Update static asset & CDN spec

[kiootic]

ref #375

[kiootic]

@louischan-oursky @chpapa After further consideration, now I think it's better to check for TXT record only, and gives a warning if other records (CNAME/A/etc.) are not set up properly, instead of giving an error and having a flag to bypass:

• Most other providers verify TXT records only.
• Even if the A record is not present, it does not affect the correctness of system, and it may be intentional by developer, so reporting as error is not appropriate.
• This concern happens if developers do not follow our instructions fully, so reporting it as either warning or error would not matter much, since they're already disregarding the instructions.

What do you think about this?

[carmenlau]

it's better to check for TXT record only

Originally we check the A record since we request the letsencrypt cert for the custom domains. If users don't add the A record, cert manager will keep trying and fail. Is it irrelevant now? As we will have cert in cdn level and cdn provider handle it?

For GCP Cloud CDN, we will provision a CDN-enabled load balancer every 15 domains, since each load balancer can serve at most 15 TLS certificates.

1. Does CDN enable by default when custom domain is added?

thanks @kiootic

[kiootic]

@carmenlau

Originally we check the A record since we request the letsencrypt cert for the custom domains. If users don't add the A record, cert manager will keep trying and fail. Is it irrelevant now? As we will have cert in cdn level and cdn provider handle it?

It is developer's responsibility to ensure our load balancer can be reached at the custom domain. Otherwise, Let's Encrypt would not issue the HTTPS certificate.

Does CDN enable by default when custom domain is added?

Since there is severe limitations on Cloud CDN on their quota, I've discussed with @louischan-oursky and @chpapa and we think dropping the CDN feature is the simplest for now.