Styra Declarative Authorization Service Expands Service Mesh Use Case

3 min read

We are thrilled to announce native support of Kong Mesh, Istio and Kuma within Styra Declarative Authorization Service (DAS), enabling users to combine stellar service mesh solutions with the only authorization management platform that supports trusted cloud architecture. Styra DAS allows teams to manage policies across a broad spectrum of systems, like Kubernetes, microservices, public cloud, and more. In addition, organizations can decouple policy from the code base or software and unify enforcement of policy across the stack. Adding to these three new system types, Styra has also made enhancements to its support of Envoy systems.

With these additions, organizations can secure modern cloud-native applications with dynamic, policy-enabled traffic control. With Styra DAS and your chosen service mesh, you can do the following tasks:

  • Automate policy-as-code based control for services 
  • Govern, monitor, and audit traffic flow and decisions for real-time verification
  • Increase application reliability with policy-based traffic management

Let’s dive into the following service meshes and how each of them are supported in Styra DAS.

Kong Mesh: Enterprise-grade service mesh for multi-cloud and multi-cluster on both Kubernetes and VMs

Kong Mesh is the only enterprise-grade service mesh in our release and runs on both Kubernetes and VMs on any cloud. This service mesh is built on top of CNCF’s Kuma and Envoy with enterprise features and support. Earlier this year, Kong Mesh built Open Policy Agent (OPA) into its version of the Envoy proxy, so users don’t have to deploy multiple agents within the IT infrastructure to use OPA. Styra DAS then acts as a central management point for IT security policy distribution using these OPA or Envoy bundles for unified policy authoring. In addition to the native OPA support in Kong Mesh, they also have native support within Kong Gateway.

Styra DAS native support of Kong Mesh helps organizations manage the ingress and egress network traffic permitted within OPA integrated Kong Mesh. For example, it allows users to permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration, and implement microservice API authorization.

Check out the Styra and Kong Mesh tutorial here.

Kuma: Universal Envoy service mesh for distributed service connectivity

Kuma is a platform agnostic open-source control plane for service mesh and microservices management, with support for Kubernetes, VMs, or even bare metal environments. Much like most service meshes, Kuma is Envoy-based and is powered by Envoy sidecar proxies.

Styra DAS native support of Kuma enables organizations manage the ingress and egress network traffic permitted within OPAs integrated Kuma service mesh. For example, permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration, and implement microservice API authorization.

Check out the Styra and Kuma tutorial here.

Istio: Simplify observability, traffic management, security and policy

Istio is an open-source service mesh that can be used to manage a distributed microservice architecture. It leverages Envoy proxies as sidecars injected into every pod to regulate the network traffic on all pod instances. Then, OPA can act as a policy enforcement engine on the traffic passing through an Envoy sidecar.

Styra DAS native support of Istio enables organizations to manage the ingress and egress network traffic permitted within OPA integrated with Istio. For example, permit egress traffic only to a predefined collection of endpoints, to minimize the risk of data exfiltration and implement microservice API authorization.

Check out the Styra and Istio tutorial here.

Envoy: Edge and service proxy, designed for cloud-native applications

Envoy is a high performance distributed proxy designed for single services and applications, as well as a universal data plane for large microservice architectures, running parallel to every application. When all service traffic in an infrastructure flows through Envoy mesh, it becomes easy to visualize problem areas using consistent observability, tune overall performance, and add substrate features in a single place.

Styra DAS native support of Envoy enables organizations to manage the ingress and egress network traffic permitted within your Envoy-based service mesh.

Check out the Styra and Envoy tutorial here.

Having service mesh and Styra DAS together gives organizations an amazing way to decouple policy from code with a single pane of glass for all microservice authorization. Give it a try today with Styra DAS Free!

Cloud native
Authorization

Entitlement Explosion Repair

Join Styra and PACLabs on April 11 for a webinar exploring how organizations are using Policy as Code for smarter Access Control.

Speak with an Engineer

Request time with our team to talk about how you can modernize your access management.