-
Notifications
You must be signed in to change notification settings - Fork 807
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fastly: use a private bucket as origin for dl.k8s.io #7178
Fastly: use a private bucket as origin for dl.k8s.io #7178
Conversation
- Ensure the VCL service can use a GCS private bucket as origin using AWS auth headers. GCS API is S3-compatible. We apply the snippet from https://quic.fastly.com/documentation/solutions/examples/google-cloud-storage-origin-private/ - Enable Shielding for the service. More informations on https://www.fastly.com/documentation/guides/concepts/shielding/ - Disable the healthcheck for the service. This is not required since we have Origin Inspector activated and is currently not working with the private bucket. Signed-off-by: Arnaud Meukam <[email protected]>
Add data resources that will help get the credentials needed for the VCL to authenticate against GCS API. Signed-off-by: Arnaud Meukam <[email protected]>
/hold I will deploy this next Monday. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This vaguely looks right? and I trust you. But I'm also no expert here.
/lgtm
/approve
/hold
@BenTheElder reviewing VCL:
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ameukam, BenTheElder The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold cancel |
I think we may need to revert. Seeing failures downloading |
discussing mitigations in the above slack thread |
auth headers. GCS API is S3-compatible. We apply the snippet from https://quic.fastly.com/documentation/solutions/examples/google-cloud-storage-origin-private/
have Origin Inspector activated and is currently not working with the
private bucket.