Skip to main content


Kuma is a platform agnostic open-source control plane for service mesh and microservices management, with support for Kubernetes, VM, and bare metal environments. Kuma is Envoy-based: Powered by Envoy sidecar proxies, without exposing the complexity of Envoy itself.

This tutorial shows how Envoy’s external authorization filter in Kuma can be used with OPA as an authorization service to enforce security policies over API requests received by Kuma. It also covers examples of authoring policies over the HTTP request body. It is based on the HTTP API Authorization OPA tutorial with added policies to control the ingress or egress behavior of the application and client.