Usage
After installation, the CRD for this operator must be created:
kubectl apply -f /etc/stackable/opa-operator/crd/openpolicyagent.crd.yaml
To create a single node OPA (v0.41.0) cluster with Prometheus metrics exposed on port 8081:
apiVersion: opa.stackable.tech/v1alpha1
kind: OpaCluster
metadata:
name: simple-opa
spec:
version: "0.41.0-stackable0.1.0"
servers:
roleGroups:
default:
selector:
matchLabels:
kubernetes.io/os: linux
Please note that the version you need to specify is not only the version of OPA which you want to roll out, but has to be amended with a Stackable version as shown. This Stackable version is the version of the underlying container image which is used to execute the processes. For a list of available versions please check our image registry. It should generally be safe to simply use the latest image version that is available.
Bundle Sources
OPA bundles are generated from ConfigMap
objects by a side car container running along side the OPA server.
Alternatively, the OPA servers can load bundles from a remote server when a regoRuleReference
is configured in the role group’s config
section.
Monitoring
The managed OPA instances are automatically configured to export Prometheus metrics. See Monitoring for more details.
Configuration & Environment Overrides
The cluster definition also supports overriding configuration properties and environment variables, either per role or per role group, where the more specific override (role group) has precedence over the less specific one (role).
Do not override port numbers. This will lead to faulty installations. |