The Stackable Operator for OpenPolicyAgent (OPA) publishes a discovery
ConfigMap, which exposes a client configuration bundle that allows access to the OPA cluster.
The bundle includes a connection string to access the OPA cluster. This string may be used by other operators or tools to configure their products with access to OPA. This is limited to internal cluster access.
Given the following OPA cluster:
apiVersion: opa.stackable.tech/v1alpha1 kind: OpaCluster metadata: name: simple-opa (1) namespace: stackable (2) spec: […]
|1||The name of the OPA cluster, which is also the name of the created discovery
|2||The namespace of the discovery
The resulting discovery
ConfigMap contains the following fields where
simple-opa represents the name and
stackable the namespace of the cluster:
A connection string for cluster internal OPA requests. Provided the cluster example above, the connection string is created as follows:
This connection string points to the base URL (and web UI) of the OPA cluster. In order to query policies you have to configure your product and its OPA url as follows, given the rego package name
opa-test and the policy name