Open BenTheElder opened 3 months ago
I think we'd have to stop serving to artifact registry to do this.
We could probably do that by a combination of:
Note for myself: GCS signed urls: https://cloud.google.com/storage/docs/access-control/signed-urls S3 signed urls: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/lifecycle frozen
I think this should remain on the backlog, this remains a gap in the current implementation but not one that is currently giving us real world problems ... yet
We currently rely on public read backing stores, we should probably make these private and instead only serve them through signed URLs
This may be less relevant if we move to #194 / proper CDNs in general versus routing to regional cloud storage. TBD if that's actually cost effective cc @ameukam
/priority backlog /sig k8s-infra
xref: #196