Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add caching SecretsResolver/SecretsProvider #1782

Closed
alecthomas opened this issue Jun 14, 2024 · 1 comment · Fixed by #1832
Closed

Add caching SecretsResolver/SecretsProvider #1782

alecthomas opened this issue Jun 14, 2024 · 1 comment · Fixed by #1832
Assignees
@matt2e

Comments

@alecthomas
Copy link
Collaborator

alecthomas commented Jun 14, 2024
edited
Loading

In production we use ASM to provide secrets, and we retrieve directly from it. This is costly and slow, especially for listing, so we should add a caching layer to the controller. The tricky bit is that we don't want to cache these results in the database because security, but with replicated controllers we'll need some solution to avoid every controller polling constantly.

One option might be for a single controller to perform the cache refreshing from ASM (holding a lease), and all other controllers redirect requests to that one for cache refreshes. We might need to extend leases to include an owner field (or more generically, metadata), that would contain the leader endpoint.
@alecthomas alecthomas added the next Work that will be be picked up next label Jun 14, 2024
@github-actions github-actions bot added triage Issue needs triaging and removed triage Issue needs triaging labels Jun 14, 2024
@ftl-robot ftl-robot mentioned this issue Jun 14, 2024
Open
@alecthomas
Copy link
Collaborator Author

It also doesn't seem ideal that all secrets will be stored unencrypted in RAM in the controllers, @AlexSzlavik?

@matt2e matt2e self-assigned this Jun 16, 2024
@github-actions github-actions bot removed the next Work that will be be picked up next label Jun 16, 2024
@matt2e matt2e mentioned this issue Jun 19, 2024
Merged
@matt2e matt2e closed this as completed in c7d272c Jun 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matt2e matt2e

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: cache asm secrets block/ftl
2 participants
@alecthomas @matt2e