Opa blog post

[antonioberben]

Description

This PR adds a blog post about how to use OPA with Istio and the benefits of both.

Adding co-author to the loop: @charlieegan3

Reviewers

• Ambient
• Docs
• Installation
• Networking
• Performance and Scalability
• Extensions and Telemetry
• Security
• Test and Release
• User Experience
• Developer Infrastructure
• Localization/Translation

[istio-testing]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[istio-policy-bot]

😊 Welcome! This is either your first contribution to the Istio documentation repo, or
it's been a while since you've been here. A few things you should know:

• You can learn about how we write and maintain documentation, our style guidelines,
  and the available web site features by visiting Contributing to the Docs.

• In the next few minutes, an automatic preview of your change will be built with
  a full copy of the istio.io website. You can find this preview by clicking on
  the Details link next to the deploy/netlify entry in the status section of this
  page.

• We care about quality, so we've put in place a number of checks to ensure our documentation
  is top-notch. We do spell checking, sanitize the Markdown, ensure all hyperlinks point to a
  valid location, and more. If your PR doesn't pass one of these checks, you'll see a red X in the
  lint_istio.io entry in the status section. Click on the Details link to get a list of the
  problems with your PR. Fix those problems and push an update; this will automatically re-run the
  tests. Hopefully this time everything will be perfect!

• Once your changes are accepted and merged into the repository, they will initially show up
  on https://preliminary.istio.io. The changes will be published to https://istio.io
  the next time we do a major release (which typically happens every 3 months or so).
  To publish them sooner, add a cherrypick/release-x.xx label, where x.xx is the current
  release of Istio.

Thanks for contributing!

Courtesy of your friendly welcome wagon.

[antonioberben]

/retest

[craigbox]

Thanks for the submission, @antonioberben!

Some thoughts before diving into a full edit:

• For content that is timeless and more "how to do something", you probably want to write it as a documentation guide rather than a blog post. This would make a good integration guide with a blog post to announce the publication of it.
• I think you need to better level-set as to what a "platform" is: we talk about platform teams and platforms as if we all agree on what they are, which I suspect we do not
• I feel the "how it works" section needs to come before "try it out", so we know what we're trying
• you say a cluster with Istio installed is a pre-requisite, and then you tell people how to install Istio with iop.yaml which isn't obviously provided
• Likewise, opa.yaml needs to be provided. For a blog post or guide, we'd normally expect these files to be inline with an explanation of what they contain

Let me know how you'd like to proceed and I can either help get this into shape for a doc page or a revised blog post.

[linsun]

Hi @antonioberben Nice blog - does this instruction work with ambient as well?

[antonioberben]

Hi @linsun , it does not work in ambient. I could not make it work with it

[craigbox]

Tests are passing. Now awaiting @antonioberben to test the revised post top to bottom and take in @dhawton's fixes.

[antonioberben]

@craigbox , @dhawton , all claims are solved.
The full post is self-contained from top to bottom.

I have changed the publish date to Oct, 14th

If you can double-check and approve after all tests pass, it would be awesome.

Thanks for your support

[craigbox]

Have you actually verified my changes? I offer no guarantee they work at all.

[antonioberben]

Yes, it is tested from top to bottom. If @dhawton can run it quickly, then we can finish it today

[charlieegan3]

I've reviewed the instructions and the rendered post this morning, lgtm 👍

[antonioberben]

@craigbox , @dhawton , do you need anything else to approve this? @charlieegan3 has already tested it too. Thanks

[craigbox]

that'll do me

[craigbox]

(p.s. every time I see this PR I think "OPA Gangnam style")

[istio-testing]

In response to a cherrypick label: #15134 failed to apply on top of branch "release-1.23":

Applying: add blog post
Applying: Add intro, adjust policy
Applying: Remove other titles and descriptions
Applying: Pass lint
Applying: sort alphabetically
Using index info to reconstruct a base tree...
M	.spelling
Falling back to patching base and 3-way merge...
Auto-merging .spelling
CONFLICT (content): Merge conflict in .spelling
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0005 sort alphabetically
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

[istio-testing]

In response to a cherrypick label: new issue created for failed cherrypick: #15798

[craigbox]

Will go live when #15799 is approved