Istio is an open-source Service Mesh that can be used to manage a distributed microservice architecture. It leverages Envoy proxy as a sidecar injected into every pod to regulate the network traffic on all pod instances in the mesh. OPA can act as a policy enforcement engine on the traffic passing through the Envoy sidecars.
This tutorial shows how OPA embedded in Istio data plane can be used as an authorization service to enforce security policies over API requests received by Istio. It also covers examples of authoring policies over the HTTP request body. It is based on the HTTP API Authorization OPA tutorial with added policies to control the ingress or egress behavior of the application and client.