OPA (Open Policy Agent)/ Rego : Part-7: Kubernetes Custom Resource Definition (CRD) and OPA Gatekeeper
Custom Resources A custom resource is an extension of the Kubernetes API that is not necessarily available in a default Kubernetes installation. It represents a customization of a particular Kubernetes installation. However, many core Kubernetes functions are now built using custom resources, making Kubernetes more modular. Custom resources can appear and disappear in a running cluster through […]
OPA (Open Policy Agent): Part-6: Rego – Enforcing labels For Kubernetes Deployment
Overview In this article, we are going to learn about how to create a Rule for Kubernetes Deployment Manifest. The policy will check whether the defined label exists in our pod manifest file. In order to in Rego, we will convert our pod manifest file (which is in Yaml format) to Json format. We will name it […]
OPA (Open Policy Agent): Part-5: Rego – Deny/Allow Rule for Kubernetes Pod image
Overview In this article, we are going to learn about how to create Deny / Allow rule for Kubernetes POD image. Working Example Let’s create a Directory called test6 and create 3 files like below: policy.rego input.json Testing The policy 1. Testing Deny policy using “opa eval” command: The Output: 2. Testing Allow policy using “opa […]
OPA (Open Policy Agent): Part-4: Rego – Writing Test Cases
Overview In this article, we are going to learn about how to write test cases for OPA policy. Working Example Let’s create a Directory called test5 and create 3 files like below: policy.rego input.json policy_test.rego Testing Policy Test cases Now test our policy set. We have written 3 test cases which are: The “allow” rule should be […]
OPA (Open Policy Agent): Part-3: Rego – Loops & Input Variable
Overview In this article, we are going to learn about Loops in Rego as well as how we can pass input variable to OPA policy. Note: Loops in rego are defined as [ _ ] We will see how we can iterate over a json file and evaluate if the policy is true or false. […]
OPA (Open Policy Agent): Part-2: Rego – Input Variable
Overview In this article, we are going to learn about how we can pass input variable to OPA policy. Working Example Let’s create a Directory called test3 and create 2 files like below: This is a very simple policy where we are checking a rule called “hello”. By default the hello rule is set to […]
OPA (Open Policy Agent): Part-1: Rego Basics
Policy Language OPA is purpose built for reasoning about information represented in structured documents. The data that your service and its users publish can be inspected and transformed using OPA’s native query language Rego. What is Rego? Rego was inspired by Datalog, which is a well understood, decades old query language. Rego extends Datalog to support […]