kuma
kuma copied to clipboard
kumahq
OPA integration example
Description
Hi everyone! I would like to understand how to integrate OPA with Kuma - I do know that there's a first class support in Kong Mesh but I would like to know how to achieve manually this integration: via ProxyTemplate? Or via https://github.com/open-policy-agent/opa-envoy-plugin ?
Thanks for any help!
Hey, I found this example on Kuma slack
apiVersion: kuma.io/v1alpha1
kind: ProxyTemplate
mesh: default
metadata:
name: opa-ext-authz-filter
namespace: kuma-opa-demo
spec:
selectors:
- match:
kuma.io/service: '*'
conf:
imports:
- default-proxy
modifications:
- httpFilter:
operation: addBefore
match:
name: envoy.filters.http.router
origin: inbound
value: |
name: envoy.filters.http.ext_authz
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz
transport_api_version: V3
with_request_body:
max_request_bytes: 8192
allow_partial_message: true
failure_mode_allow: false
grpc_service:
google_grpc:
target_uri: 127.0.0.1:9191 # <- OPA ext authz server
stat_prefix: ext_authz
timeout: 0.5s
Please also remember to configure a service with HTTP.
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.
