k8s.io provides code and configuration to manage Kubernetes project infrastructure, enabling secure and scalable cloud resource management and site hosting.
Code and configuration to manage Kubernetes project infrastructure, including various *.k8s.io sites
This tool is used by Kubernetes infrastructure teams and cloud security engineers to manage Kubernetes-related infrastructure, including DNS, GCP resources, RBAC, and site hosting for various Kubernetes community services. It facilitates cloud configuration scanning, infrastructure as code security, and secrets management to maintain secure and compliant Kubernetes project environments.
Users should have appropriate GCP permissions and familiarity with Terraform, Kubernetes RBAC, and OPA policies to effectively use this tool. The repository is maintained by multiple SIGs, so coordination with Kubernetes SIG-k8s-infra and related groups is recommended for contributions or operational changes.
Clone the repository: git clone https://github.com/kubernetes/k8s.io.git
Navigate to the infra/gcp directory for GCP infrastructure management scripts
Use Terraform modules in infra/gcp/terraform/modules for infrastructure as code
Apply OPA policies via conftest to validate resource configurations
Deploy community-managed apps by following respective subdirectory instructionsscripts in infra/gcp/bash/namespaces
Manage Kubernetes namespaces and RBAC for the 'aaa' cluster
scripts in infra/gcp/bash/prow
Manage projects used for e2e testing via boskos
scripts in infra/gcp/bash/roles
Manage custom GCP IAM roles
terraform apply in infra/gcp/terraform/projects
Manage GCP projects infrastructure
conftest test -p policy <resource-file>
Validate resource configurations against OPA policies