Knative service API token storage

Question

I am evaluating if knative makes sense for my project. I am trying to create a service that connects to a third party API. I wonder what's the best strategy from knative perspective to store an third party API token that needs to be renewed periodically.

• Would a secret be the way to go? I have tried this but I think secrets cant be modified from a pod, right?
• Would a traditional k8 deployment make more sense for this use case?
• What would be the right way of storing data from a knative service?

Answer 1

Knative is a plugin to kubernetes. You will manage secrets in knative the same way you would manage secrets in kubernetes. https://kubernetes.io/docs/concepts/configuration/secret/

A Pod is used when you use Knative, the same type of Pod if you where to use Kubernetes Deployment or DeamonSet. https://kubernetes.io/docs/concepts/workloads/pods/

Now in terms of you the 3rd party API token. Don't know your use case but what I'm familiar is with the concept of using an API Key this you would put in a kubernetes secret then your Pod will have access when you application starts.

You would use the key to request a token (also refresh token), then use this token to access the API. you will hold to it in memory and when is about to expire you refresh the token, using the refresh token.

So what happens if your Pod shuts down when it scales down, this could be in normal kubernetes not neccesarly knative. Do you want to store that token some where maybe like a cache? What people do in this cases they would save it in memcache or redis, so if a new pod comes up it will check the cache for a recent token and if its valid then use it if its not valid or not found then use the API key from the Secret to get a new token. https://zapier.com/engineering/apikey-oauth-jwt/

Without more specifics is hard to answer more precisely.