-
Notifications
You must be signed in to change notification settings - Fork 1.3k
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Query evaluation taking more time when opa is used as envoy authorization filter #2575
Comments
@PriyaKatkade it's tough to say without addition information like:
|
|
@PriyaKatkade please retest with the latest version: |
@tsandall Thank you. According to decision metrics logs, "timer_server_handler_ns" is taking more time. Also "timer_rego_query_eval_ns" is sometime taking microseconds but lots of time its taking milliseconds. I have a simple policy: package envoy.authz For this policy its taking 2-3 milliseconds decision time. i didn't get why this is happening even though policy is very simple |
@PriyaKatkade sorry for the delayed response. Did you get this resolved? If a trivial policy like the one above is taking 2-3 milliseconds in your environment, that sounds like a hardware/environmental issue. For example, on my thinkpad, query evaluation of that trivial policy takes about 20 microseconds:
|
I'm going to close this issue because there hasn't been a response and it's unclear whether this was just an environmental issue. We can re-open if needed. |
I am running OPA as a authorization filter in envoy. I have written a simple RBAC policy. I have executed policy in REGO playground. Its taking microseconds to evaluate the policy. But if I provide same policy to OPA which is running as an authorization filter its taking milliseconds to evaluate the policy, so which is not effective for us.
Would you please tell me why this is happening?
The text was updated successfully, but these errors were encountered: