HA / Distribution? about opa HOT 5 CLOSED

Hi @sargun!

At this point, OPA does not replicate the built-in data store. It's something we're thinking about, but we haven't gotten around to yet.

That being said, we're actively working on support for custom/pluggable storage backends (#91). This would allow anyone to write their own storage backend, e.g., using an external/replicated service like etcd.

Could you provide any more details on your use case? It could help shape things going forward.

from opa.

My use case at least is to be able to run this as a docker 1.12 service and have > 1 replicas for the service.

Would it be safe enough to implement a DFS between instances and round robin requests to them?

from opa.

Maybe this should turn into a doc on http://www.openpolicyagent.org/documentation/what-is-policy-enablement/ that is titled something like "HA Server Setup" or something like this so people can just follow and setup.

from opa.

@hekaldama at this time, OPA does not support an HA-mode like you described. HA support is still being planned but it's hard to get right and we haven't had time yet.

That being said, if you want to run N replicas of OPA, you're free to distribute data and policies to them as needed. This approach puts more burden on you but also means that OPA can be colocated with the service(s) that it policy enables. Colocating OPA with the service(s) means you don't have to worry about partial failures or the network (to some extent).

Thanks for your interest!

from opa.

Closing this ticket for now. Built-in HA support will likely come from an etcd (or other replicated store) backend. Another promising alternative is to rely on persistence from features like ThirdPartyResources in Kubernetes.

from opa.