Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Helm Chart for OPA #7109

Open
LuciaCabanillasRodriguez opened this issue Oct 9, 2024 · 6 comments
Open

Helm Chart for OPA #7109

LuciaCabanillasRodriguez opened this issue Oct 9, 2024 · 6 comments

Comments

@LuciaCabanillasRodriguez

Request for Helm Chart Support

Hello,

I'm currently looking to deploy Open Policy Agent (OPA) using Helm, and I would like to know if there is an existing Helm chart that supports both HTTP and HTTPS protocols.

Thank you for your help!

Best regards,
Lucía

@charlieegan3
Copy link
Contributor

Hi @LuciaCabanillasRodriguez. OPA is relatively simple to deploy as a Deployment in Kubernetes environments.

There is an example of the YAML required to do so here, in one of the OPA tutorials on ingress validation: https://www.openpolicyagent.org/docs/latest/kubernetes-tutorial/#6-deploy-opa-as-an-admission-controller

Is your use case K8s admission related or something else? Is there a reason that you need a helm chart specifically over using a K8s deployment YAML alone?

HTTP and HTTPS protocols

It's relatively simple to have OPA load certificates from secret mounted as volumes from cert-manager (https://cert-manager.io). However, it's also common if OPA is running behind an ingress controller or gateway to terminate TLS there too.

@LuciaCabanillasRodriguez
Copy link
Author

In my case, I’m not focused on deploying OPA as an Admission Controller. Instead, I want to deploy Open Policy Agent (OPA) as a general-purpose policy engine, which provides unified, context-aware policy enforcement across the entire stack.

I noticed there was a Helm chart available in helm/stable/opa, but it seems to be deprecated. I would need a current Helm chart for my deployment.

@anderseknert
Copy link
Member

There's this one in kube-mgmt repo: https://github.com/open-policy-agent/kube-mgmt/tree/master/charts/opa-kube-mgmt

AFAIK, it can be used even when kube-mgmt is not used.

@LuciaCabanillasRodriguez
Copy link
Author

It would be ideal if a Helm chart could be added directly to the OPA repository rather than relying on the kube-mgmt repository. This would help avoid confusion and provide a more straightforward deployment aligned with the intended use. Additionally, having a dedicated Helm chart for each purpose (such as policy management or enforcement) would offer greater flexibility, making it easier to deploy OPA for different use cases without relying on outdated or unrelated charts.

@anderseknert
Copy link
Member

I think having things like Helm charts outside of the core project is reasonable, as OPA caters to a whole bunch of use cases of which many are unrelated to Kubernetes. But we could definitely do better to help users discover resources such as that one. For example, an entry for Helm under the ecosystem pages would likely help with discoverability.

Copy link

stale bot commented Nov 9, 2024

This issue has been automatically marked as inactive because it has not had any activity in the last 30 days. Although currently inactive, the issue could still be considered and actively worked on in the future. More details about the use-case this issue attempts to address, the value provided by completing it or possible solutions to resolve it would help to prioritize the issue.

@stale stale bot added the inactive label Nov 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants