As your organization embraces the cloud, you may find that the dynamism and scale of the cloud-native stack requires a far more complicated security and compliance landscape. For instance, with container orchestration platforms like Kubernetes gaining traction, developers and devops teams have new responsibility over policy areas like admission control as well as more traditional areas like compute, storage and networking. Meanwhile, each application, microservice or service mesh requires its own set of authorization policies, for which developers are on the hook.

It’s for these reasons that the hunt is on for a simpler, more time-efficient way to create, enforce and manage policy in the cloud. Enter Open Policy Agent (OPA). Created four years ago as an open-source, domain-agnostic policy engine, OPA is becoming the de facto standard for cloud-native policy. As a matter of fact, OPA is already employed in production by companies like Netflix, Pinterest, and Goldman Sachs, for use cases like Kubernetes admission control and microservices API authorization. OPA also powers many of the cloud-native tools you already know and love, including the Atlassian suite and Chef Automate.

OPA provides cloud-native organizations a unified policy language — so that authorization decisions can be expressed in a common way, across apps, APIs, infrastructure, and more, without having to hard-code bespoke policy into each of those various languages and tools individually. In addition, because OPA is purpose built for authorization, it offers a growing collection of performance optimizations so that policy authors can spend most of their time writing correct, maintainable policy and leave performance to OPA.

OPA authorization policy has many, many use cases across the stack—from putting guardrails around container orchestration, to controlling SSH access or providing context-based service mesh authorization. However, there are three popular use cases that provide a good launching pad for many OPA users: application authorization, Kubernetes admission control, and microservices.


OPA: A general-purpose policy engine for cloud-native
1.05 GEEK