CodersSecret

What is OPA (Open Policy Agent)?

OPA is a general-purpose policy engine that decouples policy decisions from application code. Policies are written in Rego, a declarative language designed for evaluating structured data.

OPA ADMISSION CONTROL FLOWkubectl applyAPI ServerOPA Gatekeeperevaluate RegoAllowDenyPolicies block insecure configs BEFORE they reach etcd

OPA in Kubernetes

OPA Gatekeeper runs as an admission controller — it evaluates every API request against your Rego policies and rejects non-compliant configurations before they reach the cluster.

OPA vs Kyverno

FeatureOPA GatekeeperKyverno
LanguageRegoYAML (K8s native)
Learning curveHigherLower
MutationLimitedFull
EcosystemBroader (beyond K8s)K8s-specific

Learn More

See Module 8: Policy-as-Code Security.

Related Terms

kyverno gatekeeper rego Zero Trust

Learn This in Our Free Courses

Cloud Native Security Engineering