Skip to content

docs: Add note about v1.0 addr behaviour #7398

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
charlieegan3 merged 1 commit into from
Feb 27, 2025
Merged

docs: Add note about v1.0 addr behaviour #7398

charlieegan3 merged 1 commit into from
Feb 27, 2025

Conversation

@charlieegan3
Copy link
Contributor

@charlieegan3 charlieegan3 commented Feb 27, 2025

@netlify
Copy link

netlify bot commented Feb 27, 2025
edited
Loading

Deploy Preview for openpolicyagent ready!

Name Link
🔨 Latest commit 567f579
🔍 Latest deploy log https://app.netlify.com/sites/openpolicyagent/deploys/67c0743bc547e5000955b111
😎 Deploy Preview https://deploy-preview-7398--openpolicyagent.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

anderseknert
anderseknert approved these changes Feb 27, 2025
View reviewed changes
docs/content/v0-upgrade.md
it's good practice to bind OPA to localhost by default if OPA is not intended to
be exposed to remote services.

If you need to replicate the v0.x behaviour, you can use the `--addr` flag to
Copy link
Member

@anderseknert anderseknert Feb 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps worth explicitly calling out that this is likely necessary when running OPA in Docker?

Copy link
Contributor Author

@charlieegan3 charlieegan3 Feb 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, I've added an info block for that now

srenatus
srenatus approved these changes Feb 27, 2025
View reviewed changes
Copy link
Contributor

@srenatus srenatus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick aside, lgtm

docs/content/deployments.md Outdated
in other environments.

More information can be found in the
[security documentation](https://www.openpolicyagent.org/docs/latest/security/#interface-binding).
Copy link
Contributor

@srenatus srenatus Feb 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nit] Should this be a relevant....no, a relative link? Or can't we do that with # anchors? 🤔

Copy link
Contributor Author

@charlieegan3 charlieegan3 Feb 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah that's fair, I have updated.

@charlieegan3 charlieegan3 merged commit 85eaacd into open-policy-agent:main Feb 27, 2025
28 checks passed
charlieegan3 added a commit to charlieegan3/opa-envoy-plugin that referenced this pull request Mar 5, 2025
@charlieegan3
docs: Use all interfaces in quick start examples
18b3588 
https://github.com/orgs/open-policy-agent/discussions/671

open-policy-agent/opa#7398

Signed-off-by: Charlie Egan <[email protected]>
@charlieegan3 charlieegan3 mentioned this pull request Mar 5, 2025
Merged
anderseknert pushed a commit to open-policy-agent/opa-envoy-plugin that referenced this pull request Mar 5, 2025
@charlieegan3
docs: Use all interfaces in quick start examples (#674)
285a102 
https://github.com/orgs/open-policy-agent/discussions/671

open-policy-agent/opa#7398

Signed-off-by: Charlie Egan <[email protected]>
Co-authored-by: Charlie Egan <[email protected]>
@liqiongbu
Copy link

liqiongbu commented Jun 27, 2025
edited
Loading

@charlieegan3 I am having issue when migrating to v1 #7735
My guess is that the -addr behavior changed from v0 to v1 since we used to always set -addr to localhost:8181
Could you help me confirm on this? Should we update the config to -addr 0.0.0:8181 to make v1 migration work? Thanks!

@anderseknert
Copy link
Member

anderseknert commented Jun 27, 2025

@liqiongbu yeah, a pretty common issue people run into when bumping OPA to 1.0+ is that from 1.0 and onwards, OPA's server now only binds to the localhost interface by default, where it precvously would bind to all interfaces. Docker doesn't seem too happy about exposing localhost to the outside, which typically manifests in the way you describe.

What I don't understand why there is a difference if you start both versions with localhost explicitly set as the netwokr interface. That should break the same way in any version. We only changed the default when nothing is provided.

@liqiongbu
Copy link

liqiongbu commented Jun 27, 2025

This is also where I get confusions from, since we always explicitly set addr, I should expect I don't have to overwrite this in v1 migration
Some context to note:
1, we use nomad deployment
2, opa is set as sidecar
3,I'd love to provide more config info if that helps with this issue

@liqiongbu
Copy link

liqiongbu commented Jun 27, 2025

I think I linked the wrong issue, here is the one: #7735

@charlieegan3
Copy link
Contributor Author

charlieegan3 commented Jun 28, 2025

Hey @liqiongbu - let's continue the chat on the new issue! 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anderseknert anderseknert anderseknert approved these changes

@srenatus srenatus srenatus approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

docs: Add --addr cmd argument in documentations

4 participants

@charlieegan3 @liqiongbu @anderseknert @srenatus