Skip to content

OPA

Open Policy Agent

Spicy — senior dev territoryCloud & Infra

ELI5 — The Vibe Check

OPA is an open-source policy engine that lets you write rules in a language called Rego. 'Can this user access this resource?' 'Is this Kubernetes deployment compliant?' 'Does this Terraform plan violate our policies?' OPA answers all these questions. It's like a universal rules engine — same tool for API auth, K8s admission, and infra policies.

Real Talk

Open Policy Agent (OPA) is a general-purpose policy engine that evaluates policies written in Rego, a declarative language. It decouples policy decisions from application logic and integrates with Kubernetes (as Gatekeeper), Terraform, Envoy, API gateways, and custom applications. It enables consistent policy enforcement across the entire stack.

Show Me The Code

# Rego policy: deny if no resource limits
package kubernetes.admission

deny[msg] {
  container := input.request.object.spec.containers[_]
  not container.resources.limits
  msg := sprintf("Container %v must have resource limits", [container.name])
}

When You'll Hear This

"OPA Gatekeeper blocks non-compliant Kubernetes deployments at admission." / "We use OPA to enforce Terraform policies — no public S3 buckets allowed."

Related Terms

Compliance

Compliance — pheeew, who needs it? Well, regulators. And lawyers. And anyone who doesn't want a multi-million dollar fine. If you don't know what it means,

beginnerSecurity

Kubernetes

Kubernetes is a robot manager for your containers.

advancedCI/CD & DevOps

Policy as Code

Policy as Code means writing your rules and compliance requirements as actual code that gets enforced automatically.

advancedCloud & Infra

Sentinel

Sentinel is HashiCorp's policy engine for their tools — Terraform, Vault, Consul, Nomad.

advancedCloud & Infra
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.