Emissary-ingress is a Kubernetes-native API Gateway built on the Envoy Proxy.
Emissary-ingress evaluates incoming client API requests and routes them to the appropriate backend APIs through Mappings and Listeners. While routing requests and providing responses, OPA can be configured as a external authorization service.
This tutorial shows how OPA can be integrated with Emissary-ingress for API authorization and enforce security policies over client API requests received by Emissary-ingress.
OPA is added as an external authorization service through
AuthService Custom Resource Definitions (CRD).