opa-envoy-plugin VS emissary

Open Policy Agent is a well-known general-purpose policy engine and has emerged as a policy enforcer across the stacks be it API gateways, service meshes, Kubernetes, microservice, CICD, or IAC. OPA decouples decision making from policy enforcement such that whenever your software needs to make a decision regarding the incoming requests, it queries OPA. OPA-Envoy extends OPA with a gRPC server that implements the Envoy External Authorization API, thus making itself compatible to be as an external authz server to Emissary.

I'm observing the quick_start.yaml provided by OPA and trying to comprehend what's happening in the inject.rego resource (proper name?) under the ConfigMap. Can anyone break it down for me a bit? I think I have an inkling of what's happening but not sure.

We will install Ambassador Gateway which is an open-source Kubernetes-native API gateway for microservices. We will use it as a reverse proxy to manage external access to services within our Kubernetes cluster.

Command and Query services APIs can be managed via lightweight, independently deployable, and scalable API gateways that can run anywhere that allow developers to manage API endpoints. They can handle extremely large volumes, as they run on highly scalable platforms, for example, Apache APISIX, Kong, Tyk, and Ambassador to name a few.

Ambassador

Did you know that it takes 23 minutes to get into a flow state? For some people it takes even longer. That means that for every question, disruption, email, and interruption that you or your coworkers are subjected to, it could be half an hour of productivity down the drain. We talked to Katie Wilde, VP of Engineering at Ambassador Labs, about how she manages workflow

Let's dive deep and start understanding more bit about Emissary Ingress.

Emissary is pretty much the gold standard for people with complicated setups: https://github.com/emissary-ingress/emissary

Katie Wilde, VP of Engineering at Ambassador Labs, knows your pain and she’s on a crusade to help devs everywhere reclaim their focus.

Ambassador API Gateway is an Envoy-based ingress controller.

I am starting to doubt their marketing materials about broad adoption, because we cannot get it to work even with basic setup. Apart from terrible DX (e.g. you can provide whatever arbitrary configs, there is no validation), we keep hitting bug after bug after bug. They are not small bugs either, e.g. broken redirects. Any time I try asking questions in their Slack, their sales rep will message asking to "connect via zoom meeting to cover the pricing".

Peter: Yeah. So that was my first time having a DevRel title. I was a developer Advocate for Ambassador Labs, another startup. And so I think they were Series B at the time. They were centered around the developer experience. So I had a lot of fun diving into the DevRel industry with them. And so my manager that I was working for has a long history of DevRel. And so I got to learn a lot of tips and tricks from him.