llvm · boomanaiden154 · Jul 21, 2025 · Jul 18, 2025 · Jul 18, 2025 · Jul 20, 2025
diff --git a/premerge/gke_cluster/outputs.tf b/premerge/gke_cluster/outputs.tf
@@ -12,4 +12,12 @@ output "client_key" {
 
 output "cluster_ca_certificate" {
   value = google_container_cluster.llvm_premerge.master_auth.0.cluster_ca_certificate
-}
+}
+
+output "linux_object_cache_gcp_service_account_email" {
+  value = google_service_account.object_cache_linux_gsa.email
+}
+
+output "windows_2022_object_cache_gcp_service_account_email" {
+  value = google_service_account.object_cache_windows_gsa.email
+}
diff --git a/premerge/main.tf b/premerge/main.tf
@@ -138,33 +138,41 @@ provider "kubernetes" {
 }
 
 module "premerge_cluster_us_central_resources" {
-  source                              = "./premerge_resources"
-  github_app_id                       = data.google_secret_manager_secret_version.github_app_id.secret_data
-  github_app_installation_id          = data.google_secret_manager_secret_version.github_app_installation_id.secret_data
-  github_app_private_key              = data.google_secret_manager_secret_version.github_app_private_key.secret_data
-  cluster_name                        = "llvm-premerge-cluster-us-central"
-  grafana_token                       = data.google_secret_manager_secret_version.grafana_token.secret_data
-  runner_group_name                   = "llvm-premerge-cluster-us-central"
-  linux_runners_namespace_name        = local.linux_runners_namespace_name
-  windows_2022_runners_namespace_name = local.windows_2022_runners_namespace_name
-  github_arc_version                  = "0.12.1"
+  source                                               = "./premerge_resources"
+  github_app_id                                        = data.google_secret_manager_secret_version.github_app_id.secret_data
+  github_app_installation_id                           = data.google_secret_manager_secret_version.github_app_installation_id.secret_data
+  github_app_private_key                               = data.google_secret_manager_secret_version.github_app_private_key.secret_data
+  cluster_name                                         = "llvm-premerge-cluster-us-central"
+  grafana_token                                        = data.google_secret_manager_secret_version.grafana_token.secret_data
+  runner_group_name                                    = "llvm-premerge-cluster-us-central"
+  linux_runners_namespace_name                         = local.linux_runners_namespace_name
+  linux_runners_kubernetes_service_account_name        = local.linux_runners_kubernetes_service_account_name
+  windows_2022_runners_namespace_name                  = local.windows_2022_runners_namespace_name
+  windows_2022_runners_kubernetes_service_account_name = local.windows_2022_runners_kubernetes_service_account_name
+  linux_object_cache_gcp_service_account_email         = module.premerge_cluster_us_central.linux_object_cache_gcp_service_account_email
+  windows_2022_object_cache_gcp_service_account_email  = module.premerge_cluster_us_central.windows_2022_object_cache_gcp_service_account_email
+  github_arc_version                                   = "0.12.1"
   providers = {
     kubernetes = kubernetes.llvm-premerge-us-central
     helm       = helm.llvm-premerge-us-central
   }
 }
 
 module "premerge_cluster_us_west_resources" {
-  source                              = "./premerge_resources"
-  github_app_id                       = data.google_secret_manager_secret_version.github_app_id.secret_data
-  github_app_installation_id          = data.google_secret_manager_secret_version.github_app_installation_id.secret_data
-  github_app_private_key              = data.google_secret_manager_secret_version.github_app_private_key.secret_data
-  cluster_name                        = "llvm-premerge-cluster-us-west"
-  grafana_token                       = data.google_secret_manager_secret_version.grafana_token.secret_data
-  runner_group_name                   = "llvm-premerge-cluster-us-west"
-  linux_runners_namespace_name        = local.linux_runners_namespace_name
-  windows_2022_runners_namespace_name = local.windows_2022_runners_namespace_name
-  github_arc_version                  = "0.12.1"
+  source                                               = "./premerge_resources"
+  github_app_id                                        = data.google_secret_manager_secret_version.github_app_id.secret_data
+  github_app_installation_id                           = data.google_secret_manager_secret_version.github_app_installation_id.secret_data
+  github_app_private_key                               = data.google_secret_manager_secret_version.github_app_private_key.secret_data
+  cluster_name                                         = "llvm-premerge-cluster-us-west"
+  grafana_token                                        = data.google_secret_manager_secret_version.grafana_token.secret_data
+  runner_group_name                                    = "llvm-premerge-cluster-us-west"
+  linux_runners_namespace_name                         = local.linux_runners_namespace_name
+  linux_runners_kubernetes_service_account_name        = local.linux_runners_kubernetes_service_account_name
+  windows_2022_runners_namespace_name                  = local.windows_2022_runners_namespace_name
+  windows_2022_runners_kubernetes_service_account_name = local.windows_2022_runners_kubernetes_service_account_name
+  linux_object_cache_gcp_service_account_email         = module.premerge_cluster_us_central.linux_object_cache_gcp_service_account_email
+  windows_2022_object_cache_gcp_service_account_email  = module.premerge_cluster_us_central.windows_2022_object_cache_gcp_service_account_email
+  github_arc_version                                   = "0.12.1"
   providers = {
     kubernetes = kubernetes.llvm-premerge-us-west
     helm       = helm.llvm-premerge-us-west

diff --git a/premerge/premerge_resources/main.tf b/premerge/premerge_resources/main.tf
@@ -234,6 +234,30 @@ resource "helm_release" "github_actions_runner_set_libcxx_next" {
   ]
 }
 
+resource "kubernetes_service_account" "linux_object_cache_ksa" {
+  metadata {
+    name      = var.linux_runners_kubernetes_service_account_name
+    namespace = var.linux_runners_namespace_name
+    annotations = {
+      "iam.gke.io/gcp-service-account" = var.linux_object_cache_gcp_service_account_email
+    }
+  }
+
+  depends_on = [kubernetes_namespace.llvm_premerge_linux_runners]
+}
+
+resource "kubernetes_service_account" "windows_2022_object_cache_ksa" {
+  metadata {
+    name      = var.windows_2022_runners_kubernetes_service_account_name
+    namespace = var.windows_2022_runners_namespace_name
+    annotations = {
+      "iam.gke.io/gcp-service-account" = var.windows_2022_object_cache_gcp_service_account_email
+    }
+  }
+
+  depends_on = [kubernetes_namespace.llvm_premerge_windows_2022_runners]
+}
+
 resource "kubernetes_namespace" "grafana" {
   metadata {
     name = "grafana"

diff --git a/premerge/premerge_resources/variables.tf b/premerge/premerge_resources/variables.tf
@@ -80,7 +80,27 @@ variable "linux_runners_namespace_name" {
   type        = string
 }
 
+variable "linux_runners_kubernetes_service_account_name" {
+  description = "The name of the kubernetes service account used to access the Linux object cache GCS bucket"
+  type        = string
+}
+
 variable "windows_2022_runners_namespace_name" {
   description = "The name of the namespace containing the Windows runners"
   type        = string
 }
+
+variable "windows_2022_runners_kubernetes_service_account_name" {
+  description = "The name of the kubernetes service account used to access the Windows object cache GCS bucket"
+  type        = string
+}
+
+variable "linux_object_cache_gcp_service_account_email" {
+  description = "The email associated with the service account for accessing the object cache on Linux."
+  type        = string
+}
+
+variable "windows_2022_object_cache_gcp_service_account_email" {
+  description = "The email associated with the service account for accessing the object cache on Windows."
+  type        = string
+}