Skip to content

Enable / Disable

The following services can be configured (some by default in M14) to use Policy Service:

Disabling Updates

To disable changes to policy remove all users from service.policy.admin group.

Disabling

To disable Policy Service completely you need to disable policy being called by the consumers of policy service. Only after you have kept the consumers from calling policy service, can Policy Service and OPA be turned off. You could also potentially update the deployment, helm chart or terraform depending how your environment is setup.

For search you can update the configmap for search. Some CSPs (like AWS) manage this setting from the deployment rather than configmap.

Review Configmap

You can review the current setting 

kubectl get configmap search-config -n osdu-services -o yaml

Please note your configmap name and namespace may be different in your environment.

Edit Configmap

kubectl edit configmap <cfg-name> -n osdu-services

To disable search calling policy service, change the value of SERVICE_POLICY_ENABLED or POLICY_SERVICE_ENABLED (which ever is present) to "false".

Replace Configmap

Alternatively you can download the configmap, edit it and then replace it rather than using kubectl edit.

kubectl get configmap search-config -n osdu-services -o yaml > searchconfig.yaml

kubectl replace configmap search-config -f search-config.yaml

Storage Configmap

To review the current setting:

kubectl get configmap search-config -n osdu-services -o yaml

Please note your configmap name and namespace may be different in your environment. Edit or replace configmap as in previous example.

Some CSPs (like AWS) manage this setting from the deployment rather than configmap.

kubectl get deployment os-storage -n osdu-services -o yaml

In that case you'll want to edit the deployment:

kubectl edit deployment os-storage -n osdu-services