Istio System
The Istio System manages the ingress and egress network traffic permitted within your OPA-integrated Istio service mesh. For example, you can specify egress traffic is only allowed to a predefined collection of endpoints to minimize the risk of data exfiltration or to implement microservice API authorization.
![Figure 1 - Istio Architecture for Ingress traffic Figure 1 - Istio Architecture for Ingress traffic](/img/istio-opa-das-ingress.png)
![Figure 2 - Istio Architecture for Egress traffic Figure 2 - Istio Architecture for Egress traffic](/img/istio-opa-das-egress.png)