By requirement, the google bucket I use for file storage should be private. But I need to make the files on the bucket accessible over google CDN.
Most of the documents I found describe the best practice involving signed URLs. But I need to make it work w/o signed URLs or cookies. Does anyone know how to achieve that? I've successfully configured the access over signed URLs, including all the permissions settings for bucket/CDN but that's not what I need.
At this moment, Cloud CDN still requires tokenized access in order to access a private origin. There is a solution where you can deploy a proxy that will dynamically sign your request with an ephemerial token and access the private storage bucket.
https://github.com/GoogleCloudPlatform/cdn-auth-proxy
There is work underway for Cloud CDN that will allow you to dynamically generate an access token without having deploy a proxy, but a definitive time for the release has not been set.
The new Google Cloud Media CDN service allows you to access a private storage bucket via IAM permissions: https://cloud.google.com/media-cdn/docs/origins?hl=en#private-storage-buckets .