SlideShare una empresa de Scribd logo

CNCF opa

J
Juraj Hantak

Open policy agent

Internet
1 de 44
Descargar para leer sin conexión
Open Policy Agent Introduction
Labyrinth Labs is a boutique expert shop focusing on DevOps, Public Cloud and Kubernetes ecosystem. Our mission is to help companies evolve their applications into the containerized and serverless future. We are a privately owned company mainly driven by technical excellence and our passion in modern application technologies. About us
Agenda ● Introduction ● Policy decision model ● Interactions with OPA ● Rego basics ● Performance ● Ecosystem ● Gatekeeper example
Open Policy Agent Introduction
OPA - Overview ● General purpose policy engine ● Decouples policy from application logic ● Offload policy decision-making from your software to enforce policies ● Toolset and framework for policy across the cloud native stack ● Declarative Policy as a Code with REGO
OPA - Community ● CNCF graduated ● 30+ integrations ● Vibrant community ● Good tooling and ecosystems ● Users
Policy Decision Model
OPA - Operational Model ● Service query OPA with structured data ● Based on policy and data OPA evaluates query ● Returns decision as response with structured data to the service
OPA - Data Model ● Data classification ○ Base documents ○ Virtual documents
OPA - External Data ● Data size ● Update frequency ● Consistency model ● Loading options: ○ Sync push ○ Sync push overload ○ Periodic pull - Bundle API ○ Async push data ○ Pull data during evaluation
OPA - External Data ● Sync push - base document ○ updates ○ size ● Usage: ○ User attributes
OPA - External Data ● Sync push overload - base document ○ updates ○ size ● Usage: ○ Local & Dynamic data
OPA - External Data ● Bundle API ○ updates ○ size ○ consistency ○ persistency ● Usage: ○ Static & Medium-sized data
OPA - External Data ● Push data ○ updates ○ size ● Usage: ○ Dynamic & Medium-sized data
OPA - External Data ● Pull data during evaluation ○ updates ○ size ○ performance ● Usage: ○ Dynamic & Large-sized data
OPA - APIs ● Policy ● Data ● Query ● Compile ● Auth ● Trace ● Metrics ● Config
OPA - Policy API
OPA - Data API
OPA - Query API Policy Request Resposne POST / == POST /system/main
Interactions
OPA - Interactions ● Command line (+interactive mode) ● Library ● Server (HTTP) ○ Sidecar ○ Host-level daemon ○ Distributed service
REGO Language
OPA - REGO Language ● Inspired by Datalog ● Relatively easy for reading / writing ● Declarative
OPA - REGO Example ● Pet Store example with RBAC policy
OPA - Rich set of primitives ● Arrays / Objects / Sets ○ lookups, iterations ○ concat, …, unions ● Rules, functions ○ conditionals, incremental, else ● Comparisons, Math ● String manipulations, regexp, … ● Many more
Performance
OPA - Performance ● Evaluation budget order of 1 ms ● Linear fragment ● Use objects over arrays
OPA - Performance partial evaluation
OPA - Performance indexing statements
OPA - Performance comprehension Indexing
OPA - Performance envoy example
Ecosystem
OPA - Integrations
OPA - Roadmap
OPA - Tooling ● OPA cli ○ eval ○ bench ○ fmt ○ check ● VS code, IntelliJ plugins ● conftest ● terrascan ● OPAL ● rego playground
OPA - inspiration ● terrascan rego ● gatekeeper library ● scalr sample policies ● OPA PoC & contributions
Examples - Kubernetes Gatekeeper
OPA - Gatekeeper
OPA - Gatekeeper
OPA - Gatekeeper policy enforcement
OPA - Gatekeeper audit
OPA - Gatekeeper Library General ● K8sAllowedRepos ● K8sBlockNodePort ● K8sContainerLimits ● K8sContainerRatios ● K8sDisallowedTags ● K8sHttpsOnly ● K8sImageDigests ● K8sRequiredLabels ● K8sRequiredProbes ● K8sUniqueIngressHost ● K8sUniqueIngressHost ● K8sExternalIPs
OPA - Gatekeeper PSP replacement
Thank you Martin Dojcak CTO & Co-founder Contact: martin.dojcak@lablabs.io

