Difficulty: beginner
Estimated Time: 10-15 minutes

Digital Academy Logo

Welcome to the Digital Academy "Kubernetes CNCF" series. This is Module 7 - Open Policy Agent.

OPA is a lightweight general-purpose policy engine that can be co-located with your service. You can integrate OPA as a sidecar, host-level daemon, or library.

Services offload policy decisions to OPA by executing queries. OPA evaluates policies and data to produce query results (which are sent back to the client). Policies are written in a high-level declarative language and can be loaded into OPA via the filesystem or well-defined APIs.

For more information, see the Open Policy Agent documentation.

Developer(s): William Hearn and Zachary Seguin

Module 7 - Leveraging Open Policy Agent

Constraint Template

Show the constraint template:

cat ./resources/constraint-template.yaml

Create the create constraint template object:

kubectl create -f ./resources/constraint-template.yaml

Show the constraint:

cat ./resources/constraint.yaml

Create the constraint policy:

kubectl create -f ./resources/constraint.yaml

Reject a request:

kubectl create namespace test -o yaml

Show a compliant namespace:

cat ./resources/namespace-with-labels.yaml

Create a compliant namespace:

kubectl create -f ./resources/namespace-with-labels.yaml

This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]