Skip to content

configuration-environment-overrides.adoc

Latest commit

 

History

History
108 lines (84 loc) · 2.71 KB

configuration-environment-overrides.adoc

File metadata and controls

108 lines (84 loc) · 2.71 KB

Configuration & Environment Overrides

The cluster definition also supports overriding configuration properties and environment variables, either per role or per role group, where the more specific override (role group) has precedence over the less specific one (role).

Important
 Do not override port numbers. This will lead to faulty installations.

Configuration properties

OPA’s config.json can be overridden using configOverrides. For details on the supported override strategies, see the config overrides documentation.

For example per role:

servers:
  configOverrides:
    config.json:
      jsonPatches:
        - '{"op": "replace", "path": "/bundles/stackable/polling/min_delay_seconds", "value": 3}'
        - '{"op": "add", "path": "/default_decision", "value": "allow"}'
  roleGroups:
    default:
      config: {}

or per role group:

servers:
  roleGroups:
    default:
      configOverrides:
        config.json:
          jsonMergePatch:
            distributed_tracing:
              address: jaeger-collector.default.svc.cluster.local:4317
              type: grpc

Environment variables

Environment variables can be (over)written by adding the envOverrides property.

For example per role:

servers:
  envOverrides:
    MY_ENV_VAR: "MY_VALUE"
  roleGroups:
    default:
      config: {}

or per role group:

servers:
  roleGroups:
    default:
      config: {}
      envOverrides:
        MY_ENV_VAR: "MY_VALUE"

CLI overrides

The OPA operator supports overriding command-line arguments passed to the OPA binary via the cliOverrides property. This allows you to customize OPA’s behavior by passing additional or overriding existing command-line flags.

CLI overrides can be specified at both the role and rolegroup level, with rolegroup overrides taking precedence over role overrides.

For example, per role:

servers:
  cliOverrides:
    --log-format: json
    --diagnostic-addr: "0.0.0.0:8282"
  roleGroups:
    default: {}

or per rolegroup:

servers:
  roleGroups:
    default:
      cliOverrides:
        --log-format: json-pretty
        --diagnostic-addr: "0.0.0.0:8282"

For a complete list of available flags, refer to the OPA documentation.

Pod overrides

The OPA operator also supports Pod overrides, allowing you to override any property that you can set on a Kubernetes Pod. Read the Pod overrides documentation to learn more about this feature.