Using couchbase with micro services

security

#1

Hi there,

We have developed 100 microservices which each require their own datastore. No data stores should be shared, microservices should communicate with each other over HTTP to to CRUD actions on other resources.

Since there is a limit of 10 buckets per couchbase server cluster, what is the best practice regarding security?
I.e. a micro service can be authorized to use a single bucket with a password policy. But given the 10/1 ratio, sharing buckets is inevitable, which means common passwords. I can see several options, what do people think?

  1. Provision a ‘stack’ - a seperate server cluster for each service, in a way we’ve seen done by products like Rancher.
  2. Share buckets amongst microservice ‘bounded contexts’.
  3. Define ‘namespaces’ within a bucket and implement some kind of ‘role based access control’ authorization handler that grants access.

Thanks