Hi Alejandro,
There is a long list of considerations/preparation needed when running OpenLDAP in a container setup (we use Nomad). From memory: - use the HA proxy protocol, now supported in 2.5/2.6 so you see client IP's - DB persistence: make sure each container always has the same db files. - Sync cookies: make sure the containers sync from the same node each time. - Backups? (We use netapp mounts) - Logging? (I bundle rsyslogd in the container that handles queueing and fwd files to remote rsyslog through TCP). - Support for operations like provisioning, indexing and debugging.
Furthermore, I would separate the clusters in a simple replica only one (ro), and the one that is provisioned (rw).
C.
Le ven. 27 oct. 2023 à 18:11, Alejandro Imass aimass@yabarana.com a écrit :
Hi there!
We are working on a new installation and decided to try something new..
In the past I would have gone with multi-master with ldap balancer but after reading and researching more and more on MDB, we decided to try to integrate OpenLDAP into our current CI/CD pipelines using K8s.
What we tried so far and it seems to work is initialize a common persistence storage and then an auto scaling group that shares that common drive. Ech pod has as many threads as virtual CPU it may have, and none of the pods can write, except a dedicated write pod (single instance) with multiple threads for writing.
Is there anything else we are missing here? Any experience scaling OpenLDAP with Kubernetes or other container technology.
Thank you in advance for any comments, pointers or recommendations!
-- Alex