Re: RFC: OPA is up for Annual Review + Incubation Request

Li, Xiang

Thanks Brendan for the information. I gave a look at the project this week, and agree on most of the feedbacks azure engineers provided.

Since you mentioned the gatekeeper project, do you know if it is part of OPA (the sandbox project) or a separate project?

I took a look at OPA Kubernetes example (, and found some potential issues:
1. require cache Kubernetes resources into OPA agent, which can be pretty expensive. Is there a cheaper way to do it? Can the agent obtain the base JSON data on demand?
2. the policy agent runs on the eventual consistent cache. This might cause wrong evaluation if previous change has not yet propagated back. 

Join to automatically receive all group messages.