Any way to make doppler secrets AZ aware?

atmosx · November 27, 2023, 7:59am

Hello,

We have an API application running on AWS EKS. The EKS clusters are deployed in several regions. Each region features 3 AZs. A third party DB provider provides PrivateLinks to connect to their service. The PrivateLInk returns an array with 5 DNS entries. There is one for each AZ for reduced latency. The application is sensitive to latency.

We are using doppler to store the connection string with credentials. The doppler operator maps the connection string to the environment variable DB_CONN. So all the application has to do is read env.DB_CONN to fetch the appropriate DB endpoint.

Given that doppler runs on kubernetes and big cloud providers feature multiple AZs, it would be nice if doppler could be configured to be AZ-aware and return endpoints per AZ.

A pod can become AZ and/or Region aware by reading the node-labels.

Thanks!

watsonian · February 29, 2024, 6:41pm

@atmosx We don’t currently have any plans to add this kind of functionality to the Doppler k8s operator, but it’s something you could approximate if your pods can tell what AZ or Region they’re in on boot. It would basically involve having a separate secret for each AZ/Region. For example:

DB_CONN_US_EAST_1
DB_CONN_US_WEST_2
etc.

If your pod got an AZ label with the value US_EAST_1, then you could have the pod use DB_CONN_${the-az-from-the-label}. Not as nice as it being completely seamless and automatic, but you should be able to get something like this working using an approach like that!

Topic		Replies	Views
Price - getting started Introduce Yourself	4	874	December 1, 2021
Managing Kubernetes Secrets with the External Secrets Operator and Doppler Announcements	0	481	October 25, 2022
SDK for Node Js Feature Requests	2	894	March 15, 2021
Azure App Service integration Feature Requests	3	856	May 5, 2021
New to the community Introduce Yourself	0	426	January 6, 2023

Any way to make doppler secrets AZ aware?

Related Topics