foundation icon indicating copy to clipboard operation
foundation copied to clipboard
verified publisher icon cdfoundation

GCP Accounts for Tekton

Open afrittoli opened this issue 4 years ago • 12 comments

Tekton infrastructure runs on GCS today, but the billing accounts are not, at least to my knowledge, owned by the CDF.

The GCS project used for Tekton are Google internal ones, which means members of the Tekton Governing Board that are not Google employees cannot have full admin control on the accounts, which is what we would like have instead.

Tekton is going to migrate the existing projects so that they regular GCP ones, but we need a billing account to associate the projects with.

afrittoli avatar Feb 15 '22 16:02 afrittoli

Update from the Tekton community meeting today:

  • If we could create a GCP org we could move the projects across, however GCP org creation requires Google Workspace or Cloud Identity + Domain Verification
  • Alternative is still to create a GCP project/billing account, but Tekton GB cannot create one as the project is not a legal entity. We need the CDF to create the GCP project / billing account.

afrittoli avatar Mar 29 '22 20:03 afrittoli

@fdegir, with your new role as CDF ED (congrats), is that something you can us push forward now?

mchmarny avatar Jun 14 '22 18:06 mchmarny

@mchmarny Thanks Mark and yes, I am looking into this and will be back as soon as I have some news to share.

fdegir avatar Jun 14 '22 20:06 fdegir

FYI - Still working on this with LFIT. Apologies for not being able to sort this out yet.

fdegir avatar Jul 05 '22 20:07 fdegir

Met with @afrittoli and decided a way forward.

  • Get a new Google Workspace for Tekton Community which will make it possible to have a Google Organization
  • Make all the Tekton GB members admins in the new organization
  • Make the change to the organization so it uses CDF GCP Billing Account
  • Create a new project under the org based on what Tekton Community has to start working out the details for the transition plan so we avoid breaking things by changing stuff on the existing projects

fdegir avatar Jul 22 '22 08:07 fdegir

Thanks @fdegir for driving this. The approach makes sense. Would it make sense to start with simple change the billing account on the current project first while we work on the implementation of the above plan over longer time?

mchmarny avatar Jul 22 '22 12:07 mchmarny

@mchmarny We thought of doing exactly what you proposed and tried it when Andrea and I met however Andrea doesn't have permission to change billing account.

If the Tekton GB Members are granted permissions to administer projects, they should be able to do that change.

fdegir avatar Jul 22 '22 13:07 fdegir

hi @fdegir the current project is under the Google org which unfortunately means that only Google GB members have admin access (one of the reasons we want to migrate to an CDF org project). If you can provide the billing account details, I could try switching the billing accounts.

dibyom avatar Jul 22 '22 14:07 dibyom

Thanks for offering to help @dibyom. I pinged you on Slack so we can talk about this.

fdegir avatar Jul 25 '22 13:07 fdegir

Thanks to @dibyom, we changed the billing account of one of the projects, tekton-nightly, to CDF one to have a progress.

In addition to this, I opened a ticket to LFIT to find out how best we can address the overall need to create a GCP organisation for Tekton Community so the community can manage things autonomously. Dibyo also provided few hints which I'll be passing them to LFIT. Will get back with more updates as soon as I have them.

fdegir avatar Jul 27 '22 13:07 fdegir

Thanks to LFIT, we identified a way forward. The recommendation I got is to create folders and place projects under that. We now have a folder with the name Tekton Project under GCP LF Organisation and @afrittoli and @dibyom are granted admin rights for the folder.

@afrittoli and @dibyom, can you please try moving the project tekton-nightly to the Tekton Project folder and let me know how it goes?

If this works, we can then discuss the way forward with moving/(re)creating other projects to this folder.

Please let me now if you need additional information about the folder so I can pass it to you.

fdegir avatar Aug 04 '22 21:08 fdegir

Thanks @fdegir I can confirm I have access to the Tekton Project folder. I'm currently following a Google internal process for migrating the project and will provide an update when that is complete.

dibyom avatar Aug 17 '22 18:08 dibyom

Can we close it now?

oleg-nenashev avatar Nov 30 '22 21:11 oleg-nenashev

@oleg-nenashev We are still working with LFIT to transfer Tekton projects from Google GCP organization to LF GCP organization so better to keep the ticket open.

I'll report back once it is done and we can close the ticket once confirmed by Tekton community as working as expected.

fdegir avatar Nov 30 '22 22:11 fdegir

The migration is now complete!

dibyom avatar Dec 01 '22 22:12 dibyom

Thanks a lot @dibyom for pushing this to completion!

Since we have some other projects under different GCP orgs, I am wondering if we can document this with all the steps, required configurations, permissions, who does what and so on so we can look for bringing other such projects to LF GCP Org CDF folder?

If this makes sense, could you please send a PR to this document, adding a new heading into like migrating GCP projects from external orgs to LF GCP Org, and documenting the details?

fdegir avatar Dec 01 '22 22:12 fdegir

@fdegir sure - I'll take a stab at it!

dibyom avatar Dec 02 '22 15:12 dibyom

Thanks @dibyom!

By the way, is it ok to close this issue now? If you identify additional things or things don't work as expected, we can create a new issue and track it under that one?

fdegir avatar Dec 02 '22 16:12 fdegir

Yup!, ~~closing as done!~~ I can't close the issue, but it's done

dibyom avatar Dec 02 '22 16:12 dibyom