You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We managed to set up a "passwordless" access to a Azure Database for PostgreSQL flexible server instance, using the Azure.Identity library (.net version), in a managed AKS.
We did it using the following examples, and highly inspired by this article for the overall concepts (thanks Alexis BTW).
This implementation works successfully until the token expires (seems the token lasts usually 24h).
So, to handle that, we added a task/thread that is responsible for "maintaining" the token in memory. It analyses the token and finds out the expiration time, and tests it periodically. When we are near to expiration, we renew the token.
This works also fine, but the this logic is duplicated in every pod running.
As we are using several DBs accross several services (with different usres, but with same principle), there should be a way to reuse this logic.
So here is my question: is there any recommended way to manage the token renewal?
My subquestions would be:
Should I just try to restart my pods before the 24h so that we get a new token? (not sure it will even be physically the case?)
Should it be an external process that should handle that (like a sidecar or even a kubenetes operator)? Does this logic already exist somewhere? (Using a kubernetes secret resource to store it?)
How should I manage it, so that it works both on developer machine (via VS authentication) and on AKS?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi
We managed to set up a "passwordless" access to a Azure Database for PostgreSQL flexible server instance, using the Azure.Identity library (.net version), in a managed AKS.
We did it using the following examples, and highly inspired by this article for the overall concepts (thanks Alexis BTW).
This implementation works successfully until the token expires (seems the token lasts usually 24h).
So, to handle that, we added a task/thread that is responsible for "maintaining" the token in memory. It analyses the token and finds out the expiration time, and tests it periodically. When we are near to expiration, we renew the token.
This works also fine, but the this logic is duplicated in every pod running.
As we are using several DBs accross several services (with different usres, but with same principle), there should be a way to reuse this logic.
So here is my question: is there any recommended way to manage the token renewal?
My subquestions would be:
Beta Was this translation helpful? Give feedback.
All reactions