Nubus for Kubernetes - Operation Manual 1.0.1

Directory service high availability and scalability

5.1. Directory service high availability and scalability#

This section describes, how you can configure the amount of replicas for a highly available and scalable directory service in Nubus.

A highly available, scalable directory service with OpenLDAP consists of the following components:

Providers

Primary instances of the OpenLDAP service.

The primary instances of the OpenLDAP service are the providers of the service. They replicate each other. Anyone of the primary instances handles directory data updates. One at a time.

Replicas

Secondary instances of the OpenLDAP service.

The secondary instances of the OpenLDAP service are the replicas of the service. They replicate the primary instances. The data of the secondary instances is read-only. Secondary instances respond to write operations with a referral to a primary instance.

Proxies

Proxy instances of the OpenLDAP service.

The proxy instances of the OpenLDAP service are the proxies of the service. They distribute the read operations to the primary and secondary instances. They also distribute the write operations to a primary instance.

Recommendation: all third party services connect to the OpenLDAP service through the proxy instances.

See also

Identity Store and Directory Service

in Univention Nubus for Kubernetes - Architecture Manual [2] for information about the architecture of the directory service in Nubus for Kubernetes.

To configure high availability and scalability for the OpenLDAP service, you need to provide the replica counts in the Helm Chart configuration in your custom_values.yaml deployment file as outlined in Listing 5.1.

Listing 5.1 Example for custom_values.yaml deployment file to configure the OpenLDAP service#
ldap-server:
  highAvailabilityMode: true
  resourcesPrimary:
    limits:
      cpu: 4
      memory: 2048Mi
    requests:
      cpu: 100m
      memory: 512Mi
  resourcesSecondary:
    limits:
      cpu: 4
      memory: 1024Mi
    requests:
      cpu: 100m
      memory: 256Mi
  resourcesProxy:
    limits:
      cpu: 2
      memory: 1024Mi
    requests:
      cpu: 100m
      memory: 256Mi

Replace the following placeholders with your configuration values:

ldap-server.highAvailabilityMode#

Configures the OpenLDAP service for high availability and scalability. Set the value to true to enable the configuration. The value true is a shortcut for setting the recommended values for ldap-server.replicaCountPrimary, ldap-server.replicaCountSecondary, and ldap-server.replicaCountProxy.

ldap-server.replicaCountPrimary#

Configures the amount of replicas for the primary instances OpenLDAP service. The recommended value is 2.

Uses the recommended value as default value, if ldap-server.highAvailabilityMode is set to true.

ldap-server.replicaCountSecondary#

Configures the amount of replicas for the secondary instances OpenLDAP service. The recommended values is 3.

Uses the recommended value as default value, if ldap-server.highAvailabilityMode is set to true.

ldap-server.replicaCountProxy#

Configures the amount of replicas for the proxy instances of the OpenLDAP service. The recommended value is 3.

Uses the recommended value as default value, if ldap-server.highAvailabilityMode is set to true.

To configure the resources for the OpenLDAP service, you can provide them in the Helm Chart configuration by specifying the following values. Listing 5.1 shows an example.

ldap-server.resources#

The resources for all instances of the OpenLDAP service. Use this to set the resources for all instances of the OpenLDAP service to the same values.

ldap-server.resourcesPrimary#

The resources for the primary instances OpenLDAP service.

ldap-server.resourcesSecondary#

The resources for the secondary instances OpenLDAP service.

ldap-server.resourcesProxy#

The resources for the proxy instances of the OpenLDAP service.