what is the best practice to add authentication and authorization to servicepulse? We are hosting in K8s OpenShift
@wsmelton That’s definitely something we’d like to provide someday. I don’t know when it will happen. ServiceControl on containers is still very new and we need to do more analysis of different deployment strategies before we can “productize” deployment best practices in the form of a Helm chart.
We do now have a Kubernetes example in the PlatformContainerExamples repo. That’s where we recommend starting for now.
@stesme-delen This is highly dependent on your environment. We added the reverse proxy feature to the ServicePulse container so that you could take advantage of whatever your container orchestration environment provides for authenticating an ingress. If more than that is needed, you’ll ultimately need to create your own reverse proxy that authenticates however you need to in your environment, and then proxies to the ServicePulse container.
@stesme-delen I ended up using something called oauth2-proxy to perform the authentication with service-pulse
The docs mostly (all) mention using the particular/servicecontrol-ravendb Docker Image.
Is using a hosted RavenDB instance (eg. RavenDB Cloud - RavenDB NoSQL Database) an option or does this introduce too much latency, …?
PS: excellent work already!
Hi, We’re hosting on K8s. To make the setup HA, which services can I run with multiple replicas and how many? And for deployment strategy, I can use RollingUpdate everywhere?
Keep up the good work!
@janv8000 It’s not currently, because we are using the RavenDB 5.4 client at the moment and actively blocking the app from starting if you’re talking to a RavenDB 6.x server, which is (I think) all you can get in RavenDB Cloud.
But we’re currently working on updating to RavenDB 6 so stay tuned…
@stesme-delen With the currently released containers, we don’t support any sort of high-availability scenario at either the database or the application level. That may change at the database level in the future, but at the application level we have a large number of architectural challenges standing in the way of those types of features.
The safest deployment strategy would be Recreate
to ensure that only one instance is talking to a database at a time.