First steps

After you went through the Installation, on this page you will deploy OPA, deploy your first rule and query it from the command line.

Deploy OPA

To deploy OPA, you create an OpaCluster resource in Kubernetes and the operator will create the OPA instance. Create a file called opa.yaml with the following contents:

---
apiVersion: opa.stackable.tech/v1alpha1
kind: OpaCluster
metadata:
  name: simple-opa
spec:
  image:
    productVersion: "0.67.1"
  servers:
    roleGroups:
      default: {}

and apply it:

kubectl apply -f opa.yaml

This will create an OPA cluster. The operator deploys a DaemonSet, which means that an OPA Pod is deployed on every Node of the cluster. This reduces network traffic and improves latency for decision requests, since every other Pod making decision requests will only have to make its request to another port on the same Node.

Deploy a policy rule

Now deploy the first policy rule to OPA. Rules are deployed in ConfigMaps. Create a file simple-rule.yaml with the following contents:

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: test
  labels:
    opa.stackable.tech/bundle: "true"
data:
  test.rego: |
    package test

    hello {
      true
    }

    world {
      false
    }

and apply it:

kubectl apply -f simple-rule.yaml

The operator will read the rule file, bundle it and publish the bundle to all OPA instances.

Make policy requests

Now that you have deployed the rule, you can query OPA for it. First, port-forward the service so you can query it from outside the Kubernetes cluster:

kubectl port-forward svc/simple-opa 8081 > /dev/null 2>&1 &

Then, request the hello rule:

curl -s http://localhost:8081/v1/data/test/hello

As it was defined in the rule file, the response should be true:

{"result":true}

You can also request the other rule, world:

curl -s http://localhost:8081/v1/data/test/world

And see a different response:

{}

Great! You’ve set up OPA, deployed a rule and queried it!

What’s next

Have a look at the Usage guide page for more configuration options of the operator.