OPA and Gatekeeper: OPA or Gatekeeper?

OPA and Gatekeeper: OPA or Gatekeeper?

In the last couple of posts, I wrote about Open Policy Agent (OPA). People almost always ask one question: what is the difference between OPA and Gatekeeper when it comes to Kubernetes admission control? And, generally, follow up with another question: so should I use Gatekeeper instead of OPA?

In the last couple of posts, I wrote about Open Policy Agent (OPA). People almost always ask one question: what is the difference between OPA and Gatekeeper when it comes to Kubernetes admission control? And, generally, follow up with another question: so should I use Gatekeeper instead of OPA?

Admittedly, the OPA documentation does a nice job explaining OPA and its use cases. It also has a brief section about the difference between Gatekeeper and OPA. But for those just getting started with OPA, this difference isn't always clear.

So, here in this blog post, I will clarify the difference between OPA and Gatekeeper. Or, to be precise, how Gatekeeper extends OPA.

Before we deep dive into differences, let's make one thing clear. OPA is a general-purpose policy engine. It has a number of use cases like API Authorization, SSH, Docker, and more. Use of OPA is not tied to Kubernetes alone; neither is Kubernetes is mandatory for using OPA. Kubernetes Admission Control is just one of OPA's use cases. Please refer to the OPA documentation for more use cases. And, note, this list is continuously expanding.

Gatekeeper, on the other hand, is specifically built for Kubernetes Admission Control use case of OPA. It uses OPA internally, but specifically for the Kubernetes admission control. So, we are going to focus only on this use case of OPA here.

open source security kubernetes cloud native cicd pipeline open policy agent

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

50+ Useful Kubernetes Tools for 2020 - Part 2

Our original Kubernetes tool list was so popular that we've curated another great list of tools to help you improve your functionality with the platform.

Improving Kubernetes Security with Open Policy Agent (OPA)

Get started with Open Policy Agent (OPA) and enforce policies automatically in your organization across your Kubernetes clusters at scale. OPA provides technology that helps unify policy enforcement across a wide range of software and enable or empower administrators with more control over their systems.

How native is React Native? | React Native vs Native App Development

Article covers: How native is react native?, React Native vs (Ionic, Cordova), Similarities and difference between React Native and Native App Development.

Did Google Open Sourcing Kubernetes Backfired?

With Google not owning the trademarks or control for Kubernetes, it also provided a competitive edge to AWS, Microsoft, IBM etc.

Kubernetes Security 101: Cloud Native Runtime Security with Falco

Kubernetes Security 101: Cloud Native Runtime Security with Falco. As Kubernetes continues to grow in adoption, it is important for us to know how to secure it. In a dynamic infrastructure platform such as Kubernetes, detecting and addressing threats is important but also challenging at the same time.