Microservices distribute the complexity of applications into smaller processes and infrastructure. In conclusion policies for encyrption, cost labelling or access control become decentralized too. The already complex components of a cloud-native application, such as container orchestration, IaaS components and CI/CD pipelines, complicate the technically uniform definition of these guidelines further.
OPA (Open Policy Agent) is a CNCF tool to define and check policies. What makes opa special is the easy integration into cloud-native environments in combination with rego, a universal logical programming language which allows defining policies across technology boundaries. This technical presentation is an introduction into OPA and demonstrates typical use-cases.