Installing the Istio Sample Application
To install Styra on Istio, copy and paste the installation commands from Systems > Settings > Install from your Istio System into your terminal. You can install Istio with or without SLP. If you install Istio with SLP, a new AuthService points to the OPA patches OPA sidecar container along with its configuration to connect to Styra DAS through Styra Local Plane (SLP).
The Styra Local Plane provides detailed information on SLP.
The Istio Quick Start provides the link to install the sample application. It consists of the following components that should now run in your minikube. All resources are suffixed by the SYSTEM ID
to mark them as unique.
-
example-app
: A simple HTTP web server that allows employees of a hypothetical organization to obtain salary details at the path/finance/salary
. It also exposes a path/hr/dashboard
that is only accessible by employees who are part of HR. Functionally, it is a simple echo server that returns a HTTP 200 response with a plain or text body which contains a success or error message. -
client-load
: A simple shell script that generates pre-configuredHTTP GET
requests to simulate the API request being made to the edge-stack and to test the behavior of the deployed policy. It generates data to visualize the impact of the configured ingress and egress policies. -
slp
(optional): The Styra Local Plane (SLP) is a service that acts as an intermediary between the OPAs and Styra DAS. OPAs are configured to retrieve bundles from SLP rather than directly from Styra DAS. This increases availability as SLP fetches bundles from Styra DAS and persists them to disk. Policies are still available to new or restarted OPAs even if Styra DAS is unavailable. -
Each application has a Istio proxy and OPA as sidecar container.
As an alternative to using the pre-configured manifest for the sample application you can setup a Kubernetes system and add the mutating rule Inject OPA sidecar to Istio pod
from the Kubernetes policy library to automatically configure your existing deployment manifest.
When you run the Istio example application, the OPA sidecars access the policy from the Styra DAS tenant and start enforcing it. This process takes few minutes to complete.