0

We have a requirement to store key value pairs (KVP) in Kubernetes and looking for possible options here. The requirements are as below:

  • KVP are small sized - 200 characters together.
  • KVP are short lived - 5 mins max, we don't need it beyond and thus clean it up.
  • KVP written from one node, retrieved on a different one. Once read, its job is done and hence deleted from retrieving node.
  • At peak, write/read rate may raise to 1000/s.
  • At any point, may assume the total number of KVPs to not exceed 25k.
  • 50% of it contain sensitive info. Which is preferred - application encryption it or K8s encryption?
  • Trying to avoid third party like Redis.

When attempted to use ConfigMap (though need to work around its size limitations), found that the speed of writing reduces when the number of entries increase - as the writes are performed with PATCH requests.

Wanted to know if any alternatives suggested to explore.

Pavan Kumar
  • 101
  • 1
  • 2
    Kubernetes is a management system for containers, not a key-value store. Trying to use it as a key-value store is a recipe for pain. Just deploy a proper key-value store already. – Philip Kendall Mar 07 '23 at 14:48
  • Which makes me wonder, what are you using the KVPs for? Why does Kubernetes care about them? Kubernetes is both a container manager and an orchestration system. So there are decisions for it to make. Do these KVPs have anything to do with that? Or is this just a problem you want to solve with KVPs and you happen to have Kubernetes on your system? – candied_orange Mar 07 '23 at 14:53

1 Answers1

1

Why not Redis? Sounds like an arbitrary restriction.

If you want to roll your own, writing this in Rust or Go should be pretty easy, all languages have rich data structures for key/value storage.

Caveat: the encryption part, which is sorely underspecified in your question. Whenever you handle sensitive data, you need to understand the possible attack or accident scenarios, the intended usage patterns, the trust you can put into the parties involved, etc. Encryption is just one tool to implement safe data processing, it's not something that you tack on an application to magically make it safe.

If you just want to protect the communication between this service and its clients, standard TLS would be the obvious choice.

If you want to store data persistently (even though your data is short-lived, you don't want it to die prematurely when the service node crashes) you will need to use some persistence layer, maybe a simple journal file would do. Encrypting that safely is another matter which would require a bit of analysis.

Hans-Martin Mosner
  • 14,638
  • 1
  • 27
  • 35