Merge pull request #10067 from zalando-incubator/dev-to-alpha

szuecs · web-flow · commit dd2d0e92f573 · 2025-10-23T21:50:26.000+02:00
dev to alpha
diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
@@ -395,6 +395,7 @@ skipper_ingress_routegroup_crd_require_hosts: "true"
 skipper_open_policy_agent_enabled: "false"
 skipper_open_policy_agent_styra_token: ""
 skipper_open_policy_agent_data_preprocessing_optimization_enabled: "true"
+skipper_open_policy_agent_preloading_enabled: "false"
 
 # Default timeout value in seconds for outgoing http calls from Open Policy Agent in a skipper filter
 skipper_open_policy_agent_styra_response_header_timeout: "2"
@@ -404,6 +405,11 @@ skipper_open_policy_agent_decision_logs_buffer_type_event_enable: "false"
 # Decision logging sets the maximum number of decision log events that can be buffered before being dropped
 skipper_open_policy_agent_decision_logs_buffer_type_event_limit: "10000"
 
+# Open Policy Agent JWT cache configuration
+skipper_open_policy_agent_jwt_cache_enable: "false"
+# Sets default value for maximum number of entries in the Open Policy Agent JWT cache
+skipper_open_policy_agent_jwt_cache_max_num_entries: "1000"
+
 #
 # FabricGateway controller config
 #
diff --git a/cluster/manifests/skipper/configmap-open-policy-agent.yaml b/cluster/manifests/skipper/configmap-open-policy-agent.yaml
@@ -37,6 +37,13 @@ data:
         buffer_type: "event"
         buffer_size_limit_events: {{ .Cluster.ConfigItems.skipper_open_policy_agent_decision_logs_buffer_type_event_limit }}
     {{ end }}
+    {{ if eq .Cluster.ConfigItems.skipper_open_policy_agent_jwt_cache_enable "true" }}
+    caching: 
+      inter_query_builtin_value_cache:
+        named:
+          io_jwt:
+            max_num_entries: {{ .Cluster.ConfigItems.skipper_open_policy_agent_jwt_cache_max_num_entries }}
+    {{ end }}
   envoymetadata.json: |-
     {
       "filter_metadata": {
diff --git a/cluster/manifests/skipper/deployment.yaml b/cluster/manifests/skipper/deployment.yaml
@@ -1,6 +1,6 @@
 {{/* image-updater-bot detects *image variables so use name with suffix to disable it for the main image */}}
 
-{{ $main_image_updated_manually := "container-registry.zalando.net/teapot/skipper-internal:v0.22.127-1233" }}
+{{ $main_image_updated_manually := "container-registry.zalando.net/teapot/skipper-internal:v0.22.141-1245" }}
 {{ $canary_image := "container-registry.zalando.net/teapot/skipper-internal:v0.22.141-1245" }}
 
 {{/* Optional canary arguments separated by "[cf724afc]" to allow whitespaces, e.g. "-foo=has a whitespace[cf724afc]-baz=qux" */}}
@@ -318,6 +318,7 @@ spec:
           - "-open-policy-agent-config-template=/etc/skipper/open-policy-agent/opaconfig.yaml"
           - "-open-policy-agent-envoy-metadata=/etc/skipper/open-policy-agent/envoymetadata.json"
           - "-enable-open-policy-agent-data-preprocessing-optimization={{ .Cluster.ConfigItems.skipper_open_policy_agent_data_preprocessing_optimization_enabled }}"
+          - "-enable-open-policy-agent-preloading={{ .Cluster.ConfigItems.skipper_open_policy_agent_preloading_enabled }}"
 {{ end }}
 {{ if or (eq .Cluster.ConfigItems.nlb_switch "pre") (eq .Cluster.ConfigItems.nlb_switch "exec") }}
           - "-forwarded-headers=X-Forwarded-For,X-Forwarded-Proto=https,X-Forwarded-Port=443"
