Introduction to Open Policy Agent

Special Guest: Torin Sandall (https://twitter.com/sometorin)

Torin Sandall is VP of Open Source at Styra and a co-creator of the Open Policy Agent (OPA) project.

The Open Policy Agent (OPA, pronounced “oh-pa”) is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA provides a high-level declarative language that let’s you specify policy as code and simple APIs to offload policy decision-making from your software. You can use OPA to enforce policies in microservices, Kubernetes, CI/CD pipelines, API gateways, and more.

OPA decouples policy decision-making from policy enforcement. When your software needs to make policy decisions it queries OPA and supplies structured data (e.g., JSON) as input. OPA accepts arbitrary structured data as input.

OPA generates policy decisions by evaluating the query input and against policies and data. OPA and Rego are domain-agnostic so you can describe almost any kind of invariant in your policies.

🕰 Timeline

00:00 - Holding screen
04:00 - Introductions
10:00 - Introduction to Rego, the policy language
13:45 - Our first Rego policy
23:40 - Simple Kubernetes policy - label validation
31:00 - Complex Kubernetes policy - image source validation
38:40 - Running Open Policy Agent (OPA) locally with CLI and VSCode

🌎 Resources

Torin Sandall - https://twitter.com/sometorin
Open Policy Agent - https://www.openpolicyagent.org/

Resources related to this video will be displayed here, including links, downloads, and additional materials.