https://authzed.com logo
Join Discord
Powered by
Not too long before we can try SpiceDB
# spicedb
v
Not too long before we can try SpiceDB on Cloudflare (https://blog.cloudflare.com/cloudflare-containers-coming-2025/) Could be interesting way to scale up, for example, I'd like to have a SpiceDB per community in my app
y
sounds interesting... i think the difficult part will be the datastore
you could run with the in-mem datastore but then you're missing persistence
but i suppose a case could be made for a single-node deployment with sqlite or something
v
Yeah, I was thinking SQLite (maybe via D1), or perhaps since the containers can have disk attached / are based on durable objects, the state could be persisted between serverless invokes somehow
would SpiceDB support persistence with SQLite today?
Seems the allowed engine list is at least specified here: https://github.com/authzed/spicedb/blob/main/pkg/cmd/datastore/datastore.go#L33
y
yeah, sqlite isn't currently implemented
it's definitely possible; the reason that implementing a datastore typically requires a decent amount of work is that not every datastore supports a native MVCC that's conducive to the kinds of snapshot reads that SpiceDB requires
but an SQLite datastore that backs a single SpiceDB node could probably look very similar to the MemDB implementation since I imagine you wouldn't/couldn't have multiple SpiceDB instances talking to that same datastore
it's not a use case that we've explored in depth
i think it's because you'd typically reach for SpiceDB when you have a lot of shared authz state between different services in a microservice architecture, rather than reaching for it because you particularly like the modeling
like i wouldn't personally reach for SpiceDB in a monolithic application
(unless it's a golang application and I can run SpiceDB in the same process, maybe)
a lot of the complexity in using SpiceDB comes down to when and how the relationships are written and the dual-write problem inherent in that
but i'd be curious to hear how you're envisioning the use of SpiceDB in an edge network/durable object context
because there might be something untapped that we haven't considered
v
I'm building something of a discord/reddit like application, a place for communities, where each will have their own roles / permissions etc... So my thought was to have a 1-1 deployment for them (because I recall something about scaling / sharding when there are a lot of rules). The durable object model from Cloudflare fits well with this model. All that being said, I'm new to SpiceDB and am starting with a single instance for the entire application. Permissions are likely to be relatively static across communities, but roles and permission assignment to roles will be quite open. Need to watch the video on modelling Discord permissions in SpiceDB. Another appeal of Cloudflare / edge is the simplified devops for less technical users. If I can get our full stack running there, it becomes easier to give communities a supported "easy mode" for running their own copy of the stack
can you elaborate on, or have a link to, the dual-write problem?
y
ah, so federation where you have a bunch of instances that are running separately, and the scale of each of those instances is expected to be small and there aren't interactions in the authz logic between them?
v
yes, I'm building on ATProto, trying to bring private data / groups before there is protocol level decisions, to help inform the conversation and give the people what they are asking for
y
then yeah, provided the other tradeoffs still make sense, i could see spicedb with sqlite being a decent solution
16 Views
PreviousNext
Powered by