Re: OPA to graduation


Joe Searcy
 

I can't speak for everyone, but we are, and have been for the last 2+ years, been making great use of OPA in production across our entire fleet of Kubernetes clusters and several other ecosystem components. While I do agree that some folks associate OPA with Gatekeeper, OPA is much more ubiquitous. The admission controller model with OPA is very popular, but other example of how we use it are:

- Custom authorization policies within Envoy/Gloo
- Generic RBAC for several in-house built tools/apps
- Custom Token validation
- Generic CI/CD conformance 
- Kubernetes Fleet conformance (cross-cluster policy)

We run 100's of OPA instances as both containers and as embedded libraries.

Use cases like Conftest come to mind as well.

Join cncf-toc@lists.cncf.io to automatically receive all group messages.