Posted on

Open Policy Agent: Microservices Authorization Simplified

With microservices development, I often came across a problem with implementing Authentication and Authorization (A&A). We want a robust and centrally managed authentication and authorization strategy. But, the distributed nature of the application makes it difficult to implement. In this post, I will explore how Open Policy Agent can help simplify the authorization problem.

Let’s take a quick look at the definition for Authentication and Authorization. Authentication refers to identifying the user (“who”), whereas Authorization refers to determining the level of access an authenticated user has (“what”).

Posted on

OPA and Gatekeeper: OPA or Gatekeeper?

In the last couple of posts, I wrote about Open Policy Agent (OPA). People almost always ask one question: what is the difference between OPA and Gatekeeper when it comes to Kubernetes admission control? And, generally, follow up with another question: so should I use Gatekeeper instead of OPA?

Admittedly, the OPA documentation does a nice job explaining OPA and its use cases. It also has a brief section about the difference between Gatekeeper and OPA. But for those just getting started with OPA, this difference isn't always clear.

Posted on

Kubernetes Pod Security Policies with Open Policy Agent (OPA)

Kubernetes is the most popular container orchestration platform in today's cloud-native ecosystem. Consequently, Kubernetes is also an area of increased interest and attention.

In this blog post, first I will discuss the Pod Security Policy admission controller. Then we will see how Open Policy Agent can implement Pod Security Policies. In fact, during Kubernetes SIG Auth at Kubecon + CloudNaticeCon North America 2019, Open Policy Agent/Gatekeeper was touched upon as a potential alternative to Pod Security Policy.