|
| 1 | +--- |
| 2 | +layout: blog |
| 3 | +title: "dl.k8s.io to adopt a Content Delivery Network" |
| 4 | +date: 2023-06-09 |
| 5 | +slug: dl-adopt-cdn |
| 6 | +--- |
| 7 | + |
| 8 | +**Authors**: Arnaud Meukam (VMware), Hannah Aubry (Fast Forward), Frederico |
| 9 | +Muñoz (SAS Institute) |
| 10 | + |
| 11 | +We're happy to announce that dl.k8s.io, home of the official Kubernetes |
| 12 | +binaries, will soon be powered by [Fastly](https://www.fastly.com). |
| 13 | + |
| 14 | +Fastly is known for its high-performance content delivery network (CDN) designed |
| 15 | +to deliver content quickly and reliably around the world. With its powerful |
| 16 | +network, Fastly will help us deliver official Kubernetes binaries to users |
| 17 | +faster and more reliably than ever before. |
| 18 | + |
| 19 | +The decision to use Fastly was made after an extensive evaluation process in |
| 20 | +which we carefully evaluated several potential content delivery network |
| 21 | +providers. Ultimately, we chose Fastly because of their commitment to the open |
| 22 | +internet and proven track record of delivering fast and secure digital |
| 23 | +experiences to some of the most known open source projects (through their [Fast |
| 24 | +Forward](https://www.fastly.com/fast-forward) program). |
| 25 | + |
| 26 | +## What you need to know about this change |
| 27 | + |
| 28 | +- On Monday, July 24th, the IP addresses and backend storage associated with the |
| 29 | + dl.k8s.io domain name will change. |
| 30 | +- The change will not impact the vast majority of users since the domain |
| 31 | + name will remain the same. |
| 32 | +- If you restrict access to specific IP ranges, access to the dl.k8s.io domain |
| 33 | + could stop working. |
| 34 | + |
| 35 | +If you think you may be impacted or want to know more about this change, |
| 36 | +please keep reading. |
| 37 | + |
| 38 | +## Why are we making this change |
| 39 | + |
| 40 | +The official Kubernetes binaries site, dl.k8s.io, is used by thousands of users |
| 41 | +all over the world, and currently serves _more than 5 petabytes of binaries each |
| 42 | +month_. This change will allow us to improve access to those resources by |
| 43 | +leveraging a world-wide CDN. |
| 44 | + |
| 45 | +## Does this affect dl.k8s.io only, or are other domains also affected? |
| 46 | + |
| 47 | +Only dl.k8s.io will be affected by this change. |
| 48 | + |
| 49 | +## My company specifies the domain names that we are allowed to be accessed. Will this change affect the domain name? |
| 50 | + |
| 51 | +No, the domain name (`dl.k8s.io`) will remain the same: no change will be |
| 52 | +necessary, and access to the Kubernetes release binaries site should not be |
| 53 | +affected. |
| 54 | + |
| 55 | +## My company uses some form of IP filtering. Will this change affect access to the site? |
| 56 | + |
| 57 | +If IP-based filtering is in place, it’s possible that access to the site will be |
| 58 | +affected when the new IP addresses become active. |
| 59 | + |
| 60 | +## If my company doesn’t use IP addresses to restrict network traffic, do we need to do anything? |
| 61 | + |
| 62 | +No, the switch to the CDN should be transparent. |
| 63 | + |
| 64 | +## Will there be a dual running period? |
| 65 | + |
| 66 | +**No, it is a cutover.** You can, however, test your networks right now to check |
| 67 | +if they can route to the new public IP addresses from Fastly. You should add |
| 68 | +the new IPs to your network's `allowlist` before July 24th. Once the transfer is |
| 69 | +complete, ensure your networks use the new IP addresses to connect to |
| 70 | +the `dl.k8s.io` service. |
| 71 | + |
| 72 | +## What are the new IP addresses? |
| 73 | + |
| 74 | +If you need to manage an allow list for downloads, you can get the ranges to |
| 75 | +match from the Fastly API, in JSON: [public IP address |
| 76 | +ranges](https://api.fastly.com/public-ip-list). You don't need any credentials |
| 77 | +to download that list of ranges. |
| 78 | + |
| 79 | +## What next steps would you recommend? |
| 80 | + |
| 81 | +If you have IP-based filtering in place, we recommend the following course of |
| 82 | +action **before July, 24th**: |
| 83 | + |
| 84 | +- Add the new IP addresses to your allowlist. |
| 85 | +- Conduct tests with your networks/firewall to ensure your networks can route to |
| 86 | + the new IP addresses. |
| 87 | + |
| 88 | +After the change is made, we recommend double-checking that HTTP calls are |
| 89 | +accessing dl.k8s.io with the new IP addresses. |
| 90 | + |
| 91 | +## What should I do if I detect some abnormality after the cutover date? |
| 92 | + |
| 93 | +If you encounter any weirdness during binaries download, please [open an |
| 94 | +issue](https://github.com/kubernetes/k8s.io/issues/new/choose). |
0 commit comments