Re: OPA to graduation

Gadi Naor

-1 NB 

The community around this project is great and there is a consensus on problem space.

Having the benefit of solving and working with customers on Kubernetes security compliance and authorization challenges for quite some time, and integrating OPA as part of our engine - I've witnessed unanimous feedback that OPA REGO has a steep learning curve, and high touch ongoing costs.

Nowadays with building blocks such as WASM, and motion around IaC that use real programming languages (Pulumi & CDK) I believe the ecosystem should strive to make the life of engineering teams easier, possibly in their comfort zone programming language (hey, Go, JS ... can work fine on documents) rather than introducing a new, none intuitive, high touch programming language.

Also, with regards to OPA applications such as Gatekeeper , Kafka Authorizer, conftest and others - Are those OPA applications proposed for graduation? 
Gatekeeper constraints and templates is gr8 - and I'd vote to graduate Gatekeeper with at least none REGO working PoC.


On Sat, Sep 19, 2020 at 7:49 PM <nuhamind2@...> wrote:
I believe similar point about the core-project/heart-of-the-system maintainership is raised on the past graduation proposal

Gadi NaorCTO

US.   2443 Fillmore St, San Francisco, CA, 94115
IL.    5 Miconis St, Tel Aviv, 6777214   
M. +972-52-6618811

Follow us on LinkedInFollow us on Twitter 

Securing Kubernetes & Service Mesh.
Bridging Security & DevOps.

Cloud Native Virtual Summit is October 6-8.    Register HERE

Join to automatically receive all group messages.