Skip to main content

OPA and Istio Installation and Example Application

This section describes installing OPA and Istio installation and how to configure an example application.

OPA and Istio Installation

The OPA and Istio installation options are:

  • OPA and Istio with SLP
  • OPA and Istio without SLP

The Styra Local Plane provides detailed information on SLP.

Prerequisites:

Before installing one of the OPA and Istio options, confirm:

  • A Kubernetes cluster is installed and configured on on the cluster where the Istio control plane is deployed.
  • The Istio System is created.

After you select the OPA and Istio installation option, follow the instructions in the Terminal window for the selected option.

Istio Example Application

The Istio system Quick Start provides the link to install example application. It consists of the following components running in your minikube. All resources are suffixed by the SYSTEM ID to mark them as unique.

  • example-app: A simple HTTP web server that allows employees of a hypothetical organization to obtain salary details at the path /finance/salary. It also exposes a path /hr/dashboard that is only accessible by employees who are part of HR. Functionally, it is a simple echo server that returns a HTTP 200 response with a plain/text body which contains a success or error message.

  • client-load: A simple shell script that generates some pre-configured HTTP GET requests to test the behavior of the deployed policy. It helps generate data to visualize the impact of the configured egress and ingress policies by simulating traffic to the example-app.

  • (optional) SLP: The Styra Local Plane (SLP) is a service that acts as an intermediary between the OPAs and Styra DAS. OPAs are configured to retrieve bundles from SLP rather than directly from Styra DAS. This increases availability as SLP fetches bundles from Styra DAS and persists them to disk, so policies are still available to new or restarted OPAs even if Styra DAS is unavailable.

  • Each application has a Istio proxy and OPA as sidecar container.

When you run the Istio example application, the OPA sidecars will pull down the policy from the Styra DAS tenant and start enforcing it. This process takes few minutes to complete.

Figure 1 - Istio Example ApplicationFigure 1 - Istio Example Application