Hi,
We’re trying to figure out a proper deployment model for Hydra in a multi-tent scenario.
We’ve reached the conclusion that in order to have true multi-tenancy support on the oauth/oidc side (with Hydra), we need to deploy a single Hydra instance per tenant and distribute the oauth client registrations between these Hydra instances
For distributing the oauth clients between different Hydra instances (in K8S) it is suggested to use Hydra Maester.
We went through the repo and now have a few questions::
-
it seems this project is still in its early stages, no? As in: the CRD doesn’t support all properties a oauth client can have yet, there’s no retry mechanism yet on the api calls measter makes to hydra. Should we start using this in production already?
-
it seems that the idea is to have one maester controller running per Hydra instance/deployment, cause as far as I can see the controller doesn’t auto discover all Hydra instances and broadcasts changes to the defined CR’s to all Hydra instances. Is that correct? If so, are there plans to enhance the controller to distribute changes to all (matched) Hydra instances?
TIA,
Paul