Provision GCS (or the default cloud provider) buckets for logs with private access (SA)

[Vyom-Yadav]

Part of kubernetes/k8s.io#7588

The SRC wants to setup CI for the private fork of Kubernetes. As discussed in sig-k8s-infra meetings, we'll use the same service cluster and provision a new build cluster with a private deck instance for running these jobs.

As the starting step, creating GCS (or the default cloud provider) storage buckets with appropriate access. Non world readable buckets, write and read access to Deck instance which would be behind an oauth2 proxy.

https://docs.prow.k8s.io/docs/getting-started-deploy/#configure-a-gcs-bucket
https://docs.prow.k8s.io/docs/private-deck/#2-operator-create-a-new-service-account-and-bind-it

The SRC private organization: https://github.com/kubernetes-security already seems to have the github app for prow installed. (need to validate permissions)

/assign @xmudrii

[Vyom-Yadav]

Marko, as discussed on DMs, I've assigned this issue to you.

[Vyom-Yadav]

/sig k8s-infra

[Pnkcaht]

Marko, as discussed on DMs, I've assigned this issue to you.

@xmudrii Since the task has already been assigned to you, feel free to contact me if you need anything