Skip to main content

Overview

Styra DAS provides several different mechanisms for organizing your policies, one of which is the System.

A system in the Styra DAS allows a team to manage the OPAs that have been integrated into a real-world software system: what policies should be used, what decisions have been made, are the OPAs healthy, and so on. The real-world system is any piece of software that has been integrated with OPA. For example, a Kubernetes cluster, a service-mesh, or a custom application. It could be one OPA integrated with that real-world system or 1000 systems; a DAS system provides the single pane of glass to manage all of those OPAs.

Key Features

Every DAS system supports the following features:

  • Policy Authoring: A policy authoring experience that helps you write policies in the style that best fits a system.
  • Git Storage: The ability to store policies in a Git repository.
  • Impact Analysis: Analysis to help you understand the impact a proposed change will have on the real-world software system.
  • Decision Logs: A log of all the decisions made by the OPAs for the system.
  • Decision Time Series: An aggregated graph of decisions made over time.
  • Preview: The ability to run a concrete past or hypothetical decision to understand what decision a new policy might make.
  • Install and Integrate OPA: Instructions on how to install and integrate OPA. Depending on the system, this might be more or less automatable.
  • OPA Status: A readout of the status of all the OPAs corresponding to the system and warnings for when they are not healthy. For example, status of OPAs that are not updated recently.
  • CI/CD: The ability to run the policies configured for the system in a CI/CD pipeline, so that policy checks can occur as early as possible in the development lifecycle. For example, enterprises employing a GitOps model.
  • Owners: The list of users that have the ability to modify the system.

Some real-world systems have become especially popular integration points for OPA, like Kubernetes and Envoy. In this case, Styra DAS can provide additional features for those integration points and every DAS system has a type. For example, Kubernetes has a pre-built list of individual rules that you can parameterize and assemble to create your policy. The Envoy system does not have pre-built rules because it is not possible for Styra to know in advance about the list of APIs that exist.

Create a System

Systems appear in the <das-id>.styra.com web application below the Workspace section of the navigation panel. To create a system, click the ( ⨁ ) plus icon next to SYSTEMS on the left side of the navigation panel and fill in the following fields:

  • System type (required): Select your system type. For example, Kubernetes.

  • System name (required): A user-friendly name so that you can distinguish between the different systems.

  • Description (optional): More details about this system.

  • Leave the Read-only switch OFF to allow users to modify policies in DAS.

  • Leave the Launch Quick Start switch ON. After this system is added, the Quick Start sidebar will guide you through configuring the system.