Document that Google Cloud CDN needs bucket permissions
What does this MR do?
In our staging environment, we may have forgotten the step to give
permission to the CDN service account to read the artifacts bucket
(https://cloud.google.com/cdn/docs/using-signed-urls#configuring_permissions).
This resulted in an Access Denied
error whenever a pre-signed
CDN were used.
Related issues
https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/16467
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion.
Required
-
Merge Request Title and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com -
When ready for review, MR is labeled "~workflow::ready for review" per the Distribution MR workflow
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Tests added -
Integration tests added to GitLab QA -
Equivalent MR/issue for omnibus-gitlab opened -
Validate potential values for new configuration settings. Formats such as integer 10
, duration10s
, URIscheme://user:passwd@host:port
may require quotation or other special handling when rendered in a template and written to a configuration file.
Edited by Stan Hu