There is a long list of considerations/preparation needed when running OpenLDAP in a container setup (we use Nomad). From memory:
- use the HA proxy protocol, now supported in 2.5/2.6 so you see
client IP's
Is it not enough to just have multiple tasks with different ips on the same host/task name. Dns should do the rest, not?
how does knowledge about the client IP help in containerization ?
- DB persistence: make sure each container always has the same db
files.
You mean a shared volume across all pods, or that they obtain a updated local replica when the pod bootstraps ?
I don't have that many changes to ldap. So it could be sufficient to just work with stateless containers. That update on startup. I have the replication id change automatically on the assigned ip.
yeah, we have more or less the same design:
multi AZ, multi-region N-way master replication (one master node per Region/AZ). Then auto-scaling groups are read-only slaves handling queries and authentications. We use ARGON2 so auths can easily take 3 or more secs and goggle up 64MB of RAM each, plus a lot of CPU time.
Using ARGON2 auth takes 3 seconds (was thinking of switching to this)?