Placeholder for kicking off the investigation on a set of significant improvements to the API key authentication feature, aiming for:
- Improve memory utilisation – possibly by:
- No longer indexing all API key Secrets in memory - use a cache system instead (?)
- Avoid multiple copies of the Secrets for each AuthConfig it matches
- Reduce the amount of data associated to each API key secret that is stored memory
- Exclude unnecessary fields - e.g.,
metadata.annotations["kubectl.kubernetes.io/last-applied-configuration"], metadata.managedFields[] - any use case for these (?)
- Make it configurable (?)
- Improve reconciliation performance and observability
- Reduce time to reconcile (at scale)
- Status reporting - none today
- Logging - possibly too noisy today by misreporting secrets that are actually out of scope
- Tracing and metrics - probably nothing to be done
- Integration with external API key authentication providers and secret management solutions (e.g. Vault)
- Better multi-cluster story
Placeholder for kicking off the investigation on a set of significant improvements to the API key authentication feature, aiming for:
metadata.annotations["kubectl.kubernetes.io/last-applied-configuration"],metadata.managedFields[]- any use case for these (?)