> There is a long list of considerations/preparation needed when running > OpenLDAP in a container setup (we use Nomad). From memory: > - use the HA proxy protocol, now supported in 2.5/2.6 so you see > client IP's >
Is it not enough to just have multiple tasks with different ips on the same host/task name. Dns should do the rest, not? > > how does knowledge about the client IP help in containerization ? > > > - DB persistence: make sure each container always has the same db > files. > > > > You mean a shared volume across all pods, or that they obtain a updated > local replica when the pod bootstraps ? > I don't have that many changes to ldap. So it could be sufficient to just work with stateless containers. That update on startup. I have the replication id change automatically on the assigned ip. > > yeah, we have more or less the same design: > > multi AZ, multi-region N-way master replication (one master node per > Region/AZ). Then auto-scaling groups are read-only slaves handling queries > and authentications. We use ARGON2 so auths can easily take 3 or more secs > and goggle up 64MB of RAM each, plus a lot of CPU time. > Using ARGON2 auth takes 3 seconds (was thinking of switching to this)?
