cmd/gopherbot: move to Workload Identity
Create a new service account, and move the deployment over to the prod
namespace. Also update the build image to Go 1.17.
For golang/go#48263.
Change-Id: I9c7776b294ee78c2745670f805ec70cab1ae4573
Reviewed-on: https://go-review.googlesource.com/c/build/+/349056
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Heschi Kreinick <heschi@google.com>
diff --git a/cmd/gopherbot/Dockerfile b/cmd/gopherbot/Dockerfile
index 9ccca8a..ef31737 100644
--- a/cmd/gopherbot/Dockerfile
+++ b/cmd/gopherbot/Dockerfile
@@ -2,13 +2,9 @@
# Use of this source code is governed by a BSD-style
# license that can be found in the LICENSE file.
-FROM golang:1.12 AS build
+FROM golang:1.17 AS build
LABEL maintainer "golang-dev@googlegroups.com"
-
-ENV GO111MODULE=on
-ENV GOPROXY=https://proxy.golang.org
-
RUN mkdir /gocache
ENV GOCACHE /gocache
diff --git a/cmd/gopherbot/Makefile b/cmd/gopherbot/Makefile
index cad04ae..452d5bc 100644
--- a/cmd/gopherbot/Makefile
+++ b/cmd/gopherbot/Makefile
@@ -23,7 +23,7 @@
deploy-prod: push-prod
go install golang.org/x/build/cmd/xb
- xb --prod kubectl set image deployment/gopherbot-deployment gopherbot=$(IMAGE_PROD):$(VERSION)
+ xb --prod kubectl --namespace prod set image deployment/gopherbot-deployment gopherbot=$(IMAGE_PROD):$(VERSION)
deploy-staging: push-staging
go install golang.org/x/build/cmd/xb
xb --staging kubectl set image deployment/gopherbot-deployment gopherbot=$(IMAGE_STAGING):$(VERSION)
diff --git a/cmd/gopherbot/deployment-prod.yaml b/cmd/gopherbot/deployment-prod.yaml
index 6460f0b..04c01d5 100644
--- a/cmd/gopherbot/deployment-prod.yaml
+++ b/cmd/gopherbot/deployment-prod.yaml
@@ -1,6 +1,7 @@
apiVersion: apps/v1
kind: Deployment
metadata:
+ namespace: prod
name: gopherbot-deployment
spec:
replicas: 1 # more than 1 might cause duplicate GitHub comments
@@ -15,6 +16,9 @@
container.seccomp.security.alpha.kubernetes.io/gopherbot: docker/default
container.apparmor.security.beta.kubernetes.io/gopherbot: runtime/default
spec:
+ serviceAccountName: gopherbot
+ nodeSelector:
+ cloud.google.com/gke-nodepool: workload-identity-pool
volumes:
- name: cache-volume
emptyDir: {}