We have K8s in GCP (GKE) and we need to implement a microservice, let’s call it AAA (one per customer) which execution can be scheduled. And CronJob is the best candidate for it. However we want more. We want to have this configuration be easily changeable from another microservice with some frontend, let’s call it FE. And here I see 3 possibilities.
FE microservice has permissions to modify/create necessary instance of AAA. For this I might use K8s service account and find out the necessary permissions. So briefly it is Master-Worker situation. Not sure how secure is this.
FE microservice sends an event in a message queue (GCPS) and another microservice, let’s call it Master. And Master when receives the message - creates/updates configuration for AAA. In this case Master is separated from FE with the mesage queue. Not sure how secure it is when K8s app can manage another K8s app.
FE microservice sends an event in a message queue (GCPS) and a function takes care to create/update configuration of AAA. In this case Master is moved out of K8s. Would it be better for security reasons?
May be there is a better idea?
Kubernetes version: 1.13.7-gke.8
Cloud being used: GCP