Skip to main content

Integrating with Envoy

Enterprise OPA can be used with Envoy as an External Authorization filter, and supports configuration in the same manner as the open source OPA-Envoy plugin.

Configuration

Enterprise OPA supports all of the same configuration options from OPA-Envoy. An example configuration snippet enabling the plugin and several of its features is shown below:

plugins:
  envoy_ext_authz_grpc:
    addr: :9191 # default `:9191`
    path: envoy/authz/allow # default: `envoy/authz/allow`
    dry-run: false # default: false
    enable-reflection: false # default: false
    grpc-max-recv-msg-size: 40194304 # default: 1024 * 1024 * 4
    grpc-max-send-msg-size: 2147483647 # default: max Int
    skip-request-body-parse: false # default: false
    enable-performance-metrics: false # default: false. Adds `grpc_request_duration_seconds` prometheus histogram metric
note

See the OPA-Envoy docs for additional information.