Here is how I start the policy-controller (args from container-spec snippet of a k8s pod):
args:
- --addr=https://127.0.0.1:7925
- --tls-cert-file=/etc/kubernetes/ssl/policy-controller/policy-controller-cert.pem
- --tls-private-key-file=/etc/kubernetes/ssl/policy-controller/policy-controller-key.key
- --opa-url=https://localhost:8181/v1
- --opa-ca-file=/etc/kubernetes/ssl/policy-controller/opa-ca.ca
- --opa-auth-token-file=/etc/kubernetes/ssl/policy-controller/policy-controller.authorization.token
- --log-level=info
And here how I start opa (args from container-spec snippet of a k8s pod):
args:
- run
- --server
- --addr=https://127.0.0.1:8181
- --tls-cert-file=/etc/kubernetes/ssl/policy-controller/opa-cert.pem
- --tls-private-key-file=/etc/kubernetes/ssl/policy-controller/opa-key.key
- /policy
- /etc/kubernetes/ssl/policy-controller/policy-controller.authorization.rego
- -l=info
- -w
And the resulting memory usage when executing x.go
:
When I drop the https configuration between opa and policy agent I'm not able to get this behaviour.