Recomendados

Open Policy Agent
Open Policy AgentOpen Policy Agent
Open Policy AgentTorin Sandall
 
Policy Enforcement on Kubernetes with Open Policy Agent
Policy Enforcement on Kubernetes with Open Policy AgentPolicy Enforcement on Kubernetes with Open Policy Agent
Policy Enforcement on Kubernetes with Open Policy AgentVMware Tanzu
 
OPA APIs and Use Case Survey
OPA APIs and Use Case SurveyOPA APIs and Use Case Survey
OPA APIs and Use Case SurveyTorin Sandall
 
Open Policy Agent Deep Dive Seattle 2018
Open Policy Agent Deep Dive Seattle 2018Open Policy Agent Deep Dive Seattle 2018
Open Policy Agent Deep Dive Seattle 2018Torin Sandall
 
Azure API Management
Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays
 
Prometheus design and philosophy
Prometheus design and philosophy Prometheus design and philosophy
Prometheus design and philosophy Docker, Inc.
 

Recomendados

Open Policy Agent
Open Policy AgentOpen Policy Agent
Open Policy AgentTorin Sandall
 
Policy Enforcement on Kubernetes with Open Policy Agent
Policy Enforcement on Kubernetes with Open Policy AgentPolicy Enforcement on Kubernetes with Open Policy Agent
Policy Enforcement on Kubernetes with Open Policy AgentVMware Tanzu
 
OPA APIs and Use Case Survey
OPA APIs and Use Case SurveyOPA APIs and Use Case Survey
OPA APIs and Use Case SurveyTorin Sandall
 
Open Policy Agent Deep Dive Seattle 2018
Open Policy Agent Deep Dive Seattle 2018Open Policy Agent Deep Dive Seattle 2018
Open Policy Agent Deep Dive Seattle 2018Torin Sandall
 
Azure API Management
Azure API ManagementAzure API Management
Azure API ManagementDaniel Toomey
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...
apidays Paris 2022 - Event-Driven API Management – why REST isn't enough, Ben...apidays
 
Prometheus design and philosophy
Prometheus design and philosophy Prometheus design and philosophy
Prometheus design and philosophy Docker, Inc.
 
Opa gatekeeper
Opa gatekeeperOpa gatekeeper
Opa gatekeeperRita Zhang
 
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureWe Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureApigee | Google Cloud
 
AWS Outpostsセミナー オンプレミスネットワークとの接続
AWS Outpostsセミナー オンプレミスネットワークとの接続AWS Outpostsセミナー オンプレミスネットワークとの接続
AWS Outpostsセミナー オンプレミスネットワークとの接続Shuji Kikuchi
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?LunchBadger
 
Kubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentKubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
 
Airflow introduction
Airflow introductionAirflow introduction
Airflow introductionChandler Huang
 
Prometheus 101
Prometheus 101Prometheus 101
Prometheus 101Paul Podolny
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 
Apache Airflow | What Is An Operator
Apache Airflow | What Is An OperatorApache Airflow | What Is An Operator
Apache Airflow | What Is An OperatorMarc Lamberti
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes IstioAraf Karsh Hamid
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)Open Source Consulting
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
{Re}designing a Developer Portal
{Re}designing a Developer Portal{Re}designing a Developer Portal
{Re}designing a Developer PortalPronovix
 
Apache Airflow Introduction
Apache Airflow IntroductionApache Airflow Introduction
Apache Airflow IntroductionLiangjun Jiang
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure FunctionsCallon Campbell
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1SmartBear
 
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...Thomas Riley
 
OpenTelemetry Introduction
OpenTelemetry Introduction OpenTelemetry Introduction
OpenTelemetry Introduction DimitrisFinas1
 
