Skip to main content

Overview

The Styra DAS Kuma system type helps you manage the ingress and egress network traffic permitted within your OPA-integrated Kuma Service Mesh. For example, permit egress traffic only to a predefined collection of endpoints to minimize the risk of data exfiltration or implement microservice API authorization.

Figure 1 - Kuma Architecture for Ingress trafficFigure 1 - Kuma Architecture for Ingress traffic

Figure 2 - Kuma Architecture for Egress trafficFigure 2 - Kuma Architecture for Egress traffic

For more information on how Envoy’s external authorization filter in Kuma can be used with OPA as an authorization service to enforce security policies over API requests received by Kuma, see the Kuma tutorial