We are thrilled to announce native support of Kong Mesh, Istio and Kuma withinStyra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, likeKubernetes, microservices, public cloud, and more. In addition, organizations can decouple policy from the code base or software and unify enforcement of policy across the stack. Adding to these three new system types, Styra has also made enhancements to its support of Envoy systems.
With these additions, organizations can secure modern cloud-native applications with dynamic, policy-enabled traffic control. WithStyra DASand your chosen service mesh, you can do the following tasks:
Automate policy-as-code based control for services
Govern, monitor, and audit traffic flow and decisions for real-time verification
Increase application reliability with policy-based traffic management
Let’s dive into the following service meshes and how each of them are supported in Styra DAS.
Kong Mesh: Enterprise-grade service mesh for multi-cloud and multi-cluster on both Kubernetes and VMs
Kong Meshis the only enterprise-grade service mesh in our release and runs on both Kubernetes and VMs on any cloud. This service mesh is built on top of CNCF's Kuma and Envoy with enterprise features and support. Earlier this year,Kong Mesh built Open Policy Agent (OPA)into its version of the Envoy proxy, so users don't have to deploy multiple agents within the IT infrastructure to use OPA. Styra DAS then acts as a central management point for IT security policy distribution using these OPA or Envoy bundles for unified policy authoring. In addition to the native OPA support in Kong Mesh, they also have native support within Kong Gateway.
Styra DAS native support of Kong Mesh helps organizations manage the ingress and egress network traffic permitted within OPA integrated Kong Mesh. For example, it allows users to permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration, and implement microservice API authorization.
Kuma: Universal Envoy service mesh for distributed service connectivity
Kumais a platform agnostic open-source control plane for service mesh and microservices management, with support for Kubernetes, VMs, or even bare metal environments. Much like most service meshes, Kuma is Envoy-based and is powered by Envoy sidecar proxies.
Styra DAS native support of Kuma enables organizations manage the ingress and egress network traffic permitted within OPAs integrated Kuma service mesh. For example, permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration, and implement microservice API authorization.
Istio: Simplify observability, traffic management, security and policy
Istiois an open-source service mesh that can be used to manage a distributed microservice architecture. It leverages Envoy proxies as sidecars injected into every pod to regulate the network traffic on all pod instances. Then, OPA can act as a policy enforcement engine on the traffic passing through an Envoy sidecar.
Styra DAS native support of Istio enables organizations to manage the ingress and egress network traffic permitted within OPA integrated with Istio. For example, permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration and implement microservice API authorization.
Envoy: Edge and service proxy, designed for cloud-native applications
Envoy is a high performance distributed proxy designed for single services and applications, as well as a universal data plane for large microservice architectures, running parallel to every application. When all service traffic in an infrastructure flows through Envoy mesh, it becomes easy to visualize problem areas using consistent observability, tune overall performance, and add substrate features in a single place.
Styra DAS native support of Envoy enables organizations to manage the ingress and egress network traffic permitted within your Envoy-based service mesh.
Having service mesh and Styra DAS together gives organizations an amazing way to decouple policy from code with a single pane of glass for all microservice authorization. Give it a try today withStyra DAS Free!
April 9, 2019
Styra Support, Services and Training for Open Policy Agent