The DAS Kong Mesh system type helps you manage the ingress and egress network traffic permitted within your OPA-integrated Kong Mesh. For example, permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration, and implement microservice API authorization.
Figure 1: Kong Mesh Architecture for Ingress traffic
Figure 2: Kong Mesh Architecture for Egress traffic
For more information on how OPA embedded in Kong Mesh data plane can be used as an authorization service to enforce security policies over API requests received by Kong Mesh, see the Kong Mesh tutorial.