Feruzjon Muyassarov fmuyassarov

Prow with Azure cloud storage

Recently I had to build a Prow cluster for one of the projects I was working on. Usually you want to configure Prow to store job artifacts in some cloud storage so that people could access those logs later on. In my case, Azure cloud was the only option to go with. Unfortunately, at the time of writing this post Prow doesn't support Azure as storage backed and only GCP or AWS S3.

However, thanks to MinIO, I could build my Prow cluster and still store the job artifacts in Azure storage as I would in GCP or AWS S3. So I wanted to share how I configured my Prow cluster to work with Azure storage.

Note: This is Prow setup in a local test environment. In other words, there is no TLS, cert-manager, ingress controller configuration involved as they would in real setup.

	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: minio
	namespace: prow
	spec:
	selector:
	matchLabels:
	app: minio
	strategy:

	#!/bin/bash

	ns=${NS:-default}
	BLUE='\033[0;34m'
	Color_Off='\033[0m'

	for pod in $(kubectl -n $ns get pods \| tr -s '\t' ' ' \|
	cut -d ' ' -f1 \| grep -v ^NAME \| tr -d '"'); do
	for ctr in $(kubectl get -n $ns pod $pod -o json \|
	jq '.spec.containers[].name' \| tr -d '"'); do

	apiVersion: topology.node.k8s.io/v1alpha2
	attributes:
	- name: TopologyPolicy
	value: topology-aware
	kind: NodeResourceTopology
	metadata:
	creationTimestamp: "2024-10-25T09:23:16Z"
	generation: 1
	name: dev-20241025-074512
	resourceVersion: "1054"

	STEP 1/3 — Building Dockerfile: [ttl.sh/ghcr.io/containers/nri-plugins/nri-resource-policy-topology-aware]
	Building Dockerfile for platform linux/amd64:
	ARG GO_VERSION=1.22

	FROM golang:${GO_VERSION}-bullseye AS builder

	ARG IMAGE_VERSION
	ARG BUILD_VERSION
	ARG BUILD_BUILDID
	ARG DEBUG=0

	STEP 1/3 — Building Dockerfile: [ttl.sh/ghcr.io/containers/nri-plugins/nri-resource-policy-topology-aware]
	Building Dockerfile for platform linux/amd64:
	ARG GO_VERSION=1.22

	FROM golang:${GO_VERSION}-bullseye AS builder

	ARG IMAGE_VERSION
	ARG BUILD_VERSION
	ARG BUILD_BUILDID
	ARG DEBUG=0

	[crio.image]
	signature_policy = "/etc/crio/policy.json"

	[crio.runtime]
	default_runtime = "runc"
	log_level = "debug"

	[crio.runtime.runtimes.crun]
	runtime_type = "pod"
	runtime_path = "/usr/libexec/crio/crun"

	apiVersion: networking.k8s.io/v1
	kind: NetworkPolicy
	metadata:
	name: testpol1
	namespace: test1
	spec:
	egress:
	- ports:
	- port: 80
	protocol: TCP

	sudo iptables -t filter -vnL \| grep cali-
	295K 184M cali-INPUT 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:Cz_u1IQiXIMmKD4c */
	1022 47669 cali-FORWARD 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:wUHhoiAYhphO9Mso */
	295K 186M cali-OUTPUT 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:tVnHkvAo15HuiPy0 */
	Chain cali-FORWARD (1 references)
	1022 47669 cali-from-hep-forward 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:ZfgmjuiLaA8Pg0kp */ mark match 0x0/0x10000
	1015 46326 cali-from-wl-dispatch 0 -- cali+ * 0.0.0.0/0 0.0.0.0/0 /* cali:tAzwBLPaV-j53OOZ */
	7 1343 cali-to-wl-dispatch 0 -- * cali+ 0.0.0.0/0 0.0.0.0/0 /* cali:4Z0Pf0byo05NFe-P */
	7 546 cali-to-hep-forward 0 -- * * 0.0.0.0/0 0.0.0.0/0 /* cali:hQ7Oc16wmUtLuneJ */
	7 546 cali-cidr-block 0 -- * * 0.

	Chain INPUT (policy ACCEPT 322M packets, 101G bytes)
	pkts bytes target prot opt in out source destination
	335M 103G cali-INPUT all -- any any anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */
	4637K 293M KUBE-PROXY-FIREWALL all -- any any anywhere anywhere ctstate NEW /* kubernetes load balancer firewall */
	322M 101G KUBE-NODEPORTS all -- any any anywhere anywhere /* kubernetes health check service ports */
	4637K 293M KUBE-EXTERNAL-SERVICES all -- any any anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
	322M 101G KUBE-FIREWALL all -- any any anywhere anywhere

	Chain FORWARD (policy ACCEPT 2 packets, 181 bytes)
	pkts bytes target prot opt in out source destination

Feruzjon Muyassarov fmuyassarov

Prow with Azure cloud storage

Prerequisites