Open Policy Agent (OPA)
February 22, 2026
What it is
Open Policy Agent (OPA) evaluates policies written in Rego. Use for API authorization, Kubernetes admission control, and config validation.
Usage
K8s admission (validating/mutating); API authz; Terraform/IaC policy; CI policy checks.
Pros and cons
| Pros | Cons |
|---|---|
| One language (Rego) for many use cases | Rego learning curve |
| Decoupled from apps | |
| CNCF graduated | |
| Integrations (K8s, Envoy, Terraform) |
Alternatives
Kyverno (K8s-native), custom admission. Why OPA: Need one policy engine across K8s, APIs, and IaC.
Links
- Homepage: https://www.openpolicyagent.org/
- Documentation: https://www.openpolicyagent.org/docs/
- Source: https://github.com/open-policy-agent/opa