add opa support

charts/platform-service/Chart.yaml

@@ -2,4 +2,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: Platform service chart
 name: platform-service
-version: 1.0.30
+version: 1.0.31

charts/platform-service/templates/deployment.yaml

@@ -70,6 +70,28 @@ spec:
 {{- end }}
       {{- end }}
       containers:
+{{ if .Values.opa.enabled }}
+        - name: opa-envoy
+          image: openpolicyagent/opa:0.28.0-envoy
+          imagePullPolicy: IfNotPresent          
+          volumeMounts:
+          - mountPath: /config
+            name: opa-envoy-config
+          args:
+          - run
+          - --server
+          - --addr=localhost:8181
+          - --diagnostic-addr=0.0.0.0:8282
+          - --config-file=/config/config.yaml
+          livenessProbe:
+            httpGet:
+              path: /health?plugins
+              port: 8282
+          readinessProbe:
+            httpGet:
+              path: /health?plugins
+              port: 8282
+{{ end }}
         - name: {{ include "platform-service.name" . }}
           image: "{{ include "image" . }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}

charts/platform-service/values.yaml

@@ -62,6 +62,10 @@ hpa:
   maxReplicas: 3
   minReplicas: 1
 
+opa:
+  # set to true to enable opa.  requires config in a config map called opa-envoy-config
+  enabled: false
+
 defaultRouting:
   # Generate default virtual services and destination rules
   enabled: true
@@ -106,7 +110,6 @@ defaultRouting:
     #  attempts: 3
     #  perTryTimeout: 2s
 
-
   #corsPolicy:
   #  allowOrigins:
   #    - exact: https://example.com
@@ -121,7 +124,6 @@ defaultRouting:
   # route from all hosts (typically only common services)
   allHosts: false
 
-
 # Specify network policies
 networkPolicy:
   # Enable default network policy (set false and create your own if needed)