-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support multiple Azure Key Vault instances as fallback #1433
Comments
Linking the slack thread here for future reference. |
Writing down recommendations from the slack thread:
|
This is the slack thread in I'd like to respectfuly say, all the options seem as: "do it from your side or go to another place". Not storing the secrets in k8s API is the main reason for using the csi. Storing the secrets in k8s API instead of a fallback/failover/justanothercall it's already managed by other 3rd parties and it's quite less secure than using CSI. |
Hi again ✋ ! Is it now something open to discuss or doing it by myself the only option that's left? Currently, the component isn't resilient to Azure Key Vault failures and it's a single point of failure indeed, which is a problem at least for us (and that's why we are willing to contribute with this) |
Hello @enj ! |
Hello @enj ! |
Describe the solution you'd like
Yesterday there was an issue in Azure Key Vault service in west europe (probably a maintenance or so, because ALL our vaults were affected, doesn't matter the subscription). The health monitors show something like:
Although the service issue isn't reponsibility of this driver, having a plan B to mitigate this would have been nice. In theory, Azure Key Vault is transparently replicated in the paired region with automatic failover in read-only mode, but it didn't happen.
We use multiple regions to be resilient to region failures but currently the secrets-store-csi is a single point of failure as it doesn't support any type of fallback at any level.
Given that, I'd like to propose extending current behavior to support other Azure Key Vaults as failover if the primary instance fails.
Current configuration looks like:
and it could be easily extended with an array of fallback Key Vaults (or just once 🤷 )
This approach would improve the resiliency of the component, just doing a fallback to other Azure Key Vault instances if there is any error on the primary instance without disruption the service.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
As csi volumes doesn't support being optional, problems related with the upstream will block pods scheduling (with a chance of huge impact in productive environments if this happens during high load peaks). I've reviewed csi-secret-store documentation and I've not found anything to handle these scenarios, but maybe I've missed something.
Environment:
kubectl version
): 1.27The text was updated successfully, but these errors were encountered: