Install the Envoy Example Application
kubectl is configured to point to the cluster and namespace to use for the Envoy example application.
The Quick Start provides the link to install example application. It consists of the following components which should now be running in your minikube. All resources are suffixed by the
SYSTEM ID to mark them as unique.
example-app: A simple HTTP web server that allows employees of a hypothetical organization to obtain salary details at the path
/finance/salary. It also exposes a path
/hr/dashboardthat is only accessible by employees who are part of HR. Functionally, it is a simple echo server that returns a HTTP 200 response with a plain/text body which contains a success or error message.
client-load: A simple shell script that generates some pre-configured HTTP GET requests to test the behavior of the deployed policy. It helps generate data to visualize the impact of the configured egress and ingress policies by simulating traffic to the example-app.
slp: Styra Local Plane (SLP) is a service that acts as an intermediary between the OPAs and Styra DAS. OPAs are configured to retrieve bundles from SLP rather than directly from DAS. This increases availability as SLP fetches bundles from Styra DAS and persists them to disk, so policies are still available to new or restarted OPAs even if Styra DAS is unavailable.
Each application has an
initContainer openpolicyagent/proxy_init:v4that sets up redirections for the inbound and outbound packets. Additionally, two sidecar containers for Envoy and OPA are also present in each application.
When you run the Envoy example application, the OPA sidecars will pull down the policy from the Styra DAS tenant and start enforcing it. This process takes few minutes to complete.