opa-envoy-plugin
kuma
opa-envoy-plugin | kuma | |
---|---|---|
3 | 5 | |
307 | 3,519 | |
1.0% | 1.3% | |
8.5 | 9.9 | |
6 days ago | 7 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
opa-envoy-plugin
- Authorization for synchronous communication between services
-
How do you Integrate Emissary Ingress with OPA
Open Policy Agent is a well-known general-purpose policy engine and has emerged as a policy enforcer across the stacks be it API gateways, service meshes, Kubernetes, microservice, CICD, or IAC. OPA decouples decision making from policy enforcement such that whenever your software needs to make a decision regarding the incoming requests, it queries OPA. OPA-Envoy extends OPA with a gRPC server that implements the Envoy External Authorization API, thus making itself compatible to be as an external authz server to Emissary.
-
OPA + Istio/Envoy: ConfigMap
I'm observing the quick_start.yaml provided by OPA and trying to comprehend what's happening in the inject.rego resource (proper name?) under the ConfigMap. Can anyone break it down for me a bit? I think I have an inkling of what's happening but not sure.
kuma
-
Any new Opensource projects in (go) looking for contributors. I want to start my journey as an OSS contributor.
https://github.com/kumahq/kuma is an CNCF OSS service mesh for Kubernetes and VMs. We're a control plane on top of Envoy proxy. Very actively developed project, some big adopters in the community, and we've just refreshed all of our Good First Issues.
-
Gotta love Kuma, thank you kind stranger making it !
And not just "Kuma" : https://github.com/kumahq/kuma
-
Powering Kubernetes in the Cloud with Kuma Service Mesh
Another important change to make is that when you create the cluster, change the Nodes in the "Default pool" to use the COS (not COS_CONTAINERD) image type. There are some underlying issues when using Kuma with GKE, as noted in this GitHub issue, and this is the currently recommended workaround. Otherwise, you will hit pod initializing issues that affect certificate provisioning.
-
How I Stopped Coding Repetitive Service Components with Kong
Taking things to a broader level, Kuma is another platform agnostic-OSS solution for service mesh and microservice management – with control plane support of Kubernetes, virtual machines (VM), and even bare-metal environments. Kuma was donated to the Cloud Native Computing Foundation (CNCF) by Kong and still actively contributes to the evolving code base.
-
Service Mesh - Introduction
Kuma Kuma, from Kong, prides itself on being a usable service mesh alternative. Kuma is a platform-agnostic control plane built on Envoy. Kuma provides networking features to secure, observe, route, and enhance connectivity between services. Kuma supports Kubernetes in addition to virtual machines.
What are some alternatives?
cerbos - Cerbos is the open core, language-agnostic, scalable authorization solution that makes user permissions and authorization simple to implement and manage by writing context-aware access control policies for your application resources.
kubernetes-ingress-controller - :gorilla: Kong for Kubernetes: The official Ingress Controller for Kubernetes.
gatekeeper - 🐊 Gatekeeper - Policy Controller for Kubernetes
kong-oidc-keycloak - Kong OIDC + Keycloak + httpbin
opal - Fork of https://github.com/permitio/opal
konga - More than just another GUI to Kong Admin API
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
kong-pongo - Tooling to run plugin tests with Kong and Kong Enterprise
Ory Hydra - OpenID Certified™ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
cubefs - cloud-native file store
gloo - The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
kube-vip - Kubernetes Control Plane Virtual IP and Load-Balancer