Vault in HA mode (3 PODs) - v 1.5.2 using DynamoDB (AWS) =*
Dynamically configures read/write based on traffic
K8S 1.18 Self-Managed (AWS)
We have noticed a fairly high latency on using encryption in transit - have tried performance test using jmeter towards our backend (which in turns uses Vault for transit/encryption) and results were pretty bad.
Tried single calls using vault CLI and majority was between 1-2 seconds though with few going as far as 5 seconds.
Using cloud storage is going to be a massive latency issue, using transit is also a massive latency add-on. Combine them and you’ll get the results you see.
Upgrade to at least 1.7 (1.8 would be better) and use Integrated storage for best results.
One last note: a 3 nodes is not “HA”. That’s just a multi-node cluster. It only matters if you’re talking about OSS vs Enterprise licenses as Enterprise gives you DR cluster/sync.
one challenge would be to migrate from aws/dynamo to an integrated storage as vault is shared across multiple teams/projects though only one currently relies on vault for encryotion during transit. any thoughts/suggestions?thanks
I’m still using 1.6.3 with Consul on the backend but we’re doing high production testing against 1.8 and Integrated Storage. It looks and is responding great, so yes that’s my recommendation.
I’d say reducing integrated storage everyone wins, so I don’t see why not move. There is nothing special about cloud storage so, why not gain the advantage.