Re: OPA to graduation


Gadi Naor
 

-1 NB 

The community around this project is great and there is a consensus on problem space.

Having the benefit of solving and working with customers on Kubernetes security compliance and authorization challenges for quite some time, and integrating OPA as part of our engine - I've witnessed unanimous feedback that OPA REGO has a steep learning curve, and high touch ongoing costs.

Nowadays with building blocks such as WASM, and motion around IaC that use real programming languages (Pulumi & CDK) I believe the ecosystem should strive to make the life of engineering teams easier, possibly in their comfort zone programming language (hey, Go, JS ... can work fine on documents) rather than introducing a new, none intuitive, high touch programming language.

Also, with regards to OPA applications such as Gatekeeper , Kafka Authorizer, conftest and others - Are those OPA applications proposed for graduation? 
Gatekeeper constraints and templates is gr8 - and I'd vote to graduate Gatekeeper with at least none REGO working PoC.

Gadi


On Sat, Sep 19, 2020 at 7:49 PM <nuhamind2@...> wrote:
I believe similar point about the core-project/heart-of-the-system maintainership is raised on the past graduation proposal



--
Gadi NaorCTO

US.   2443 Fillmore St, San Francisco, CA, 94115
IL.    5 Miconis St, Tel Aviv, 6777214   
M. +972-52-6618811
Web.      www.alcide.io
GitHub. github.com/alcideio

Follow us on LinkedInFollow us on Twitter 


Securing Kubernetes & Service Mesh.
Anywhere.
Bridging Security & DevOps.

Cloud Native Virtual Summit is October 6-8.    Register HERE




Join cncf-toc@lists.cncf.io to automatically receive all group messages.