2.7. Scalability#
Some components in Nubus for Kubernetes have a stronger need for scalability than others. In general, scalability is a measure to improve performance for application components or to provide high availability. However, not every application component is capable of both high availability and performance improvements through scalability, but rather one or the other.
This section describes which functional components use the workload management capability of Kubernetes. For the configuration of the component’s scalability, refer to Scalability in Univention Nubus for Kubernetes - Operation Manual [1].
Kubernetes has extensive capabilities to manage workload in a cluster. Nubus for Kubernetes uses the capabilities to scale the application components properly. Fig. 2.39 shows the relationship between the Kubernetes workload management and the functional components it serves. In most cases, Nubus uses either a Deployment or a StatefulSet for workload management in the Kubernetes pod of the application component.
The later sections take a deeper look into the functional components and which application components benefit from the Kubernetes workload management for their scalability.
Fig. 2.39 Overview of the scalability architecture in Nubus for Kubernetes#
See also
- Scalability configuration in Nubus for Kubernetes
in Univention Nubus for Kubernetes - Operation Manual [1].
- Workload Management | Kubernetes
in Kubernetes Documentation [5] for information about workload management in Kubernetes.
2.7.1. Identity Provider#
Fig. 2.40 shows that the following application components in the Identity Provider benefit from the workload management:
- Keycloak
Scale Keycloak scales the Keycloak Kubernetes pods for a better handling of simultaneous sign-in requests. This scaling uses the integrated Infinispan feature of Keycloak for synchronizing the user sessions between Keycloak pods.
However, Keycloak needs a PostgreSQL database that also needs to sustain the load. The scalability of the PostgreSQL database is beyond the scope of this document.
- Keycloak Proxy in the Keycloak Extensions
If the Nubus for Kubernetes deployment has the Keycloak Extensions enabled, operators can scale up the Keycloak Proxy.
Fig. 2.40 Scalability for the Identity Provider#
See also
- Identity Provider in components section
for information about internal components and behavior.
- Identity Provider scalability configuration in Nubus for Kubernetes
in Univention Nubus for Kubernetes - Operation Manual [1].
- Infinispan - in-memory distributed database
for information about Infinispan.
2.7.2. Identity Store and Directory Service#
Fig. 2.41 shows that the following application components in the Identity Store and Directory Service benefit from the workload management:
- LDAP Primary
Scaling the LDAP Primary would accomplish high availability with automatic failover.
- LDAP Secondary
Scaling the LDAP Secondary allows to deal with many read requests to the Directory Service.
- LDAP Proxy
Because the LDAP Proxy distributes requests between the LDAP Primary and the LDAP Secondary, it suffers from the same kind of load.
Fig. 2.41 Scalability for the Identity Store and Directory Service#
See also
- Identity Store and Directory Service in components section
for information about internal components and behavior.
- Identity Store and Directory Service scalability configuration in Nubus for Kubernetes
in Univention Nubus for Kubernetes - Operation Manual [1].
2.7.3. Directory Manager#
Fig. 2.42 shows that the UDM HTTP REST API in the Directory Manager benefits from the workload management.
The UDM HTTP REST API provides a business layer on top of the Directory Service. In environments with frequent concurrent requests to the UDM HTTP REST API, operators can scale up their Kubernetes pods to parallelize request processing and evaluation of the business layer. However, depending on the circumstances, the increased performance may also require scaling up the number of LDAP Secondary pods. See Identity Store and Directory Service.
- Recommendation:
Operators monitor the load on both the Directory Manager pods and the Identity Store and Directory Service pods to determine which of the functional components actually needs up-scaling.
The answer depends, for example, on the specific UDM Modules in use and may vary from deployment to deployment.
Fig. 2.42 Scalability for the Directory Manager#
See also
- Directory Manager in components section
for information about internal components and behavior.
- Directory Manager scalability configuration in Nubus for Kubernetes
in Univention Nubus for Kubernetes - Operation Manual [1] for the scalability configuration.
2.7.4. Management UI#
Fig. 2.43 shows that the following application components in the Management UI benefit from the workload management:
- UMC Server
It actively handles requests from the Management UI and the End User Self Service and manages the sessions of all active users.
The UMC Server Kubernetes pod is especially in need of system memory to cache the user’s sessions. Scaling up the UMC Server can prevent it from running out-of-memory when dealing with many simultaneous logins.
- UMC Gateway
It only serves the Management UI to the users’ browsers.
In a high-traffic environment, it’s more important to scale up the UMC Server than the UMC Gateway.
Fig. 2.43 Scalability for the Management UI#
See also
- Management UI in components section
for information about internal components and behavior.
- Management UI scalability configuration in Nubus for Kubernetes
in Univention Nubus for Kubernetes - Operation Manual [1] for the scalability configuration.
2.7.5. Portal Service#
Fig. 2.44 shows that the following application components in the Portal Service benefit from the workload management:
- Portal Frontend
It only serves the Portal in the users’ browser.
- Portal Server
It actively handles requests from the Portal Frontend and determines the portal content for each user.
In a high-traffic environment, it’s more significant to scale up the Portal Server Kubernetes pod than the Portal Frontend pod.
Fig. 2.44 Scalability for the Portal Service#
See also
- Portal Service in components section
for information about internal components and behavior.
- Portal Service scalability configuration in Nubus for Kubernetes
in Univention Nubus for Kubernetes - Operation Manual [1].