Skip to main content

Overview

The DAS Kong Mesh system type helps you manage the ingress and egress network traffic permitted within your OPA-integrated Kong Mesh. For example, permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration, and implement microservice API authorization.

kongmesh-opa-das-ingress

Figure 1: Kong Mesh Architecture for Ingress traffic

kongmesh-opa-das-egress

Figure 2: Kong Mesh Architecture for Egress traffic

For more information on how OPA embedded in Kong Mesh data plane can be used as an authorization service to enforce security policies over API requests received by Kong Mesh, see the Kong Mesh tutorial.