Skip to main content

Overview

The Styra DAS Istio system type helps you manage the ingress and egress network traffic permitted within your OPA-integrated Istio service mesh. For example, permit egress traffic only to a predefined collection of endpoints to minimize the risk of data exfiltration or implement microservice API authorization.

Figure 1 - Istio Architecture for Ingress trafficFigure 1 - Istio Architecture for Ingress traffic

Figure 2 - Istio Architecture for Egress trafficFigure 2 - Istio Architecture for Egress traffic

For more information on how OPA embedded in the Istio data plane can be used as an authorization service to enforce security policies over API requests received by Istio, see the Istio tutorial.