Skip to content

Commit 8210a9f

Browse files
dervoetidervoeti
committed
feat: config overrides
1 parent cc6c2e9 commit 8210a9f

14 files changed

Lines changed: 479 additions & 52 deletions

docs/modules/opa/pages/usage-guide/OpenTelemetry.adoc

Lines changed: 10 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,19 @@
11
= OpenTelemetry
22
:description: Ship OPA traces and logs to OpenTelemetry
3-
:opa-docs: https://v1-4-2--opa-docs.netlify.app/configuration/#distributed-tracing
3+
:opa-docs: https://www.openpolicyagent.org/docs/configuration/#distributed-tracing
44

5-
Opa supports sending OpenTelemetry traces as stated in {opa-docs}[the documentation].
5+
OPA supports sending OpenTelemetry traces as stated in {opa-docs}[the documentation].
66

7-
As of SDP 25.7, `configOverrides` are (still) not supported, we are tracking the progress in https://github.com/stackabletech/opa-operator/issues/756[this GitHub issue].
8-
To enable traces you need to modify the config and thus xref:opa:usage-guide/operations/cluster-operations.adoc[pause the reconciliation] of your OpaCluster, so that changes to the ConfigMap aren't immediately overridden by the opa-operator.
9-
10-
WARNING: It's not encouraged to pause the reconciliation more than just temporarily. We recommend disabling it while you debug e.g. performance problems and re-enabling it afterwards. This problem will be solved once we support configOverrides for OPA.
11-
12-
Afterwards you can edit the `<stacklet-name>-server-default` ConfigMap and append a `distributed_tracing` section as follows.
7+
To enable traces, add a `distributed_tracing` section to the OPA configuration using `configOverrides`.
138
Please check the {opa-docs}[OPA documentation] to see what other settings you can configure.
149

1510
[source,yaml]
1611
----
17-
apiVersion: v1
18-
kind: ConfigMap
19-
metadata:
20-
name: opa-server-default
21-
data:
22-
config.json: |-
23-
{
24-
<<< existing JSON >>>
25-
"distributed_tracing": {
26-
"address": "jaeger-collector.default.svc.cluster.local:4317",
27-
"type": "grpc"
28-
}
29-
}
12+
servers:
13+
configOverrides:
14+
config.json:
15+
jsonMergePatch:
16+
distributed_tracing:
17+
address: jaeger-collector.default.svc.cluster.local:4317
18+
type: grpc
3019
----

docs/modules/opa/pages/usage-guide/configuration-environment-overrides.adoc

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,37 @@ This will lead to faulty installations.
88

99
== Configuration properties
1010

11-
Currently, not supported for `config.json`.
11+
OPA's `config.json` can be overridden using `configOverrides`, the supported override strategies are `jsonMergePatch` (RFC 7396) and `jsonPatches` (RFC 6902).
12+
13+
For example per role group:
14+
15+
[source,yaml]
16+
----
17+
servers:
18+
roleGroups:
19+
default:
20+
configOverrides:
21+
config.json:
22+
jsonMergePatch:
23+
distributed_tracing:
24+
address: jaeger-collector.default.svc.cluster.local:4317
25+
type: grpc
26+
----
27+
28+
or per role:
29+
30+
[source,yaml]
31+
----
32+
servers:
33+
configOverrides:
34+
config.json:
35+
jsonPatches:
36+
- '{"op": "replace", "path": "/bundles/stackable/polling/min_delay_seconds", "value": 3}'
37+
- '{"op": "add", "path": "/default_decision", "value": "allow"}'
38+
roleGroups:
39+
default:
40+
config: {}
41+
----
1242

