Workflow identity for backup storage (AKS/Azure Blog Storage)

Hi,

I want to use workflow identity for my backup storage, or rather for the jobs. I found a thread that received no answers recently, hence I am making another one.

The thread: How do we add an AWS IRSA annotation to the backups to grant S3 access - #9 by Gerwin_van_de_Steeg

My end goal is to define service accounts that can access a backup “bucket” of some kind. And then apply that policy to the jobs etc.. Is this currently possible and just a matter of documentation. Or not possible with Everest?

I am fine with creating objects as CRDs — the UI is not my concern.

Till

Hey @Till .

Which database engine are you using (PostgreSQL, MySQL, MongoDB)?

The reason I’m asking is because the underlying Operators themselves should support IRSA. I’m not sure if Percona Operators currently support IRSA, but maybe @Ege_Gunes can confirm.

Hi,

thank you for your response! I’m mostly interested in Postgres — but I think MongoDB would be interesting as well.

hey @Till ,

I see that MongoDB Operator most likely supports IRSA: How to Use IAM Roles for Service Accounts (IRSA) with … | Percona Community

I will check with the team re effort required to add it into Everest and come back to you.

As for PostgreSQL - can’t find anything.

@Natalia_Marukovich do you know more about it?

@spronin we are mostly using postgresql with everest currently, have there been any updates as to what’s supported where?

Hey @Till .

There are huge updates re everest overall, which is no OpenEverest Read more here.

As for support of IRSA: we need to figure out first if it is something that Operator supports. Let me try to chase folks at Percona.