Discovery
The Stackable Operator for OpenPolicyAgent (OPA) publishes a discovery ConfigMap
, which exposes a client configuration bundle that allows access to the OPA cluster.
The bundle includes a connection string to access the OPA cluster. This string may be used by other operators or tools to configure their products with access to OPA. This is limited to internal cluster access.
Example
Given the following OPA cluster:
apiVersion: opa.stackable.tech/v1alpha1
kind: OpaCluster
metadata:
name: simple-opa (1)
namespace: stackable (2)
spec:
[…]
1 | The name of the OPA cluster, which is also the name of the created discovery ConfigMap . |
2 | The namespace of the discovery ConfigMap . |
The resulting discovery ConfigMap
is stackable/simple-opa
.
Contents
The stackable/simple-opa
discovery ConfigMap
contains the following fields where simple-opa
represents the name and stackable
the namespace of the cluster:
OPA
A connection string for cluster internal OPA requests. Provided the cluster example above, the connection string is created as follows:
http://simple-opa.stackable.svc.cluster.local:8081/
This connection string points to the base URL (and web UI) of the OPA cluster. In order to query policies you have to configure your product and its OPA url as follows, given the bundle package name opa-test
and the policy name allow
:
http://simple-opa.stackable.svc.cluster.local:8081/v1/data/opa-test/allow