-
Notifications
You must be signed in to change notification settings - Fork 123
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: Caveats of sharing a DB with multiple instances (#1743)
Signed-off-by: Charith Ellawala <charith@cerbos.dev>
- Loading branch information
Showing
2 changed files
with
22 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
[IMPORTANT] | ||
==== | ||
Cerbos has an in-memory cache for holding compiled policy definitions to speed up the evaluation process. When a policy is removed or updated using the xref:api:admin_api.adoc#policy-management[Admin API] this cache is updated by the instance that handles the request. However, if you share the database with multiple Cerbos instances, the other instances won't be aware of the change and might still have the old policy definition cached in memory. There are several ways to handle this situation. | ||
- By default, the cache entries are stored indefinitely until there's memory pressure. You can set a maximum cache duration for entries by setting the `compile.cacheDuration` configuration value. This could help make all the Cerbos instances to become eventually consistent within a time frame that's acceptable to you. | ||
- You can turn off caching completely by setting `compile.cacheSize` configuration to `0`. This would have a small performance hit but depending on your use case it could be negligible. | ||
- Invoke the xref:api:admin_api.adoc#store-management[`/admin/store/reload` API endpoint] on all the Cerbos instances whenever you make a change to your policies. | ||
==== |