 |
| Open Policy Agent icon, source: openpolicyagent.org |
In a hybrid cloud environment, one of the challenging aspects is maintaining a uniform and consistent set of policies - for security, run-time governance, etc. The current state of variability in how such policies are defined and managed - when comparing different platforms and vendor products - illustrates the incredibly challenging problem this entails.
The intent of Open Policy Agent seems to hold much hope for what I would like to see as a standard solution - the possibility for a truly plug-and-play strategy for defining policies - abstracted from the vendor-specific implementation details.
Open Policy Agent Graduates at CNCF
https://www.infoq.com/news/2021/02/opa-cncf-graduation/
"OPA's goals are to decouple policy from the code, unify policy enforcement, and enable policy-as-code. OPA uses a DSL called Rego to describe its policies. An OPA engine can run as a library, sidecar or daemon with the application. OPA policies can be updated dynamically by polling a Bundle service API to download "bundles" - a collection of policies and data."
"OPA integrates with various systems including Kubernetes, Envoy, CoreDNS, Kafka and Helm. There is also first-class integration between OPA and Kubernetes now with the OPA Gatekeeper which provides Kubernetes-native CRDs for working with the policy library."
"CNCF hosts another policy engine called Kyverno - which uses JSON/YAML instead of a custom DSL."
https://www.openpolicyagent.org/
Policy-based control for cloud native environments
https://www.openpolicyagent.org/docs/latest/
https://github.com/open-policy-agent/
- https://github.com/open-policy-agent/opa
- https://github.com/open-policy-agent/contrib/tree/master/api_authz
- https://www.openpolicyagent.org/docs/latest/http-api-authorization/
- https://github.com/open-policy-agent/vscode-opa
- https://github.com/open-policy-agent/contrib
- https://github.com/open-policy-agent/library
No comments:
Post a Comment