Discovery

The Stackable Operator for OpenPolicyAgent (OPA) publishes a discovery ConfigMap, which exposes a client configuration bundle that allows access to the OPA cluster.

The bundle includes a connection string to access the OPA cluster. This string may be used by other operators or tools to configure their products with access to OPA. This is limited to internal cluster access.

Example

Given the following OPA cluster:

apiVersion: opa.stackable.tech/v1alpha1
kind: OpaCluster
metadata:
  name: simple-opa (1)
  namespace: stackable (2)
spec:
  […​]
1 The name of the OPA cluster, which is also the name of the created discovery ConfigMap.
2 The namespace of the discovery ConfigMap.

The resulting discovery ConfigMap is stackable/simple-opa.

Contents

The stackable/simple-opa discovery ConfigMap contains the following fields where simple-opa represents the name and stackable the namespace of the cluster:

OPA

A connection string for cluster internal OPA requests. Provided the cluster example above, the connection string is created as follows:

http://simple-opa.stackable.svc.cluster.local:8081/

This connection string points to the base URL (and web UI) of the OPA cluster. In order to query policies you have to configure your product and its OPA url as follows, given the bundle package name opa-test and the policy name allow:

http://simple-opa.stackable.svc.cluster.local:8081/v1/data/opa-test/allow