Extract OPA executable from opa docker image #316
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
this allows for various opa versions to be included in the opal-client image (e.g. latest-istio, latest-istio-static, etc.). The tag of the openpolicyagent/opa docker image can be specified through the `opa_tag` docker build argument.
✅ Deploy Preview for opal-docs canceled.
|
|
This looks like very cool. Cc: @asafc , @orishavit |
|
Thanks. Btw the python3.7 |
|
Hi @tibotix, thanks for the PR! I don't think we would like to create multiple variants of the opal-client docker image, but having the OPA binary type as a parameter to the Dockerfile, so that users could build their own, would be very helpful. Thanks! |
|
All right, fair enough. I reverted the corresponding commits. |
orishavit
approved these changes
Nov 8, 2022
|
Thanks! |
filipermit
pushed a commit
to filipermit/opal
that referenced
this pull request
Nov 29, 2022
This allows for various OPA versions to be included in the opal-client image (e.g. latest-istio, latest-istio-static, etc.). The tag of the openpolicyagent/opa docker image can be specified through the `opa_tag` docker build argument.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
It is now possible to include various opa executable versions in the opal-client image (e.g. latest-istio, latest-istio-static, etc.). The tag of the
openpolicyagent/opadocker image can be specified through theopa_tagdocker build argument.In the past only the main
opa_linux_amd64_staticexecutable was downloaded, which does for example not work with theenvoy_ext_authz_grpcplugin. Theopa:latest-istiotag on the other hand does work with theenvoy_ext_authz_grpcplugin.As the opa executable is different in respectively different docker tags, it would be cool to support these different versions as the inline opa process as well.
The current tags that are downloaded from
openpolicyagent/opaare:These can also be configured in the
docker_build_and_publishworkflow.For each tag a separate opal-client image with the respective tag will be published as well.