migrate krel to community owned gcp project

[upodroid]

Infra changes for kubernetes/release#4257

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: upodroid

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• infra/gcp/OWNERS [upodroid]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-infra-ci-robot]

Ran Plan for 2 projects:

1. dir: infra/gcp/terraform/k8s-infra-releases-prod workspace: default
2. dir: infra/gcp/terraform/k8s-release workspace: default

---

1. dir: infra/gcp/terraform/k8s-infra-releases-prod workspace: default

Show Output

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
~ update in-place

Terraform will perform the following actions:

  # google_storage_bucket_iam_policy.releng_access_policy will be updated in-place
~ resource "google_storage_bucket_iam_policy" "releng_access_policy" {
        id          = "b/767373bbdcb8270361b96548387bf2a9ad0d48758c35"
      ~ policy_data = jsonencode(
          ~ {
              ~ bindings = [
                    # (1 unchanged element hidden)
                    {
                        members = [
                            "group:k8s-infra-release-editors@kubernetes.io",
                            "projectViewer:k8s-infra-releases-prod",
                        ]
                        role    = "roles/storage.legacyBucketReader"
                    },
                  ~ {
                      ~ members = [
                          + "serviceAccount:304687256732@cloudbuild.gserviceaccount.com",
                            "serviceAccount:648026197307@cloudbuild.gserviceaccount.com",
                        ]
                        # (1 unchanged attribute hidden)
                    },
                    {
                        members = [
                            "group:k8s-infra-release-editors@kubernetes.io",
                            "serviceAccount:fastly-reader@k8s-infra-releases-prod.iam.gserviceaccount.com",
                        ]
                        role    = "roles/storage.objectViewer"
                    },
                ]
            }
        )
        # (2 unchanged attributes hidden)
    }

  # module.secrets.google_secret_manager_secret_version.secret-version["datadog_fastly_logs_streaming"] will be created
+ resource "google_secret_manager_secret_version" "secret-version" {
      + create_time            = (known after apply)
      + deletion_policy        = "DELETE"
      + destroy_time           = (known after apply)
      + enabled                = true
      + id                     = (known after apply)
      + is_secret_data_base64  = false
      + name                   = (known after apply)
      + secret                 = "projects/k8s-infra-releases-prod/secrets/datadog_fastly_logs_streaming"
      + secret_data            = (sensitive value)
      + secret_data_wo         = (write-only attribute)
      + secret_data_wo_version = 0
      + version                = (known after apply)
    }

Plan: 1 to add, 1 to change, 0 to destroy.

• ▶️ To apply this plan, comment:

  atlantis apply -d infra/gcp/terraform/k8s-infra-releases-prod

• 🚮 To delete this plan and lock, click here
• 🔁 To plan this project again, comment:

  atlantis plan -d infra/gcp/terraform/k8s-infra-releases-prod

Plan: 1 to add, 1 to change, 0 to destroy.

---

Plan Summary

2 projects, 1 with changes, 1 with no changes, 0 failed

• ⏩ To apply all unapplied plans from this Pull Request, comment:

  atlantis apply

• 🚮 To delete all plans and locks from this Pull Request, comment:

  atlantis unlock