Merge cert-manager's testgrid config

[wallrj]

We're configuring cert-manager Prow to upload testgrid configs using config merger.
We've created a GCP bucket with read-access from the Kubernetes testgrid service accounts

We're ironing out some problems with the uploading, but once we've got it working this can be reviewed and merged.

Part of:

• Migrate cert-manager testgrid integration from Transfigure to Config Merger cert-manager/testing#629

[k8s-ci-robot]

Hi @wallrj. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[irbekrm]

The configuration has now been uploaded to a bucket by a ProwJob (this is not publicly accessible, so I cannot link it).

[chases2]

Not-publicly-accessible is fine, so long as permissions are granted as outlined in merging.md

Also keep in mind that, although the bucket or file are not publicly readable, you are asking TestGrid to display the contents of this config file to everyone. https://testgrid.k8s.io/ is quite public.

/approve
/lgtm
/hold for ack
/ok-to-test

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chases2, wallrj

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• config/OWNERS [chases2]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wallrj]

/unhold

[irbekrm]

Nice to see that this got merged 🙏🏼

Not-publicly-accessible is fine, so long as permissions are granted as outlined in merging.md
Also keep in mind that, although the bucket or file are not publicly readable, you are asking TestGrid to display the contents of this config file to everyone. https://testgrid.k8s.io/ is quite public.

We've given storage.objectViewer role to [email protected] and [email protected].

We're okay with TestGrid being public (more pressure on us to keep those jobs green :) ), it's just the least privilege principle for the bucket.

I've had a look at our TestGrid and it looks like it hasn't been updated yet with the config from the bucket- where would we be able to see what happened after this PR got merged, was there a job that ran with Config Merger trying to access our bucket?

[irbekrm]

Hi @chases2 thanks a lot for your help with this!

It looks like so far our TestGrid has not yet been updated with the latest config since merging this PR. Is there somewhere we could look to see if there are any issues with the configuration?

I see that there are some older issues that talk about needing to restart Config Merger controller, but I am guessing this is no longer the case GoogleCloudPlatform/testgrid#517 ?