Protecting the Data Lake
Protecting the Data LakeProtecting the Data Lake
Protecting the Data LakeAshutosh Narkar
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 

Más contenido relacionado

La actualidad más candente

Opa gatekeeper
Opa gatekeeperOpa gatekeeper
Opa gatekeeperRita Zhang
 
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureWe Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureApigee | Google Cloud
 
AWS Outpostsセミナー オンプレミスネットワークとの接続
AWS Outpostsセミナー オンプレミスネットワークとの接続AWS Outpostsセミナー オンプレミスネットワークとの接続
AWS Outpostsセミナー オンプレミスネットワークとの接続Shuji Kikuchi
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?LunchBadger
 
Kubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentKubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentCloudOps2005
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 
Apache Airflow | What Is An Operator
Apache Airflow | What Is An OperatorApache Airflow | What Is An Operator
Apache Airflow | What Is An OperatorMarc Lamberti
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트Amazon Web Services Korea
 
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)Open Source Consulting
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways Kong Inc.
 
{Re}designing a Developer Portal
{Re}designing a Developer Portal{Re}designing a Developer Portal
{Re}designing a Developer PortalPronovix
 
Apache Airflow Introduction
Apache Airflow IntroductionApache Airflow Introduction
Apache Airflow IntroductionLiangjun Jiang
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure FunctionsCallon Campbell
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1SmartBear
 
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...Thomas Riley
 
OpenTelemetry Introduction
OpenTelemetry Introduction OpenTelemetry Introduction
OpenTelemetry Introduction DimitrisFinas1
 

La actualidad más candente (20)

Opa gatekeeper
Opa gatekeeperOpa gatekeeper
Opa gatekeeper
 
We Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge ArchitectureWe Built This City - Apigee Edge Architecture
We Built This City - Apigee Edge Architecture
 
AWS Outpostsセミナー オンプレミスネットワークとの接続
AWS Outpostsセミナー オンプレミスネットワークとの接続AWS Outpostsセミナー オンプレミスネットワークとの接続
AWS Outpostsセミナー オンプレミスネットワークとの接続
 
What is an API Gateway?
What is an API Gateway?What is an API Gateway?
What is an API Gateway?
 
Kubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy AgentKubernetes Security with Calico and Open Policy Agent
Kubernetes Security with Calico and Open Policy Agent
 
Airflow introduction
Airflow introductionAirflow introduction
Airflow introduction
 
Prometheus 101
Prometheus 101Prometheus 101
Prometheus 101
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to Docker
 
Apache Airflow | What Is An Operator
Apache Airflow | What Is An OperatorApache Airflow | What Is An Operator
Apache Airflow | What Is An Operator
 
Docker Kubernetes Istio
Docker Kubernetes IstioDocker Kubernetes Istio
Docker Kubernetes Istio
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
 
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
K8s, Amazon EKS - 유재석, AWS 솔루션즈 아키텍트
 
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)[오픈소스컨설팅] 서비스 메쉬(Service mesh)
[오픈소스컨설팅] 서비스 메쉬(Service mesh)
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
 
{Re}designing a Developer Portal
{Re}designing a Developer Portal{Re}designing a Developer Portal
{Re}designing a Developer Portal
 
Apache Airflow Introduction
Apache Airflow IntroductionApache Airflow Introduction
Apache Airflow Introduction
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure Functions
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
 
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...
Prometheus in Practice: High Availability with Thanos (DevOpsDays Edinburgh 2...
 
