The ability to backup policies to AWS S3 buckets instead of local FS / mounted volumes in k8s

[kostiapl]

Is your feature request related to a problem? Please describe. We'd like to leverage OPAL client capabilities (STORE_BACKUP_PATH, OFFLINE_MODE_ENABLED, STORE_BACKUP_INTERVAL) when backing up policies to S3 buckets, rather than using mounted volumes in the K8s cluster. This is necessary due to the limitations of our platform, which does not support the ReadWriteMany access mode for volumes, especially when dealing with multiple pods equipped with the OPAL client.

Describe the solution you'd like The ability to back up policies to S3 buckets instead of mounted volumes.

Describe alternatives you've considered CSI for S3 https://github.com/ctrox/csi-s3

Additional context Currently, we use custom written k8s admission controller and mutation web hooks that inject sidecar containers (the pair of OPAL client and OPA server) for implementation of distributed authorization. We would like to use backing up policy functionality of OPAL client that would allow us to avoid services downtime in cases when git server with the policies is not available for some reason.

[roekatz]

Hi @kostiapl, sorry for the late respond. Have you had the chance to try using csi-s3? I'm not sure adding support for backup stores for offline mode (other than filesystem) is really something we want to focus on.