The cluster definition also supports overriding configuration properties and environment variables, either per role or per role group, where the more specific override (role group) has precedence over the less specific one (role).
|
Important
|
Do not override port numbers. This will lead to faulty installations. |
OPA’s config.json can be overridden using configOverrides, the supported override strategies are jsonMergePatch (RFC 7396) and jsonPatches (RFC 6902).
For example per role group:
servers:
roleGroups:
default:
configOverrides:
config.json:
jsonMergePatch:
distributed_tracing:
address: jaeger-collector.default.svc.cluster.local:4317
type: grpcor per role:
servers:
configOverrides:
config.json:
jsonPatches:
- '{"op": "replace", "path": "/bundles/stackable/polling/min_delay_seconds", "value": 3}'
- '{"op": "add", "path": "/default_decision", "value": "allow"}'
roleGroups:
default:
config: {}Environment variables can be (over)written by adding the envOverrides property.
For example per role group:
servers:
roleGroups:
default:
config: {}
envOverrides:
MY_ENV_VAR: "MY_VALUE"or per role:
servers:
envOverrides:
MY_ENV_VAR: "MY_VALUE"
roleGroups:
default:
config: {}The OPA operator supports overriding command-line arguments passed to the OPA binary via the cliOverrides property.
This allows you to customize OPA’s behavior by passing additional or overriding existing command-line flags.
CLI overrides can be specified at both the role and rolegroup level, with rolegroup overrides taking precedence over role overrides.
For example, per rolegroup:
servers:
roleGroups:
default:
cliOverrides:
--log-format: json-pretty
--diagnostic-addr: "0.0.0.0:8282"or per role:
servers:
cliOverrides:
--log-format: json
--diagnostic-addr: "0.0.0.0:8282"
roleGroups:
default: {}For a complete list of available flags, refer to the OPA documentation.