1343
== Environment variables
1444

extra/crds.yaml

Lines changed: 152 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -1121,17 +1121,50 @@ spec:
11211121
type: object
11221122
type: object
11231123
configOverrides:
1124-
additionalProperties:
1125-
additionalProperties:
1126-
type: string
1127-
type: object
1128-
default: {}
11291124
description: |-
11301125
The `configOverrides` can be used to configure properties in product config files
11311126
that are not exposed in the CRD. Read the
11321127
[config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides)
11331128
and consult the operator specific usage guide documentation for details on the
11341129
available config files and settings for the specific product.
1130+
properties:
1131+
config.json:
1132+
description: Overrides for the OPA `config.json` file.
1133+
nullable: true
1134+
oneOf:
1135+
- required:
1136+
- jsonMergePatch
1137+
- required:
1138+
- jsonPatches
1139+
- required:
1140+
- userProvided
1141+
properties:
1142+
jsonMergePatch:
1143+
description: |-
1144+
Can be set to arbitrary YAML content, which is converted to JSON and used as
1145+
[RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch.
1146+
x-kubernetes-preserve-unknown-fields: true
1147+
jsonPatches:
1148+
description: |-
1149+
List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches.
1150+
1151+
Can be used when more flexibility is needed, e.g. to only modify elements
1152+
in a list based on a condition.
1153+
1154+
A patch looks something like
1155+
1156+
`{"op": "test", "path": "/0/name", "value": "Andrew"}`
1157+
1158+
or
1159+
1160+
`{"op": "add", "path": "/0/happy", "value": true}`
1161+
items:
1162+
type: string
1163+
type: array
1164+
userProvided:
1165+
description: Override the entire config file with the specified String.
1166+
type: string
1167+
type: object
11351168
type: object
11361169
envOverrides:
11371170
additionalProperties:
@@ -1680,17 +1713,50 @@ spec:
16801713
type: object
16811714
type: object
16821715
configOverrides:
1683-
additionalProperties:
1684-
additionalProperties:
1685-
type: string
1686-
type: object
1687-
default: {}
16881716
description: |-
16891717
The `configOverrides` can be used to configure properties in product config files
16901718
that are not exposed in the CRD. Read the
16911719
[config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides)
16921720
and consult the operator specific usage guide documentation for details on the
16931721
available config files and settings for the specific product.
1722+
properties:
1723+
config.json:
1724+
description: Overrides for the OPA `config.json` file.
1725+
nullable: true
1726+
oneOf:
1727+
- required:
1728+
- jsonMergePatch
1729+
- required:
1730+
- jsonPatches
1731+
- required:
1732+
- userProvided
1733+
properties:
1734+
jsonMergePatch:
1735+
description: |-
1736+
Can be set to arbitrary YAML content, which is converted to JSON and used as
1737+
[RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch.
1738+
x-kubernetes-preserve-unknown-fields: true
1739+
jsonPatches:
1740+
description: |-
1741+
List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches.
1742+
1743+
Can be used when more flexibility is needed, e.g. to only modify elements
1744+
in a list based on a condition.
1745+
1746+
A patch looks something like
1747+
1748+
`{"op": "test", "path": "/0/name", "value": "Andrew"}`
1749+
1750+
or
1751+
1752+
`{"op": "add", "path": "/0/happy", "value": true}`
1753+
items:
1754+
type: string
1755+
type: array
1756+
userProvided:
1757+
description: Override the entire config file with the specified String.
1758+
type: string
1759+
type: object
16941760
type: object
16951761
envOverrides:
16961762
additionalProperties:
@@ -2887,17 +2953,50 @@ spec:
28872953
type: object
28882954
type: object
28892955
configOverrides:
2890-
additionalProperties:
2891-
additionalProperties:
2892-
type: string
2893-
type: object
2894-
default: {}
28952956
description: |-
28962957
The `configOverrides` can be used to configure properties in product config files
28972958
that are not exposed in the CRD. Read the
28982959
[config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides)
28992960
and consult the operator specific usage guide documentation for details on the
29002961
available config files and settings for the specific product.
2962+
properties:
2963+
config.json:
2964+
description: Overrides for the OPA `config.json` file.
2965+
nullable: true
2966+
oneOf:
2967+
- required:
2968+
- jsonMergePatch
2969+
- required:
2970+
- jsonPatches
2971+
- required:
2972+
- userProvided
2973+
properties:
2974+
jsonMergePatch:
2975+
description: |-
2976+
Can be set to arbitrary YAML content, which is converted to JSON and used as
2977+
[RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch.
2978+
x-kubernetes-preserve-unknown-fields: true
2979+
jsonPatches:
2980+
description: |-
2981+
List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches.
2982+
2983+
Can be used when more flexibility is needed, e.g. to only modify elements
2984+
in a list based on a condition.
2985+
2986+
A patch looks something like
2987+
2988+
`{"op": "test", "path": "/0/name", "value": "Andrew"}`
2989+
2990+
or
2991+
2992+
`{"op": "add", "path": "/0/happy", "value": true}`
2993+
items:
2994+
type: string
2995+
type: array
2996+
userProvided:
2997+
description: Override the entire config file with the specified String.
2998+
type: string
2999+
type: object
29013000
type: object
29023001
envOverrides:
29033002
additionalProperties:
@@ -3446,17 +3545,50 @@ spec:
34463545
type: object
34473546
type: object
34483547
configOverrides:
3449-
additionalProperties:
3450-
additionalProperties:
3451-
type: string
3452-
type: object
3453-
default: {}
34543548
description: |-
34553549
The `configOverrides` can be used to configure properties in product config files
34563550
that are not exposed in the CRD. Read the
34573551
[config overrides documentation](https://docs.stackable.tech/home/nightly/concepts/overrides#config-overrides)
34583552
and consult the operator specific usage guide documentation for details on the
34593553
available config files and settings for the specific product.
3554+
properties:
3555+
config.json:
3556+
description: Overrides for the OPA `config.json` file.
3557+
nullable: true
3558+
oneOf:
3559+
- required:
3560+
- jsonMergePatch
3561+
- required:
3562+
- jsonPatches
3563+
- required:
3564+
- userProvided
3565+
properties:
3566+
jsonMergePatch:
3567+
description: |-
3568+
Can be set to arbitrary YAML content, which is converted to JSON and used as
3569+
[RFC 7396](https://datatracker.ietf.org/doc/html/rfc7396) JSON merge patch.
3570+
x-kubernetes-preserve-unknown-fields: true
3571+
jsonPatches:
3572+
description: |-
3573+
List of [RFC 6902](https://datatracker.ietf.org/doc/html/rfc6902) JSON patches.
3574+
3575+
Can be used when more flexibility is needed, e.g. to only modify elements
3576+
in a list based on a condition.
3577+
3578+
A patch looks something like
3579+
3580+
`{"op": "test", "path": "/0/name", "value": "Andrew"}`
3581+
3582+
or
3583+
3584+
`{"op": "add", "path": "/0/happy", "value": true}`
3585+
items:
3586+
type: string
3587+
type: array
3588+
userProvided:
3589+
description: Override the entire config file with the specified String.
3590+
type: string
3591+
type: object
34603592
type: object
34613593
envOverrides:
34623594
additionalProperties:

0 commit comments

Comments
 (0)