-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #386 from permitio/dan/per-10258-add-docs-on-all-t…
…he-pdp-config dan/per-10258-add-docs-on-all-the-pdp-config
- Loading branch information
Showing
10 changed files
with
647 additions
and
62 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +0,0 @@ | ||
--- | ||
sidebar_position: 4 | ||
title: Policy Decision Point (PDP) | ||
--- | ||
|
||
# PDP (Policy Decision Point) | ||
|
||
A PDP is a network node in an application that provides an endpoint to test for policy decisions- i.e. services may ask the PDP if specific actions or requests are allowed according to the set policy. | ||
The PDP essentially becomes your microservice for authorization, and can be deployed as a side-car, cluster, or even as a single instance (for light workload scenarios). | ||
PDPs need to be highly available, performant and physically close to the querying services to avoid latency. | ||
|
||
## Deploying the PDP | ||
|
||
The most straightforward way to integrate PDPs into a microservices architecture is as sidecars - meaning each microservice has a sidecar container next to it which it can query for policy. | ||
Other topologies include centralized PDP, gateway to PDP (i.e. filtering requests at API gateways or proxies). | ||
|
||
Permit.io supports all PDP layouts and provides the missing layers on-top of open-source PDP solutions (such as OpenPolicyAgent). These layers include policy delivery and updating, supporting data collection, application level SDKs, application level instrumentation and more. | ||
Read about [the various layouts you can deploy the PDP with here](/how-to/deploy/overview#pdp-deployments). | ||
|
||
The Permit.io PDP (Which by default bundles together OPA, OPAL, and an API server) is available publicly from [Docker hub](https://hub.docker.com/r/permitio/pdp-v2). | ||
|
||
|
||
You can set `PDP_ALLOW_METRICS_UNAUTHENTICATED` env var as `true` to allow access to the PDP metrics without authentication (can be used for monitoring tools like DataDog etc) - supported from version 0.2.27. | ||
|
||
|
||
## Hosted/Managed cloud PDP option | ||
|
||
While we recommend a local PDP for production deployments, a limited Cloud PDP option is available at `https://cloudpdp.api.permit.io` for evaluation and testing purposes. | ||
|
||
:::note | ||
The cloud PDP is intended for first evaluation and basic testing, and currently it is not supporting ABAC, ReBAC or large environments (environments with more than 1M data). | ||
::: | ||
|
||
### Hosted PDP in your region | ||
|
||
If you require a hosted version in a specific region (e.g. to minimize network latency as much as possible), or with other specific specs reach out to us at [support@permit.io](mailto:support@permit.io), or in the [Slack community](https://io.permit.io/docs-to-slack). | ||
|
||
## Powered by OPA+OPAL | ||
|
||
Permit.io's PDP orchestration is powered by [OPAL](https://opal.ac) - an open source project - developed by the team at Permit.io and supported by a large community of developers and users. | ||
Check out this talk with the primary authors of OPAL to learn more about the unique realtime architecture: | ||
|
||
<iframe | ||
width="560" | ||
height="315" | ||
src="https://www.youtube.com/embed/A5adHlkmdC0" | ||
title="YouTube video player" | ||
frameborder="0" | ||
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" | ||
allowfullscreen | ||
></iframe> | ||
|
||
OPAL's built-in [separation of the data plane from the control plane](/concepts/control-plane-and-data-plane), enables Permit.io users to enjoy the benefits of a fully distributed PDP solution, without having to be dependant on the availability of the Permit.io cloud, or sharing any data with it. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
{ | ||
"label": "Policy Decision Point (PDP)", | ||
"position": 4, | ||
"collapsible": true, | ||
"collapsed": true | ||
} |
Oops, something went wrong.