Are there any known patterns of using
# spicedb
s
Are there any known patterns of using spicedb with the CDN edge serving protected content?
v
you mean running SpiceDB at the Edge?
s
so CDN's are largely distributed all around the world. How do CDNs which are distributed interact with distriubted mesh of SpiceDB. Is SpiceDB meant to be geographically distributed as well?
like is a spiceDB cluster that would span the world and the CDN edges interact with that cluster?
any reference to blogs on running spiceDB at a global scale will be highly appreciated
I don't want to introduce another caching layer for permissions between spiceDB and CDN edges
j
> Is SpiceDB meant to be geographically distributed as well?
yes
v
You'd need to use a datastore that supports strong consistency and geographical distribution. Right now the options SpiceDB supports are Spanner and CockroachDB. You'll need to find the intersection between regions supported by CockroachDB/Spanner and regions where you will be serving your CDN from, and deploy SpiceDB there. If they are not in the same region, a region close nearby may do it depending on your latency requirements. If your relationship changes are rather infrequent and the dataset is small enough to fit in memory, you could deploy SpiceDB with the in-memory datastore and put it in read-only mode. Basically you'll store all the relationships and your schema in a YAML file SpiceDB will load from, and when you need to change permissions, you could then deploy a new SpiceDB with the new YAML file. You could also use a
zed
backup file to restore from.
2 Views