_yy0lC_bjNhzwXXTAF6ysI49RHx1EIu3tu3Q"
                            use = "sig"
                        },
                    ]
                }
            )
            # (2 unchanged attributes hidden)
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.
  • ▶️ To apply this plan, comment: 
    atlantis apply -d infra/gcp/terraform/k8s-infra-prow
  • 🚮 To delete this plan and lock, click here
  • 🔁 To plan this project again, comment: 
    atlantis plan -d infra/gcp/terraform/k8s-infra-prow

Plan: 0 to add, 1 to change, 0 to destroy.

  • ⏩ To apply all unapplied plans from this Pull Request, comment: 
    atlantis apply
  • 🚮 To delete all plans and locks from this Pull Request, comment: 
    atlantis unlock

xmudrii
xmudrii approved these changes Jul 28, 2025
View reviewed changes
Copy link
Member

@xmudrii xmudrii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 28, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: upodroid, xmudrii

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jeefy
Copy link
Member

jeefy commented Jul 29, 2025

We do have accounts on here and access to handle/observe billing so should be g2g!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xmudrii xmudrii xmudrii approved these changes

@aojea aojea Awaiting requested review from aojea

@BenTheElder BenTheElder Awaiting requested review from BenTheElder

Assignees

@xmudrii xmudrii

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/infra/gcp Issues or PRs related to Kubernetes GCP infrastructure area/infra Infrastructure management, infrastructure design, code in infra/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters area/terraform Terraform modules, testing them, writing more of them, code in infra/gcp/clusters/ cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@upodroid @k8s-infra-ci-robot @k8s-ci-robot @jeefy @xmudrii