Our team is contemplating on whether to deploy OPA as a plugin or standalone.
Link to plugin: https://github.com/open-policy-agent/opa-envoy-plugin
Clearly, the plugin has many benefits over the standalone deployment, such as:
- Performance
- scales with service as the plugin is deployed as a sidecar
- avoid network hop
- Security
- OPA can only be accessed by envoy via localhost interface
Here are our concerns:
- Istio Compatibility
- does it support the latest Istio?
- Documentation
- there aren't that many blogs or documentation other than the github readme. If we run into production issues we won't be able to resolve.
- Development and Support
- is this plugin being actively developed and improved?
Any insights into these concerns would be highly appreciated.
As far as I checked here
So based on that I would say they should support the latest istio version.
As mentioned on github
so if you run into issues then you can always raise new issue on their github or ask here on stackoverflow, maybe someone will be able to help you with that.
There are new commits and the repository looks active so it looks like it's actively developed, there are also new releases released last month.