Skip to content

Instantly share code, notes, and snippets.

@chrischdi
Last active December 7, 2018 12:21
Show Gist options
  • Save chrischdi/12e7b6ae1f096167aa310c9704ae9987 to your computer and use it in GitHub Desktop.
Save chrischdi/12e7b6ae1f096167aa310c9704ae9987 to your computer and use it in GitHub Desktop.
opa memory problem

Memory utilization: image

Snippet how opa is started (it is a container spec for a kubernetes pod):

  - name: opa
    image: reg-dhc.app.corpintra.net/caas/opa:0.10.1
    imagePullPolicy: Always
    args:
    - run
    - --server
    - --addr=https://127.0.0.1:8181
    - --tls-cert-file=/etc/kubernetes/ssl/policy-controller/opa-cert.pem
    - --tls-private-key-file=/etc/kubernetes/ssl/policy-controller/opa-key.key
    - /policy
    - /etc/kubernetes/ssl/policy-controller/policy-controller.authorization.rego
    - -l=info
    - -w
package main
import (
"bytes"
"crypto/tls"
"encoding/json"
"log"
"net/http"
"github.com/open-policy-agent/opa/server/types"
)
func postAuthorizationQuery() {
var body types.QueryRequestV1
body.Query = `
data.authorization.deny[{
"id": id,
"resource": {"kind": "globalfelixconfigs", "namespace": "", "name": "hcbGbrFyuP"},
"resolution": resolution,
}] with data["kubernetes"]["globalfelixconfigs"][""]["hcbGbrFyuP"] as {} with input as {
"kind":"SubjectAccessReview",
"apiVersion":"authorization.k8s.io/v1beta1",
"metadata":{
"creationTimestamp":null
},
"spec":{
"resourceAttributes":{
"verb":"create",
"group":"crd.projectcalico.org",
"version":"v1",
"resource":"globalfelixconfigs"
},
"user":"bob",
"group":["dhc:cni","system:authenticated"]
},
}`
var buf bytes.Buffer
encoder := json.NewEncoder(&buf)
if err := encoder.Encode(body); err != nil {
log.Fatal(err)
}
req, err := http.NewRequest("POST", "https://localhost:8181/v1/query", &buf)
if err != nil {
log.Fatal(err)
}
tr := &http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
client := &http.Client{Transport: tr}
resp, err := client.Do(req)
if err != nil {
log.Fatal(err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
log.Fatal(resp)
}
var x interface{}
if err := json.NewDecoder(resp.Body).Decode(&x); err != nil {
log.Fatal(err)
}
// fmt.Println(x)
}
func main() {
// postAuthorizationQuery()
for {
postAuthorizationQuery()
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment