Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Continuous Integration/build engineering/devops thread
«154 »
 
  • Post
  • Reply
Hadlock
Nov 9, 2004

The Iron Rose posted:

How do yall handle caching authentication tokens between multiple pods/processes/etc? Current practice is to just toss a 5min TTL JWT into the cluster local redis so the authentication service doesn’t get swamped with requests.

I'd probably renegotiate your auth system with your vendor or fix the rate limit

You can store the token as a Kubernetes secret, then use reflector to push the "secret" across the cluster, and reloader to verify the pod gets reloaded when the secret changes? I dunno how fast or scalable that is compared to redis, but that gives you a pure Kubernetes solution, at least in theory

Edit: at 30k pods you're probably going to bring etcd to it's knees, making your cluster really grim performance wise, don't do this

This is a great interview question

Hadlock fucked around with this message at 22:19 on Apr 23, 2024

* # ? Apr 23, 2024 22:11
  • Quote
Adbot
ADBOT LOVES YOU

# ? Apr 24, 2024 13:26
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Continuous Integration/build engineering/devops thread
«154 »