Policy Based Auth with Open Policy Agent with Envoy Proxy

Gloo, a modern API gateway built on Envoy Proxy integrates with open policy agent

This blog series “5 Minutes with Gloo” will dig into a single feature, what it is used for and how to use it. In this post, we’ll cover our recently released integration of Gloo with a popular new cloud native policy engine, Open Policy Agent (OPA). This is in addition to the various Auth methods already supported in Gloo.

Open Policy Agent, Microservices and API Gateways

OPA streamlines policy definition, implementation and management for use cases like HTTP API Authorization, Remote Access, Data Filtering with Partial Evaluation, and Kubernetes Admission Control.

Gloo Adds Open Policy Agent Support for Auth

Let’s start by defining a few core concepts in Gloo:

  • Virtual Services define a set of routing rules by specifying the APIs you want to expose on the gateway and which upstreams to route to.
  • Upstreams tell Gloo what to route to and define the destinations for routes
  • Gateways tell Gloo on what protocols and ports to listen for traffic

As part of the architecture, Gloo stores its configuration as Custom Resource Definitions (CRDs) in Kubernetes. These configurations can be who is allowed to access which Upstream services.

The Gloo integration with OPA provides more options for end users on which Auth approach they would like to use for their cluster and services. Every organization is different and you may have existing Auth systems in place or looking to implement a new Auth methodology with your new microservices applications. OPA is gaining popularity in cloud native designs and we wanted to provide that option for Gloo users.

Authentication is a feature available in Gloo Enterprise and with the addition of the Auth plugin, we can meet a wide range of Auth use cases in the Gloo API Gateway to secure the access to your microservices. If you need help or run into issues, hop into our community slack and join the #Gloo channel.

Get Started with Gloo and Open Policy Agent


Blogs and articles from solo.io


Blogs and articles from solo.io

Solo.io Engineering

Written by


Blogs and articles from solo.io