Redis-backed storage in the embedded authorization server#35
Redis-backed storage in the embedded authorization server#35tgrunnagle merged 12 commits intomainfrom
Conversation
jhrozek
left a comment
jhrozek
left a comment
There was a problem hiding this comment.
some comments inline, but I feel like I'm too much of a redis n00b to be able to review the deployment options properly
|
I'm thinking that having a model of one MCP server per Valkey/Redis deployment is ideal for us. This way, you don't need to deal with multi-tenancy, nor scaling the valkey deployment globally. Instead, the valkey deployment can scale as the MCP server traffic increases. I'd also suggest doing something very opinionated to begin with, e.g. having one way of authenticating and one way to operate. This way, the deployment is heavily targeted towards the use case(s) instead of needing to provide a lot of flexibility. We can provide flexible alternatives as we see fit. wdyt? |
|
e.g. my recommendation would be to go sentinel mode, and have one primary and two replicas for seamless(-ish) rollovers. |
3 participants
Summary
Add RFC for Redis-backed storage in the embedded authorization server to enable horizontal scaling and high-availability deployments.
Addresses a portion of https://github.com/stacklok/stacklok-epics/issues/197
Why
The current in-memory storage prevents running multiple ToolHive replicas since they cannot share authentication state. Production Kubernetes deployments need HA support.
What
This RFC proposes a
RedisStorageimplementation that:Storageinterface with Redis as the backend