open-policy-agentknative

integrate Open policy Agent with Knative/Kourier


"Open Policy agent" & "Knative" each provide a tutorial for integration with "Istio". There's a lighter alternative to "Istio" : "Kourier" that requiring fewer resources.

Is there's a way to integrate "Open Policy agent" with "Kourier" ?

"Istio" & "Kourier" use envoy (proxy).

I am a newbie on "Kubernet" any help is welcome ^_^

WCDR


Solution

  • I'm not sure what you're going to use OPA for here; if you're trying to constrain the types of resources which can be created, OPA + gatekeeper should work fine, though kourier only implements an internal-to-Knative interface, so you might not get as much mileage out of the integration.

    If you're trying to use OPA to govern or restrict actual HTTP requests to the workload, kourier doesn't have that capability out of the box (on purpose). You could fork it and add the functionality, but at that point it might be easier just to run Istio in non-mesh mode.