Policy Based Auth with Open Policy Agent with Envoy Proxy

Image for post
Image for post
Gloo, a modern API gateway built on Envoy Proxy integrates with open policy agent

This blog series “5 Minutes with Gloo” will dig into a single feature, what it is used for and how to use it. In this post, we’ll cover our recently released integration of Gloo with a popular new cloud native policy engine, Open Policy Agent (OPA). This is in addition to the various Auth methods already supported in Gloo.

Open Policy Agent, Microservices and API Gateways

OPA streamlines policy definition, implementation and management for use cases like HTTP API Authorization, Remote Access, Data Filtering with Partial Evaluation, and Kubernetes Admission Control.

Gloo Adds Open Policy Agent Support for Auth

Let’s start by defining a few core concepts in Gloo:

  • Virtual Services define a set of routing rules by specifying the APIs you want to expose on the gateway and which upstreams to route to.
  • Upstreams tell Gloo what to route to and define the destinations for routes
  • Gateways tell Gloo on what protocols and ports to listen for traffic
Image for post
Image for post

As part of the architecture, Gloo stores its configuration as Custom Resource Definitions (CRDs) in Kubernetes. These configurations can be who is allowed to access which Upstream services.

Image for post
Image for post

The Gloo integration with OPA provides more options for end users on which Auth approach they would like to use for their cluster and services. Every organization is different and you may have existing Auth systems in place or looking to implement a new Auth methodology with your new microservices applications. OPA is gaining popularity in cloud native designs and we wanted to provide that option for Gloo users.

Image for post
Image for post

Authentication is a feature available in Gloo Enterprise and with the addition of the Auth plugin, we can meet a wide range of Auth use cases in the Gloo API Gateway to secure the access to your microservices. If you need help or run into issues, hop into our community slack and join the #Gloo channel.

Get Started with Gloo and Open Policy Agent

solo.io

Blogs and articles from solo.io

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store