The Cloud Native Computing Foundation has announced the graduation of Open Policy Agent (OPA). OPA has demonstrated widespread adoption, an open governance process, feature maturity, and a strong commitment to community, sustainability, and inclusivity to graduate.
Maintainers come from four organizations
OPA is an open-source, general-purpose policy engine that enables unified, context-aware policy enforcement across the entire stack. The project was accepted into the CNCF sandbox in April 2018 and one year later was promoted to incubation. More than 90 individuals from approximately 30 organizations contribute to OPA, and maintainers come from four organizations, including Google, Microsoft, VMware, and Styra.
Chris Aniszczyk, CTO of the Cloud Native Computing Foundation, said,
“As the cloud-native ecosystem grows, it’s more important than ever for organizations to have access to policy enforcement tools built for modern cloud-native deployments. Since joining CNCF, OPA has expanded to integrate closer with Kubernetes via the Gatekeeper project but also supports a wide variety of use cases outside of Kubernetes.”
The most common use cases for OPA are configuration authorization and API authorization. The project has successfully integrated with several CNCF projects, including Kubernetes, Envoy, CoreDNS, Helm, SPIFFE/SPIRE, and more. It also integrates with Gatekeeper to provide a Kubernetes-native experience for admission policy enforcement and auditing.