OpenTelemetry Introduction
OpenTelemetry Introduction OpenTelemetry Introduction
OpenTelemetry Introduction
 

Similar a CNCF opa

Protecting the Data Lake
Protecting the Data LakeProtecting the Data Lake
Protecting the Data LakeAshutosh Narkar
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentLibbySchulze
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)Michael Man
 
Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...
Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...
Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...StampedeCon
 
Database automation guide - Oracle Community Tour LATAM 2023
Database automation guide - Oracle Community Tour LATAM 2023Database automation guide - Oracle Community Tour LATAM 2023
Database automation guide - Oracle Community Tour LATAM 2023Nelson Calero
 
PyCon Poland 2016: Maintaining a high load Python project: typical mistakes
PyCon Poland 2016: Maintaining a high load Python project: typical mistakesPyCon Poland 2016: Maintaining a high load Python project: typical mistakes
PyCon Poland 2016: Maintaining a high load Python project: typical mistakesViach Kakovskyi
 
Data Platform Architecture Principles and Evaluation Criteria
Data Platform Architecture Principles and Evaluation CriteriaData Platform Architecture Principles and Evaluation Criteria
Data Platform Architecture Principles and Evaluation CriteriaScyllaDB
 
Lessons learned from designing a QA Automation for analytics databases (big d...
Lessons learned from designing a QA Automation for analytics databases (big d...Lessons learned from designing a QA Automation for analytics databases (big d...
Lessons learned from designing a QA Automation for analytics databases (big d...Omid Vahdaty
 
AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...
AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...
AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...Cambridge Semantics
 
PostgreSQL as a Big Data Platform
PostgreSQL as a Big Data Platform PostgreSQL as a Big Data Platform
PostgreSQL as a Big Data Platform Chris Travers
 
Pranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and R
Pranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and RPranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and R
Pranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and RPyData
 
Machine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsMachine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsZhenxiao Luo
 
Structured Streaming in Spark
Structured Streaming in SparkStructured Streaming in Spark
Structured Streaming in SparkDigital Vidya
 
Data Enginering from Google Data Warehouse
Data Enginering from Google Data WarehouseData Enginering from Google Data Warehouse
Data Enginering from Google Data Warehousearungansi
 
Ledingkart Meetup #2: Scaling Search @Lendingkart
Ledingkart Meetup #2: Scaling Search @LendingkartLedingkart Meetup #2: Scaling Search @Lendingkart
Ledingkart Meetup #2: Scaling Search @LendingkartMukesh Singh
 
Business Intelligence Open Source
Business Intelligence Open SourceBusiness Intelligence Open Source
Business Intelligence Open SourceRoberto Marchetto
 
Elasticsearch Performance Testing and Scaling @ Signal
Elasticsearch Performance Testing and Scaling @ SignalElasticsearch Performance Testing and Scaling @ Signal
Elasticsearch Performance Testing and Scaling @ SignalJoachim Draeger
 
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...NETWAYS
 
Presto Bangalore Meetup1 Repertoire@Myntra
Presto Bangalore Meetup1 Repertoire@MyntraPresto Bangalore Meetup1 Repertoire@Myntra
Presto Bangalore Meetup1 Repertoire@MyntraShubham Tagra
 

Similar a CNCF opa (20)

Protecting the Data Lake
Protecting the Data LakeProtecting the Data Lake
Protecting the Data Lake
 
Cloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy AgentCloud native policy enforcement with Open Policy Agent
Cloud native policy enforcement with Open Policy Agent
 
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
DSO-LG 2021 Reboot: Policy As Code (Anders Eknert)
 
Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...
Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...
Building a Next-gen Data Platform and Leveraging the OSS Ecosystem for Easy W...
 
Database automation guide - Oracle Community Tour LATAM 2023
Database automation guide - Oracle Community Tour LATAM 2023Database automation guide - Oracle Community Tour LATAM 2023
Database automation guide - Oracle Community Tour LATAM 2023
 
PyCon Poland 2016: Maintaining a high load Python project: typical mistakes
PyCon Poland 2016: Maintaining a high load Python project: typical mistakesPyCon Poland 2016: Maintaining a high load Python project: typical mistakes
PyCon Poland 2016: Maintaining a high load Python project: typical mistakes
 
Data Platform Architecture Principles and Evaluation Criteria
Data Platform Architecture Principles and Evaluation CriteriaData Platform Architecture Principles and Evaluation Criteria
Data Platform Architecture Principles and Evaluation Criteria
 
Lessons learned from designing a QA Automation for analytics databases (big d...
Lessons learned from designing a QA Automation for analytics databases (big d...Lessons learned from designing a QA Automation for analytics databases (big d...
Lessons learned from designing a QA Automation for analytics databases (big d...
 
AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...
AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...
AnzoGraph DB: Driving AI and Machine Insights with Knowledge Graphs in a Conn...
 
PostgreSQL as a Big Data Platform
PostgreSQL as a Big Data Platform PostgreSQL as a Big Data Platform
PostgreSQL as a Big Data Platform
 
Pranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and R
Pranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and RPranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and R
Pranav Bahl & Jonathan Stacks - Robust Automated Forecasting in Python and R
 
Machine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systemsMachine learning and big data @ uber a tale of two systems
Machine learning and big data @ uber a tale of two systems
 
Structured Streaming in Spark
Structured Streaming in SparkStructured Streaming in Spark
Structured Streaming in Spark
 
Data Enginering from Google Data Warehouse
Data Enginering from Google Data WarehouseData Enginering from Google Data Warehouse
Data Enginering from Google Data Warehouse
 
Industrialiser spark
Industrialiser sparkIndustrialiser spark
Industrialiser spark
 
Ledingkart Meetup #2: Scaling Search @Lendingkart
Ledingkart Meetup #2: Scaling Search @LendingkartLedingkart Meetup #2: Scaling Search @Lendingkart
Ledingkart Meetup #2: Scaling Search @Lendingkart
 
Business Intelligence Open Source
Business Intelligence Open SourceBusiness Intelligence Open Source
Business Intelligence Open Source
 
Elasticsearch Performance Testing and Scaling @ Signal
Elasticsearch Performance Testing and Scaling @ SignalElasticsearch Performance Testing and Scaling @ Signal
Elasticsearch Performance Testing and Scaling @ Signal
 
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
OSMC 2023 | What’s new with Grafana Labs’s Open Source Observability stack by...
 
Presto Bangalore Meetup1 Repertoire@Myntra
Presto Bangalore Meetup1 Repertoire@MyntraPresto Bangalore Meetup1 Repertoire@Myntra
Presto Bangalore Meetup1 Repertoire@Myntra
 

Más de Juraj Hantak

Kubernetes day 2_jozef_halgas_pf
Kubernetes day 2_jozef_halgas_pfKubernetes day 2_jozef_halgas_pf
Kubernetes day 2_jozef_halgas_pfJuraj Hantak
 
Kubernetes day 2 @ zse energia
Kubernetes day 2 @ zse energiaKubernetes day 2 @ zse energia
Kubernetes day 2 @ zse energiaJuraj Hantak
 
Dev ops culture_final
Dev ops culture_finalDev ops culture_final
Dev ops culture_finalJuraj Hantak
 
Integracia security do ci cd pipelines
Integracia security do ci cd pipelinesIntegracia security do ci cd pipelines
Integracia security do ci cd pipelinesJuraj Hantak
 
Secrets management vault cncf meetup
Secrets management vault cncf meetupSecrets management vault cncf meetup
Secrets management vault cncf meetupJuraj Hantak
 
Introductiontohelmcharts2021
Introductiontohelmcharts2021Introductiontohelmcharts2021
Introductiontohelmcharts2021Juraj Hantak
 
Intro to creating kubernetes operators
Intro to creating kubernetes operators Intro to creating kubernetes operators
Intro to creating kubernetes operators Juraj Hantak
 
19. stretnutie komunity kubernetes
19. stretnutie komunity kubernetes19. stretnutie komunity kubernetes
19. stretnutie komunity kubernetesJuraj Hantak
 
16. Cncf meetup-docker
16. Cncf meetup-docker16. Cncf meetup-docker
16. Cncf meetup-dockerJuraj Hantak
 
16. meetup sietovy model v kubernetes
16. meetup sietovy model v kubernetes16. meetup sietovy model v kubernetes
16. meetup sietovy model v kubernetesJuraj Hantak
 
