GitLab.com CI artifacts to use Google Cloud CDN

Over the next month and going forward, requests for GitLab CI artifacts downloads may be redirected to Google Cloud CDN instead of Google Cloud Storage. We anticipate that GitLab CI users may benefit from faster downloads from edge caches closest to your location.

Disclaimer: This blog contains information related to upcoming products, features, and functionality. It is important to note that the information in this blog post is for informational purposes only. Please do not rely on this information for purchasing or planning purposes. As with all projects, the items mentioned in this blog and linked pages are subject to change or delay. The development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab.

How will this work?

Currently when a CI runner or other client downloads a CI artifact, GitLab.com responds with a 302 redirect to a time-limited, pre-signed URL with a domain of storage.googleapis.com.

After this change, the domain will change to cdn.artifacts.gitlab-static.net.

The exception is for requests originating from within the Google Cloud Platform. These will continue to be redirected to Cloud Storage.

When will this change occur?

We expect to start the transition around the end of October 2022. This will be a gradual transition using a percentage-based rollout, so we anticipate that you will see an increasing number of your requests redirected to Google Cloud CDN instead of Google Cloud Storage until all of the requests are served by the former.

You can follow along with the progress of this initiative and raise any questions in this issue. We will post more detailed timelines in that issue as we refine the rollout plan.

How does this change impact you?

Since GitLab CI runners and certain clients automatically handle URL redirections already, we expect that downloads for CI artifacts should continue to work without any action. If a runner cannot download from the CDN host, it will retry without the CDN and download the artifact directly through GitLab.com.

However, if you have a firewall that only allows storage.googleapis.com, you will need to add cdn.artifacts.gitlab-static.net to the allow list.



from GitLab https://ift.tt/cF4hxrt #GitLab #DevSecOps

Comments

Post a Comment

Popular posts from this blog

Efficient DevSecOps workflows: Hands-on python-gitlab API automation

Image
A friend once said in a conference presentation, “Manual work is a bug." When there are repetitive tasks in workflows, I tend to come back to this quote , and try to automate as much as possible. For example, by querying a REST API to do an inventory of settings, or calling API actions to create new comments in GitLab issues/merge requests. The interaction with the GitLab REST API can be done in different ways, using HTTP requests with curl (or hurl ) on the command line, or by writing a script in a programming language. The latter can become reinventing the wheel again with raw HTTP requests code, and parsing the JSON responses. Thanks to the wider GitLab community, many different languages are supported by API abstraction libraries. They provide support for all API attributes, add helper functions to get/create/delete objects, and generally aim to help developers focus. The python-gitlab library is a feature-rich and easy-to-use library written in Python. In this blog post, y...
Read more

Secure GitLab CI/CD workflows using OIDC JWT on a DevSecOps platform

Image
Securing CI/CD workflows can be challenging. This blog post walks you through the problem validation, explores the JWT token technology and how it can be used with OIDC authentication, and discusses implementation challenges with authorization realms. You will learn about the current possibilities and future plans with GitLab 16.0. Variables vs. secrets Variables are an efficient way to control and inject parameters into your jobs and pipelines, making managing and configuring the CI/CD workflows easier. You can read more about how to use CI/CD variables . An extra layer of security on top of variables to mask and protect, for now, is our “best-effort” to prevent sensitive variables from being accidentally revealed. However, variables are not a drop-in replacement for secrets. Securing secrets natively is a solution that GitLab aspires to provide. Meanwhile, we recommend storing sensitive information in a dedicated secrets management solution. As a company, we will provide you abili...
Read more

GitLab 13.11 released with Kubernetes Agent and Pipeline Compliance

Image
On this Earth Day we are thinking about growth. Our customers are scaling their DevOps practices and with growth comes the need for even greater efficiencies and automated controls. The GitLab Kubernetes Agent is now available on GitLab.com to help you benefit from fast, pull-based deployments to your cluster, while GitLab.com manages the necessary server-side components of the Agent. Compliant Pipeline Configurations let you define enforceable pipelines that will run for any project assigned a corresponding compliance framework, even custom ones . We also have a host of features to improve pipeline efficiency and measurement, to provide On-call Scheduling , and even more security enhancements. These are just a few of the 50+ significant new features and improvements in this release. Controls to help you grow safely and efficiently Controls can keep your automation on track as you grow and scale while simplifying compliance efforts. The GitLab Kubernetes Agent is core to GitLab...
Read more