0

I am currently trying to create an architecture as shown in the diagram below.

For the first deployment of the pods it's quite simple, as I always have an even number, I put the first half on KeyManager1 and the other half on KeyManager2.

My problem is when a pod needs to be replaced.
I need to be able to determine if the new pod should go on KM1 or KM2.

Ideally, I would like to count the number of connections a KM can have from GW pods. If a KM1 has 3 connections and KM2 has 2 connections, the new GW should connect to KM2.

I really don't see how to do this.

scheme of my achitechture

Edit : I was wrong, when a pod is to be deleted, it is deleted before the new one is created.

Can I put something in the preStop to change the deployment file to use for the replacement?

Something like :

if connected to km1
    use deployment-1
else deployment-2
Antoine
  • 55
  • 9
  • If you are using JWT tokens, then there is no need to keep 2:1 GW:KM ratio. This is only required for opaque tokens. In JWT token case, tokens are self validated and gateways validate itself without going to KM all the time. GW only reaches to KM to get the JWKS details. – Pubci Sep 29 '21 at 06:45

1 Answers1

0

I finally found a solution to my problem. It's not very "clean" but that's all I found.

To explain quickly, I created 2 files on a PV. When a pod (GW) is created it will read the files. If the 2 files contain 0 the GW points to KM1 and writes 1 to the file, if there is 1 in the KM1 file and 0 in the KM2 file, the GW points to KM2 and writes 1 to the file. We increment like that alternately. When the pod is deleted I decrement with the preStop.

Antoine
  • 55
  • 9