k8s.io/test-infra@v0.0.0-20240520184403-27c6b4c223d8/rbe/install.sh (about) 1 #!/usr/bin/env bash 2 # Copyright 2019 The Kubernetes Authors. 3 # 4 # Licensed under the Apache License, Version 2.0 (the "License"); 5 # you may not use this file except in compliance with the License. 6 # You may obtain a copy of the License at 7 # 8 # http://www.apache.org/licenses/LICENSE-2.0 9 # 10 # Unless required by applicable law or agreed to in writing, software 11 # distributed under the License is distributed on an "AS IS" BASIS, 12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 # See the License for the specific language governing permissions and 14 # limitations under the License. 15 16 set -o errexit 17 set -o nounset 18 set -o pipefail 19 20 if [[ $# -lt 6 ]]; then 21 echo "Usage: $(basename "$0") <gcp-project-id> <pool-name> <workers:200> <diskgb:600> <machine:n1-standard-2> <bot ...>" >&2 22 exit 1 23 fi 24 25 # Note: this currently requires your project to be added to a private list 26 # Contact fejta on #sig-testing or #prow on kubernetes slack to get on the 27 # list 28 # More info: https://cloud.google.com/remote-build-execution/docs/overview 29 30 proj=$1 31 pool=$2 32 workers=$3 33 disk=$4 34 machine=$5 35 shift 5 36 37 users=() 38 groups=() 39 bots=( 40 "$@" 41 ) 42 43 log() { 44 ( 45 set -o xtrace 46 "$@" 47 ) 48 } 49 50 log gcloud services enable remotebuildexecution.googleapis.com "--project=$proj" 51 52 check_instance=( 53 gcloud alpha remote-build-execution instances describe default_instance "--project=$proj" 54 ) 55 56 check_pools=( 57 gcloud alpha remote-build-execution worker-pools describe "$pool" "--project=$proj" --instance=default_instance 58 ) 59 60 if ! "${check_instance[@]}" 2>/dev/null; then 61 log gcloud alpha remote-build-execution instances create \ 62 default_instance \ 63 "--project=$proj" 64 fi 65 66 if [[ -z $pool ]]; then 67 echo "Existing pools:" >&2 68 for i in $(gcloud alpha remote-build-execution worker-pools list \ 69 "--project=$proj" \ 70 --instance=default_instance \ 71 --format='value(name)'); do 72 echo " $(basename "$i")" >&2 73 done 74 echo "Usage: $0 $1 <pool>" >&2 75 exit 1 76 fi 77 78 79 if ! "${check_pools[@]}" 2>/dev/null; then 80 log gcloud alpha remote-build-execution worker-pools create \ 81 "$pool" \ 82 "--project=$proj" \ 83 --instance=default_instance \ 84 "--worker-count=$workers" \ 85 "--disk-size=$disk" \ 86 "--machine-type=$machine" 87 else 88 log gcloud alpha remote-build-execution worker-pools update \ 89 "$pool" \ 90 "--project=$proj" \ 91 --instance=default_instance \ 92 "--worker-count=$workers" \ 93 "--disk-size=$disk" \ 94 "--machine-type=$machine" 95 fi 96 97 # https://cloud.google.com/remote-build-execution/docs/modify-worker-pool 98 echo "Update remote processing power: 99 gcloud alpha remote-build-execution worker-pools update \\ 100 --project='$proj' \\ 101 --instance=default_instance \\ 102 --worker-count='$workers' \\ 103 --disk-size='$disk' \\ 104 --machine-type='$machine' 105 " 106 107 members=() 108 109 for u in "${users[@]}"; do 110 members+=("--member=user:$u") 111 done 112 113 for g in "${groups[@]}"; do 114 members+=("--member=group:$g") 115 done 116 117 for b in "${bots[@]}"; do 118 members+=("--member=serviceAccount:$b") 119 done 120 121 if [[ "${#members[@]}" -gt 0 ]]; then 122 log gcloud projects add-iam-policy-binding "$proj" \ 123 "${members[@]}" \ 124 --role=roles/remotebuildexecution.artifactCreator >/dev/null 125 fi 126 127 # https://cloud.google.com/remote-build-execution/docs/access-control 128 echo "Grant access to users and bots: 129 gcloud projects add-iam-policy-binding '$proj' \\ 130 --role=roles/remotebuildexecution.artifactCreator \\ 131 --member=user:your.email@example.com \\ 132 --member:serviceAccount:example.bot@your-project.iam.gserviceaccount.com \\ 133 --member:group:example-google-group@googlegroups.com 134 " 135 136 echo "Configure your bazel environment:" 137 echo " $(dirname "$0")/configure.sh"