Introduction to Open Policy Agent

Kubernetes August 27, 2020

What Is Open Policy Agent?

Open Policy Agent is a project which allows you to implement fine-grained access control. It is written in Go and is part of the Cloud Native Computing Foundation as an incubating project. Its source code is available publicly under the Apache License 2.0.

Why Use OPA?

Policy-making has been implemented with various frameworks in the past (have a look at the AWS policies for an example). OPA attempts to unify these different approaches and allows you to use the same tool for policy-making across your different services.

Who Uses OPA?

OPA can now be used with Kubermatic Kubernetes Platform. Additionally, companies and projects like Docker, Istio, Kafka and Terraform use OPA to implement their policy decision making. There are tutorials on the OPA website showing you how to implement decision making with these products. We will show how to use Kubermatic Kubernetes Platform with OPA in our next tutorial.

What Are the Basic Components of OPA?

OPA lets you define policy as source code. The language used within OPA is Rego, OPA’s native query language. Decision making with OPA consists of three components:

Which APIs Are Part of OPA?

You can use the following APIs within OPA:

What We Have Learned So Far

See Our Next Tutorial for Information on These Topics

Irina Lindt

Irina Lindt

Software Engineer