Terraform a gitlab ci
Terraform a gitlab ciTerraform a gitlab ci
Terraform a gitlab ciJuraj Hantak
 
Monitoring with prometheus at scale
Monitoring with prometheus at scaleMonitoring with prometheus at scale
Monitoring with prometheus at scaleJuraj Hantak
 
Kubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stackKubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stackJuraj Hantak
 
12.cncfsk meetup observability and analysis
12.cncfsk meetup observability and analysis12.cncfsk meetup observability and analysis
12.cncfsk meetup observability and analysisJuraj Hantak
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkJuraj Hantak
 

Más de Juraj Hantak (20)

Kubernetes day 2_jozef_halgas_pf
Kubernetes day 2_jozef_halgas_pfKubernetes day 2_jozef_halgas_pf
Kubernetes day 2_jozef_halgas_pf
 
Kubernetes day 2 @ zse energia
Kubernetes day 2 @ zse energiaKubernetes day 2 @ zse energia
Kubernetes day 2 @ zse energia
 
Dev ops culture_final
Dev ops culture_finalDev ops culture_final
Dev ops culture_final
 
Promise of DevOps
Promise of DevOpsPromise of DevOps
Promise of DevOps
 
23 meetup rancher
23 meetup rancher23 meetup rancher
23 meetup rancher
 
Integracia security do ci cd pipelines
Integracia security do ci cd pipelinesIntegracia security do ci cd pipelines
Integracia security do ci cd pipelines
 
Secrets management vault cncf meetup
Secrets management vault cncf meetupSecrets management vault cncf meetup
Secrets management vault cncf meetup
 
Introductiontohelmcharts2021
Introductiontohelmcharts2021Introductiontohelmcharts2021
Introductiontohelmcharts2021
 
Intro to creating kubernetes operators
Intro to creating kubernetes operators Intro to creating kubernetes operators
Intro to creating kubernetes operators
 
19. stretnutie komunity kubernetes
19. stretnutie komunity kubernetes19. stretnutie komunity kubernetes
19. stretnutie komunity kubernetes
 
16. Cncf meetup-docker
16. Cncf meetup-docker16. Cncf meetup-docker
16. Cncf meetup-docker
 
16. meetup sietovy model v kubernetes
16. meetup sietovy model v kubernetes16. meetup sietovy model v kubernetes
16. meetup sietovy model v kubernetes
 
16.meetup uvod
16.meetup uvod16.meetup uvod
16.meetup uvod
 
14. meetup
14. meetup14. meetup
14. meetup
 
Terraform a gitlab ci
Terraform a gitlab ciTerraform a gitlab ci
Terraform a gitlab ci
 
Monitoring with prometheus at scale
Monitoring with prometheus at scaleMonitoring with prometheus at scale
Monitoring with prometheus at scale
 
Kubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stackKubernetes monitoring using prometheus stack
Kubernetes monitoring using prometheus stack
 
12.cncfsk meetup observability and analysis
12.cncfsk meetup observability and analysis12.cncfsk meetup observability and analysis
12.cncfsk meetup observability and analysis
 
Grafana 7.0
Grafana 7.0Grafana 7.0
Grafana 7.0
 
Nginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lkNginx app protect-for-meetup-v1.0-202006_lk
Nginx app protect-for-meetup-v1.0-202006_lk
 

Último

Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...SUHANI PANDEY
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceDelhi Call girls
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...nirzagarg
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 

Último (20)

Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Vasundhara Ghaziabad >༒8448380779 Escort Service
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
➥🔝 7737669865 🔝▻ mehsana Call-girls in Women Seeking Men 🔝mehsana🔝 Escorts...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 

