Difficulty: beginner
Estimated Time: 10-15 minutes

OPA Logo


In this scenario, you will learn how to enforce custom egress policies on Kubernetes objects using OPA.


OPA is a lightweight general-purpose policy engine that can be co-located with your service. You can integrate OPA as a sidecar, host-level daemon, or library.

Services offload policy decisions to OPA by executing queries. OPA evaluates policies and data to produce query results (which are sent back to the client). Policies are written in a high-level declarative language and can be loaded into OPA via the filesystem or well-defined APIs.

More details can be found at https://www.openpolicyagent.org/.

OPA Logo

This scenario showed how you can leverage OPA to enforce admission control decisions in Kubernetes clusters without modifying or recompiling any Kubernetes components. Furthermore, once Kubernetes is configured to use OPA as an External Admission Controller, policies can be modified on-the-fly to satisfy changing operational requirements.

For more information about deploying OPA on top of Kubernetes, see Deployments - Kubernetes.

For more OPA tutorials see https://www.openpolicyagent.org/docs/get-started.html.

WIP: Kubernetes Admission Control with OPA (Open Policy Agent)- Egress

Step 1 of 2

Step 1 - Install Calico

Install Project Calico using kubectl:

kubectl apply -f http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml

This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]