fix(infra): single replica for portal/operator (per-pod OIDC sessions)
ci / typecheck (map[dir:apps/booking name:booking]) (push) Successful in 22s
ci / typecheck (map[dir:apps/operator name:operator]) (push) Successful in 24s
ci / typecheck (map[dir:apps/website name:website]) (push) Successful in 21s
ci / typecheck (map[dir:apps/portal name:portal]) (push) Successful in 26s
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Successful in 21s
ci / test (push) Successful in 30s
ci / build (map[dir:apps/booking name:booking]) (push) Successful in 10s
ci / build (map[dir:apps/operator name:operator]) (push) Successful in 9s
ci / build (map[dir:apps/portal name:portal]) (push) Successful in 6s
ci / build (map[dir:services/platform-api name:platform-api]) (push) Successful in 6s
ci / deploy (push) Successful in 41s
ci / typecheck (map[dir:apps/booking name:booking]) (push) Successful in 22s
ci / typecheck (map[dir:apps/operator name:operator]) (push) Successful in 24s
ci / typecheck (map[dir:apps/website name:website]) (push) Successful in 21s
ci / typecheck (map[dir:apps/portal name:portal]) (push) Successful in 26s
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Successful in 21s
ci / test (push) Successful in 30s
ci / build (map[dir:apps/booking name:booking]) (push) Successful in 10s
ci / build (map[dir:apps/operator name:operator]) (push) Successful in 9s
ci / build (map[dir:apps/portal name:portal]) (push) Successful in 6s
ci / build (map[dir:services/platform-api name:platform-api]) (push) Successful in 6s
ci / deploy (push) Successful in 41s
nuxt-oidc-auth stores sessions in per-pod memory. With 2 replicas, any request balanced to the pod that didn't handle the login 401s — in practice roughly half of all operator API calls failed after sign-in. One replica until sessions move to shared storage (nitro storage on the dezky-data Redis), then scale back up. Already scaled live; this pins the manifests so the next deploy doesn't undo it.
This commit is contained in:
Ronni Baslund
@@ -13,7 +13,11 @@ metadata:
|
|||||||
app.kubernetes.io/name: operator
|
app.kubernetes.io/name: operator
|
||||||
app.kubernetes.io/part-of: dezky
|
app.kubernetes.io/part-of: dezky
|
||||||
spec:
|
spec:
|
||||||
replicas: 2
|
# Single replica until OIDC sessions move to shared storage: nuxt-oidc-auth
|
||||||
|
# keeps sessions in per-pod memory, so with >1 replica every request that
|
||||||
|
# lands on the pod that did NOT handle the login gets 401. TODO: nitro
|
||||||
|
# session storage on the dezky-data Redis, then scale back up.
|
||||||
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: operator
|
app.kubernetes.io/name: operator
|
||||||
|
|||||||
@@ -10,7 +10,11 @@ metadata:
|
|||||||
app.kubernetes.io/name: portal
|
app.kubernetes.io/name: portal
|
||||||
app.kubernetes.io/part-of: dezky
|
app.kubernetes.io/part-of: dezky
|
||||||
spec:
|
spec:
|
||||||
replicas: 2
|
# Single replica until OIDC sessions move to shared storage: nuxt-oidc-auth
|
||||||
|
# keeps sessions in per-pod memory, so with >1 replica every request that
|
||||||
|
# lands on the pod that did NOT handle the login gets 401. TODO: nitro
|
||||||
|
# session storage on the dezky-data Redis, then scale back up.
|
||||||
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app.kubernetes.io/name: portal
|
app.kubernetes.io/name: portal
|
||||||
|
|||||||
Reference in New Issue
Block a user