Cache

OPA Caching

Caching of OPA responses was added in M16 to handle cases where OPA was undersized in terms of memory requests and number of replicas (pods). Caching should not be needed if OPA is sized large enough for your load.

When search makes calls to Policy Service Translate API, Policy Service can make 1-2 calls to OPA per search request. There are also other APIs in policy that make calls to OPA and there are services that talk to OPA directly like search.

See sizing for more details on OPA Sizing recommendations.

How to disable

To disable caching set environment variable DISABLE_OPA_CACHE to True. Caching will also be disabled if the OPA_CACHE_MAXSIZE is 0

Adjusting Cache Settings

Caching of OPA responses can be controlled by the following environments variables. Shown with defaults:

OPA_CACHE_MAXSIZE=128
OPA_CACHE_TTL=120
OPA_LIST_CACHE_MAXSIZE=1
OPA_LIST_CACHE_TTL=60
OPA_FETCH_CACHE_MAXSIZE (by default inherits value of OPA_CACHE_MAXSIZE)
OPA_FETCH_CACHE_TTL=60
OPA_COMPILE_CACHE_TTL (by default inherits value of OPA_CACHE_TTL)
OPA_DATAAPI_CACHE_MAXSIZE (by default inherits value of OPA_CACHE_MAXSIZE)
OPA_DATAAPI_CACHE_TTL (by default inherits value of OPA_CACHE_TTL)

Info

Prior to M20, to tweak cache settings required container image build with different settings in conf.py Details on how your policy service is configured, including cache settings, can be retrieved via the /config API

Policy List

Cache list of policies available, only cache latest result

OPA_LIST_CACHE_MAXSIZE=1
OPA_LIST_CACHE_TTL=60

Policies Cache

Cache policies themselves from OPA

OPA_FETCH_CACHE_MAXSIZE=OPA_CACHE_MAXSIZE
OPA_FETCH_CACHE_TTL=60

Compile and Data API Cache

Cache compile and dataapi results from OPA (used by translate/search)

OPA_COMPILE_CACHE_MAXSIZE=OPA_CACHE_MAXSIZE
OPA_COMPILE_CACHE_TTL=OPA_CACHE_TTL
OPA_DATAAPI_CACHE_MAXSIZE=OPA_CACHE_MAXSIZE
OPA_DATAAPI_CACHE_TTL=OPA_CACHE_TTL