API gateways play a vital role while exposing microservices. They are an additional hop in the network that the incoming request must go through in order to communicate with the services. An API gateway does routing, composition, protocol translation, and user policy enforcement after it receives a request from the client and then reverse proxies it to the appropriate underlying API. As the API gateways are capable of doing the above-mentioned tasks, they can be also configured to send the incoming client requests to an external third-party authorization (authz) server. The fate of the incoming request then depends upon the response from this external auth server to the gateway. This is exactly where Open Policy Agent (OPA) comes into the picture.
There are many open-source Kubernetes native API gateways out there like Contour, Kong Gateway, Traefik, Gloo, etc. In this article, we will be exploring the Emissary Ingress.