First steps
After you went through the Installation, on this page you will deploy OPA, deploy your first rule and query it from the command line.
Deploy OPA
To deploy OPA, you just need to create an OpaCluster resource in Kubernetes and the Operator will create the OPA instances. Create a file called opa.yaml
with the following contents:
---
apiVersion: opa.stackable.tech/v1alpha1
kind: OpaCluster
metadata:
name: simple-opa
spec:
image:
productVersion: "0.45.0"
stackableVersion: "23.4.0-rc1"
servers:
roleGroups:
default:
selector:
matchLabels:
kubernetes.io/os: linux
and apply it:
kubectl apply -f opa.yaml
This will create an OPA cluster. The Operator deploys a DaemonSet, so every node in your cluster will have an OPA instance.
Deploy a policy rule
Now deploy the first policy rule to OPA. Rules are deployed in ConfigMaps. Create a file simple-rule.yaml
with the following contents:
---
apiVersion: v1
kind: ConfigMap
metadata:
name: test
labels:
opa.stackable.tech/bundle: "true"
data:
test.rego: |
package test
hello {
true
}
world {
false
}
and apply it:
kubectl apply -f simple-rule.yaml
The Operator will read the rule file, bundle it and publish the bundle to all OPA instances.
Make policy requests
Now that you have deployed the rule, you can query OPA for it. First, port-forward the service so you can query it from outside the Kubernetes cluster:
kubectl port-forward svc/simple-opa 8081 > /dev/null 2>&1 &
Then, request the hello
rule:
curl -s http://localhost:8081/v1/data/test/hello
As it was defined in the rule file, the response should be true
:
{"result":true}
You can also request the other rule, world
:
curl -s http://localhost:8081/v1/data/test/world
And see a different response:
{}
Great! You’ve set up OPA, deployed a rule and queried it!
What’s next
Have a look at the Usage page for more configuration options of the Operator.