CNCF opa

  • 2. Labyrinth Labs is a boutique expert shop focusing on DevOps, Public Cloud and Kubernetes ecosystem. Our mission is to help companies evolve their applications into the containerized and serverless future. We are a privately owned company mainly driven by technical excellence and our passion in modern application technologies. About us
  • 3. Agenda ● Introduction ● Policy decision model ● Interactions with OPA ● Rego basics ● Performance ● Ecosystem ● Gatekeeper example
  • 5. OPA - Overview ● General purpose policy engine ● Decouples policy from application logic ● Offload policy decision-making from your software to enforce policies ● Toolset and framework for policy across the cloud native stack ● Declarative Policy as a Code with REGO
  • 6. OPA - Community ● CNCF graduated ● 30+ integrations ● Vibrant community ● Good tooling and ecosystems ● Users
  • 8. OPA - Operational Model ● Service query OPA with structured data ● Based on policy and data OPA evaluates query ● Returns decision as response with structured data to the service
  • 9. OPA - Data Model ● Data classification ○ Base documents ○ Virtual documents
  • 10. OPA - External Data ● Data size ● Update frequency ● Consistency model ● Loading options: ○ Sync push ○ Sync push overload ○ Periodic pull - Bundle API ○ Async push data ○ Pull data during evaluation
  • 11. OPA - External Data ● Sync push - base document ○ updates ○ size ● Usage: ○ User attributes
  • 12. OPA - External Data ● Sync push overload - base document ○ updates ○ size ● Usage: ○ Local & Dynamic data
  • 13. OPA - External Data ● Bundle API ○ updates ○ size ○ consistency ○ persistency ● Usage: ○ Static & Medium-sized data
  • 14. OPA - External Data ● Push data ○ updates ○ size ● Usage: ○ Dynamic & Medium-sized data
  • 15. OPA - External Data ● Pull data during evaluation ○ updates ○ size ○ performance ● Usage: ○ Dynamic & Large-sized data
  • 16. OPA - APIs ● Policy ● Data ● Query ● Compile ● Auth ● Trace ● Metrics ● Config
  • 18. OPA - Data API
  • 19. OPA - Query API Policy Request Resposne POST / == POST /system/main
  • 21. OPA - Interactions ● Command line (+interactive mode) ● Library ● Server (HTTP) ○ Sidecar ○ Host-level daemon ○ Distributed service
  • 23. OPA - REGO Language ● Inspired by Datalog ● Relatively easy for reading / writing ● Declarative
  • 24. OPA - REGO Example ● Pet Store example with RBAC policy
  • 25. OPA - Rich set of primitives ● Arrays / Objects / Sets ○ lookups, iterations ○ concat, …, unions ● Rules, functions ○ conditionals, incremental, else ● Comparisons, Math ● String manipulations, regexp, … ● Many more
  • 27. OPA - Performance ● Evaluation budget order of 1 ms ● Linear fragment ● Use objects over arrays
  • 28. OPA - Performance partial evaluation
  • 29. OPA - Performance indexing statements
  • 30. OPA - Performance comprehension Indexing
  • 31. OPA - Performance envoy example
  • 35. OPA - Tooling ● OPA cli ○ eval ○ bench ○ fmt ○ check ● VS code, IntelliJ plugins ● conftest ● terrascan ● OPAL ● rego playground
  • 36. OPA - inspiration ● terrascan rego ● gatekeeper library ● scalr sample policies ● OPA PoC & contributions
  • 40. OPA - Gatekeeper policy enforcement
  • 42. OPA - Gatekeeper Library General ● K8sAllowedRepos ● K8sBlockNodePort ● K8sContainerLimits ● K8sContainerRatios ● K8sDisallowedTags ● K8sHttpsOnly ● K8sImageDigests ● K8sRequiredLabels ● K8sRequiredProbes ● K8sUniqueIngressHost ● K8sUniqueIngressHost ● K8sExternalIPs
  • 43. OPA - Gatekeeper PSP replacement
  • 44. Thank you Martin Dojcak CTO & Co-founder Contact: martin.dojcak@lablabs.io