Cloud Native - Security & Compliance - OPA - Glance
Overview
- Policy-based control for cloud native environments
- Flexible, fine-grained control for administrators across the stack
- Use OPA for a unified toolset and framework for policy across the cloud native stack.
- Decouple policy from the service’s code, so you can release, analyze, and review policies without sacrificing availability or performance.
Declarative Policy
- Declarative
- Express policy in a high-level, declarative language that promotes safe, performant, fine-grained controls.
- DSL : Use a language purpose-built for policy in a world where JSON is pervasive.
- Context-aware
- Leverage external information to write the policies you really care about.
- Stop inventing roles that represent complex relationships that years down the road no one will understand.
- Instead, write logic that adapts to the world around it and attach that logic to the systems that need it.
Architectural Flexibility
Daemon
- Deploy OPA as a separate process on the same host as your service.
- Integrate OPA by changing your service’s code, importing an OPA-enabled library, or using a network proxy integrated with OPA.
Library
- Embed OPA policies into your service.
- Schemes
- Integrate OPA as a Go library that evaluates policy
- Integrate a WebAssembly runtime and use OPA to compile policy to WebAssembly instructions.
All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.