Published in

Policy Based Auth with Open Policy Agent with Envoy Proxy

Gloo, a modern API gateway built on Envoy Proxy integrates with open policy agent

This blog series “5 Minutes with Gloo” will dig into a single feature, what it is used for and how to use it. In this post, we’ll cover our recently released integration of. This is in addition to the

Open Policy Agent, Microservices and API Gateways

Open Policy Agent (OPA) is a general-purpose policy engine that co-exists with your application service to offload all policy decisions from your services. OPA abstracts policies from your services into a sidecar, host-level daemon or library card making it more flexible to the user by removing language dependencies or hard-coding the policy logic to the service.

OPA streamlines policy definition, implementation and management for use cases like , , and .

Gloo Adds Open Policy Agent Support for Auth

Gloo is a next generation API Gateway and Kubernetes native Ingress Controller with a powerful routing engine that can handle a range of use cases from simple API-to-API routing to complex HTTP to gRPC with transformations for your application services.

Let’s start by defining a few core concepts in Gloo:

  • Virtual Services define a set of routing rules by specifying the APIs you want to expose on the gateway and which upstreams to route to.
  • Upstreams tell Gloo what to route to and define the destinations for routes
  • Gateways tell Gloo on what protocols and ports to listen for traffic

As part of the architecture, Gloo stores its configuration as Custom Resource Definitions (CRDs) in Kubernetes. These configurations can be who is allowed to access which Upstream services.

The Gloo integration with OPA provides more options for end users on which Auth approach they would like to use for their cluster and services. Every organization is different and you may have existing Auth systems in place or looking to implement a new Auth methodology with your new microservices applications. OPA is gaining popularity in cloud native designs and we wanted to provide that option for Gloo users.

Authentication is a feature available in Gloo Enterprise and with the addition of the Auth plugin, we can meet a wide range of Auth use cases in the Gloo API Gateway to secure the access to your microservices. If you need help or run into issues, hop into our and join the #Gloo channel.

Get Started with Gloo and Open Policy Agent




Blogs and articles from

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store