Stackable
-
|
I need to link OPA to Envoy, but I also want the bundle builder functionality of the operator. Setting Is it possible to do this? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
The Stackable opa-operator is only guaranteed to work with the Stackable OPA image. This is because all versions and paths in the docker image need to precisely match what the operator expects. Also we ship some special tools in the image that are needed. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks. I've been able to add opa-envoy as an extra container to the pod. The downside is running 2 instances of OPA so I'll probably deploy this combination manually rather than using the OpaCluster CRD. podOverrides:
spec:
containers:
- name: opa-envoy
image: docker.io/openpolicyagent/opa:1.13.1-envoy-4-static
securityContext:
runAsUser: 1111
args:
- "run"
- "--server"
- "--config-file=/config/config.yaml"
- "--addr=0.0.0.0:8181"
- "--diagnostic-addr=0.0.0.0:8282"
- "--shutdown-grace-period=120"
- "--disable-telemetry"
- "--log-level=info"
ports:
- name: grpc
containerPort: 9191
protocol: TCP
- name: health
containerPort: 8282
protocol: TCP
- name: http
containerPort: 8181
protocol: TCP
livenessProbe:
httpGet:
path: /health?plugins
scheme: HTTP
port: health
initialDelaySeconds: 5
periodSeconds: 5
readinessProbe:
httpGet:
path: /health?plugins
scheme: HTTP
port: health
initialDelaySeconds: 5
periodSeconds: 5
volumeMounts:
- readOnly: true
mountPath: /config
name: opa-envoy-config
volumes:
- name: opa-envoy-config
configMap:
name: opa-envoy-config |
Beta Was this translation helpful? Give feedback.
The Stackable opa-operator is only guaranteed to work with the Stackable OPA image. This is because all versions and paths in the docker image need to precisely match what the operator expects. Also we ship some special tools in the image that are needed.
You might be able to add the envoy plugin to the Stackable OPA, but I'm not aware of anyone that already did that.