Skip to main content

Enabling and Customizing Worker Nodes

Enable and customize worker nodes to process Kubernetes jobs asynchronously.

About Worker Nodes

SecureAuth Helm Chart provides support for enabling dedicated worker nodes for asynchnonous jobs processing (streams, queues). Normally, every instance of SecureAuth would do both, serve user traffic and process background jobs. Under heavy load, it is recommended to have dedicated workload instances for each of this processes.

See below for an example of how to enable worker nodes:

workers:
  enabled: true

Prerequisites

  • Kubernetes cluster v1.16+

  • Helm v3.0+

Configure Worker Nodes

Enabling worker nodes creates the following resources:

  • deployment for worker pods

  • service if enabled (used to expose metrics)

  • autoscaling if enabled

  • pod disruption budget if enabled

While worker nodes are enabled, two deployments are available:

  • acp - connected to ingress with async_processing disabled

  • acp-workers - disconnected from ingress with async_processing enabled

Moreover, you can customize worker pods in the same way as base SecureAuth pods with autoscaling, custom resources, tolerations, affinity etc.

See below for an example of how to customize worker pods:

workers:
  enabled: true
  service:
    enabled: true
  podDisruptionBudget:
    minAvailable: 30%
  autoscaling:
    enabled: true
    minReplicas: 3
    maxReplicas: 9
    targetCPUUtilizationPercentage: 80
  nodeSelector:
    workers: "true"
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/instance: acp-workers
              app.kubernetes.io/name: acp-workers
          topologyKey: kubernetes.io/hostname
In this section: