Morning all - if the rules change is there a way o...
# talk-oathkeeperc
curved-oxygen-35290
02/19/2023, 8:54 AMMorning all - if the rules change is there a way of making oathkeeper reload the rules or, worst-case scenario restart the server process to reload ?
curved-oxygen-35290
02/19/2023, 10:31 AMfrom some searches on the web, there is an implication that if the rules file changes, then oathkeeper will reload
However, when I do change the rules, the rules returned by the admin /rules endpoint only have the initial ruleset, so looks like it isn't
Trying to find out if there's a config option
I am somewhat surprised that there isn't a POST/PUT/DELETE option to the admin api for new / updated rules
r
red-machine-69654
02/19/2023, 2:10 PMI haven't actually tried it in prod, but when I use one of the oathkeeper examples from their repo on localhost, then reload works. in prod we build a new container each time we update a rule. as in, we are not using external rule repositories (like s3) or crazy stuff like file mounts.
red-machine-69654
02/19/2023, 2:12 PMred-machine-69654
02/19/2023, 2:13 PMI am referring to these examples
red-machine-69654
02/19/2023, 2:13 PM(and I am on a mac, not sure if it matters)
red-machine-69654
02/19/2023, 9:48 PMI would start with the examples repo
red-machine-69654
02/19/2023, 9:48 PMand then deploy a whoami service and see what you match: https://hub.docker.com/r/traefik/whoami
red-machine-69654
02/19/2023, 9:48 PMthat's what I use to test rules
red-machine-69654
02/19/2023, 9:49 PMit's a service that dumps request headers, URL, paths, etc, back to you
c
curved-oxygen-35290
02/20/2023, 2:36 PMupdate: it turns out that I was mounting the rules.json 1:1 into the docker container running oathkeeper.
If I map the entire config folder instead then if I change the file, the system reloads it
it's a known, documented issue with docker
Thought I'd mention the solution in case some other poor soul hits the same problem
4 Views