I have multiple k8 pods where my service is running where the logic to make a connection to zookeeper (running as a cluster) and then participate in leader election on path /election is present. Now, because there are multiple apps : App1, App2, App3 and all of them are running my service thus all pods under them connect to zk and participate in leader election. But i want only the pods of App1 to connect to this zk path and participate in leader election. The number of apps can increase/decrease.
I have a way to get the app Id of the pod thus can make code changes to connect only specific app pods to the zk path. But with this, other app pods need to have latest code changes which cannot be guaranteed. Also is there a way to keep a config in zk itself, where we can have a script to identify whether a server can connect with the specific zk path or not?
One way I could think of is, you can protect the
/electionpath with an ACL and make it accessible only to App1. You can give only App1 the create permission under the path and protect it with a password and thus only App1 will be able to create ephemeral nodes under/electionpath and other apps that do not have access to this password, will not be able to create nodes under this path.One caveat in this approach is that, the apps other than App1 will start seeing Unauthorized Error from the moment you create the ACL for this path.