Skip to content

deploy new testgrid UI #8921

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
k8s-ci-robot merged 1 commit into from
Jan 5, 2026
Merged

deploy new testgrid UI #8921

k8s-ci-robot merged 1 commit into from
Jan 5, 2026
+215 −0

Conversation

@upodroid
Copy link
Member

@upodroid upodroid commented Jan 1, 2026
edited
Loading

Fixes: #8740

I deployed the new testgrid UI, however it is broken.

Action Items:

  • The testgrid API needs to be deployed via HTTPS. I copied over the prod manifest https://github.com/GoogleCloudPlatform/testgrid/blob/main/cluster/prod/api.yaml and deployed it in our cluster. However, we can't access the k8s-testgrid bucket. I would need the googlers to grant permission to our principal which is principal://iam.googleapis.com/projects/16065310909/locations/global/workloadIdentityPools/k8s-infra-prow.svc.id.goog/subject/ns/default/sa/testgrid-api or arrange transferring this bucket to the k8s-infra-prow project along with the testgrid deployment.
  • Automate the image build pipeline. The image was manually built like this docker build . --platform linux/amd64 -t gcr.io/k8s-staging-test-infra/testgrid-ui:latest --build-arg API_URL=https://testgrid-api.prow.k8s.io --push
  • Withdraw the testgrid-data.k8s.io endpoint and replace it with testgrid-api.prow.k8s.io
image

@SohamChakraborty

@k8s-ci-robot k8s-ci-robot requested review from aojea and cjwagner January 1, 2026 13:31
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/dns DNS records for k8s.io, kubernetes.io, k8s.dev, etc., code in dns/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters size/L Denotes a PR that changes 100-499 lines, ignoring generated files. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Jan 1, 2026
@upodroid
Copy link
Member Author

upodroid commented Jan 1, 2026

Okay, so I deployed an Nginx proxy to fetch the API results, and the errors have disappeared.

@k8s-infra-ci-robot
Copy link
Contributor

k8s-infra-ci-robot commented Jan 1, 2026

Argo CD Diff Preview

Summary:

No changes found

No changes found

Stats:
[Applications: 6], [Full Run: 1m44s], [Rendering: 47s], [Cluster: 24s], [Argo CD: 32s]

@michelle192837
Copy link
Contributor

michelle192837 commented Jan 5, 2026

Working on granting the principal access to unblock this short-term. Thanks for putting this together!

michelle192837
michelle192837 approved these changes Jan 5, 2026
View reviewed changes
Copy link
Contributor

@michelle192837 michelle192837 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, holding for principal access. I'll note when that's granted, otherwise unhold at will.

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 5, 2026
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 5, 2026
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 5, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: michelle192837, upodroid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@upodroid
Copy link
Member Author

upodroid commented Jan 5, 2026

thanks
/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 5, 2026
@k8s-ci-robot k8s-ci-robot merged commit cb86f7a into kubernetes:main Jan 5, 2026
9 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.36 milestone Jan 5, 2026
@michelle192837
Copy link
Contributor

michelle192837 commented Jan 5, 2026

Principal should be granted access, please let me know if it doesn't work or you have other issues!

@upodroid
Copy link
Member Author

upodroid commented Jan 6, 2026

Can you enable uniform bucket-level access? Its required for Workload Identity Federation

 .venv  mahamed  DIAPLT128  ~  Desktop  Git  k8s.io   main  2⬆  6✎  1⚑  $  k logs testgrid-api-fb8fd7d6c-tcd24
time="2026-01-01T16:14:58Z" level=info msg="Listening via http..." component=api port=8080
time="2026-01-01T16:14:58Z" level=info msg="Listening via gRPC..." component=api port=50051
time="2026-01-06T08:20:45Z" level=error msg="Can't read default config; check permissions" config-path="gs://k8s-testgrid/config" error="can't read \"gs://k8s-testgrid/config\": open: googleapi: got HTTP response code 412 with body: <?xml version='1.0' encoding='UTF-8'?><Error><Code>PreconditionFailed</Code><Message>The operation requires that Uniform Bucket Level Access be enabled.</Message><Details>The type of authentication token used for this request requires that Uniform Bucket Level Access be enabled.</Details></Error>"

@michelle192837
Copy link
Contributor

michelle192837 commented Jan 6, 2026

Can you enable uniform bucket-level access? Its required for Workload Identity Federation

Done! (I checked permissions, it shouldn't affect any existing access but let me know if something goes wrong)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aojea aojea Awaiting requested review from aojea

@cjwagner cjwagner Awaiting requested review from cjwagner

1 more reviewer

@michelle192837 michelle192837 michelle192837 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@michelle192837 michelle192837

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/dns DNS records for k8s.io, kubernetes.io, k8s.dev, etc., code in dns/ area/prow Setting up or working with prow in general, prow.k8s.io, prow build clusters cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

v1.36

Development

Successfully merging this pull request may close these issues.

Infra support to spin up new testgrid UI

4 participants

@upodroid @k8s-infra-ci-robot @michelle192837 @k8s-ci-robot