Technology · Ebook
Open Policy Agent: General-Purpose Policy as Code
by Shriira Press
Open Policy Agent (OPA) is a general-purpose policy engine that decouples policy decisions from the systems that enforce them: you define policy as code in Rego, and any system — Kubernetes, microservices, APIs, CI/CD — can ask OPA for a decision. This free book teaches it from the ground up: the policy-as-code decoupling model (PDP/PEP), the Rego language and writing policies in it, Rego in depth (iteration, comprehensions, built-ins, rich decisions), how OPA runs and integrates (daemon/REST, embedded/Wasm), OPA and Kubernetes via Gatekeeper (and how it compares to Kyverno), using OPA beyond Kubernetes for application/API and microservice authorization, testing policies and distributing them with bundles, performance and decision logging, and operating OPA in production. Ten focused chapters with real Rego and clear diagrams that show how to govern many systems with one consistent, code-based approach.
Contents
- 1Preface
- 2Chapter 1 — What OPA Is
- 3Chapter 2 — Policy as Code and the Decoupling Model
- 4Chapter 3 — The Rego Language
- 5Chapter 4 — Rego in Depth
- 6Chapter 5 — How OPA Runs and Integrates
- 7Chapter 6 — OPA and Kubernetes (Gatekeeper)
- 8Chapter 7 — OPA Beyond Kubernetes
- 9Chapter 8 — Testing and Managing Policies
- 10Chapter 9 — Performance, Observability, and Ecosystem
- 11Chapter 10 — Operating OPA and Putting It Together