-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provisioning of tasks into the database #44
Comments
My preference would be to avoid doing this in something like the old This control plane service could eventually grow into the service that handles customer accounts and self-service task onboarding. |
An alternate intermediate solution would be to write a standalone binary that provisions a task in the database, but then run it inside the cluster as a Job. We could write a template job manifest file, fill in arguments with parameters like TaskId, and then apply the completed manifest by hand. This would be easy to get up and running, and still generate and handle secrets on the cluster. |
I think for anything we do that touches real user data should use such a strategy (or, in general, should use a strategy where we generate secrets in the cluster). Initial interop testing & other deployments that only process fake or otherwise-non-sensitive data can generate secrets anywhere, including on an operator workstation, IMO. |
Another responsibility of this control plane service would be coordinating the other aggregator for a task. Our API for provisioning a task with Janus as the leader would also allow subscribers to configure a helper aggregator, perhaps by specifying an endpoint URL. The helper would then need to support an API for task provisioning so that we could send it the task parameters as well as secret values like the VDAF verify key and an authentication token. |
The ideas here have been refined into the proposal in #1486. I've filed issues in the production readiness milestone tracking specific implementation details. This issue doesn't track anything actionable and contains outdated discussion, so I'm closing it. |
David raised an interesting question in #37, which is whether an aggregator instance would receive the list of task IDs for which it should handle requests and work from configuration or just look up all the tasks defined in the database.
Either way, this begs the question: how do the tasks get written into the database to begin with? And how do the secrets (like HPKE private keys) get into Kubernetes secrets? We will need tools and a process for doing this.
The text was updated successfully, but these errors were encountered: