Integrating with Envoy

Enterprise OPA can be used with Envoy as an External Authorization filter, and supports configuration in the same manner as the open source OPA-Envoy plugin.

Configuration

Enterprise OPA supports all of the same configuration options from OPA-Envoy. An example configuration snippet enabling the plugin and several of its features is shown below:

plugins:
  envoy_ext_authz_grpc:
    addr: :9191 # default `:9191`
    path: envoy/authz/allow # default: `envoy/authz/allow`
    dry-run: false # default: false
    enable-reflection: false # default: false
    grpc-max-recv-msg-size: 40194304 # default: 1024 * 1024 * 4
    grpc-max-send-msg-size: 2147483647 # default: max Int
    skip-request-body-parse: false # default: false
    enable-performance-metrics: false # default: false. Adds `grpc_request_duration_seconds` prometheus histogram metric

note

See the OPA-Envoy docs for additional information.

Integrating with Envoy

Configuration​

Configuration