APIs are essential to modern applications, but managing access and security policies can be complex. Traditional access control mechanisms can fall short when flexible, scalable, and fine-grained control over who can access specific resources is needed. This is where OPA (Open Policy Agent) steps…
[](/blog/engineering/how-to-manage-your-api-policies-with-opa-open-policy-agent)
Kuma is configurable through policies. These enable users to configure their service mesh with retries, timeouts, observability, and more. Policies contain three main pieces of information: Which proxies are being configured What traffic for these proxies this configuration applies to (i.e:…
[](/blog/engineering/flexible-policy-match-in-kuma-2-0)
An API Gateway is becoming an essential part of modern application architecture. It acts as a reverse proxy that routes API requests to appropriate backend services. Along with routing, API Gateways provide capabilities like security, monitoring, rate limiting, and more for your APIs. A major…
[](/blog/learning-center/api-gateway-policies)
API gateway request transformation policies are incredibly powerful. There are many situations when an API developer can take advantage of request transformations to adjust the shape and values of a request to cleanly fit their API. Let’s say you’re deprecating a certain endpoint for your API, but…
[](/blog/engineering/api-gateway-request-transformation)
When setting up Kubernetes for the first time, one of the networking challenges you might face is how to safely grant outside clients access to your cluster. By default, pods within a cluster can communicate with all other pods and services. You should restrict access to anything outside of that…
[](/blog/engineering/traffic-policies-kubernetes)