investigate switching to signed URLs

[BenTheElder]

We currently rely on public read backing stores, we should probably make these private and instead only serve them through signed URLs

This may be less relevant if we move to #194 / proper CDNs in general versus routing to regional cloud storage. TBD if that's actually cost effective cc @ameukam

/priority backlog /sig k8s-infra

xref: #196

[BenTheElder]

I think we'd have to stop serving to artifact registry to do this.

We could probably do that by a combination of:

• proxy live queries with small payloads like tag lookups through the cloud run frontend, authenticate the cloud run app to AR
• serve blobs from GCS / cloud CDN instead of AR, similar to S3 currently
• disable public read on the ARs

[ameukam]

Note for myself: GCS signed urls: https://cloud.google.com/storage/docs/access-control/signed-urls S3 signed urls: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[BenTheElder]

/lifecycle frozen

I think this should remain on the backlog, this remains a gap in the current implementation but not one that is currently giving us real world problems ... yet