[𝘀𝗽𝗿] changes to main this commit is based on

boomanaiden154 · boomanaiden154 · commit e1dca0a1a820 · 2025-07-18T16:34:07.000Z
Created using spr 1.3.4

[skip ci]
diff --git a/premerge/gke_cluster/main.tf b/premerge/gke_cluster/main.tf
@@ -12,6 +12,13 @@ resource "google_container_cluster" "llvm_premerge" {
   # for adding windows nodes to the cluster.
   networking_mode = "VPC_NATIVE"
   ip_allocation_policy {}
+
+  # Set the workload identity config so that we can authenticate with Google
+  # Cloud APIs using workload identity federation as described in
+  # https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity.
+  workload_identity_config {
+    workload_pool = "llvm-premerge-checks.svc.id.goog"
+  }
 }
 
 resource "google_container_node_pool" "llvm_premerge_linux_service" {
@@ -62,6 +69,12 @@ resource "google_container_node_pool" "llvm_premerge_linux" {
     resource_labels = {
       "goog-gke-node-pool-provisioning-model" = "on-demand"
     }
+
+    # Enable workload identity federation for this pool so that we can access
+    # GCS buckets.
+    workload_metadata_config {
+      mode = "GKE_METADATA"
+    }
   }
 }
 
@@ -139,5 +152,27 @@ resource "google_container_node_pool" "llvm_premerge_windows_2022" {
     resource_labels = {
       "goog-gke-node-pool-provisioning-model" = "on-demand"
     }
+
+    # Enable workload identity federation for this pool so that we can access
+    # GCS buckets.
+    workload_metadata_config {
+      mode = "GKE_METADATA"
+    }
   }
 }
+
+resource "google_storage_bucket" "object_cache_linux" {
+  name = format("%s-object-cache-linux", var.cluster_name)
+  location = var.region
+
+  uniform_bucket_level_access = true
+  public_access_prevention = "enforced"
+}
+
+resource "google_storage_bucket" "object_cache_windows" {
+  name = format("%s-object-cache-windows", var.cluster_name)
+  location = var.region
+
+  uniform_bucket_level_access = true
+  public_access_prevention = "enforced"
+}
