The Open Policy Agent (OPA) is an open source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack.
OPA is hosted by the Cloud Native Computing Foundation (CNCF) as a sandbox level project. If you are an organization that wants to help shape the evolution of technologies that are container-packaged, dynamically-scheduled and microservices-oriented, consider joining the CNCF. For details read the CNCF announcement.
Want to learn more about OPA?
Want to get OPA?
Want to integrate OPA?
Want to contribute to OPA?
How does OPA work?
OPA gives you a high-level declarative language to author and enforce policies
across your stack.
With OPA, you define rules that govern how your system should behave. These
rules exist to answer questions like:
Can user X call operation Y on resource Z?
What clusters should workload W be deployed to?
What tags must be set on resource R before it’s created?
You integrate services with OPA so that