On this episode of The New Stack Makers podcast, TNS founder Alex Williams sits down with Chris Aniszczyk, chief operating officer of the Cloud Native Computing Foundation (CNCF), and Torin Sandall, a Software Engineer at access software provider Styra, to discuss how the Open Policy Agent (OPA) is a secure, simple, and compliant way to manage services.
“From a CNCF perspective, policy was a missing piece within our cloud-native landscape,” Aniszczyk explained, discussing why the Foundation on-boarded OPA.
Policy’s continued evolution within microservices is a point of note, with developers having to think about how they monitor and architect policies themselves. Sandall explained that OPA gives you an engine to enforce policies across environments, which is beneficial to service administrators, platform engineering teams, and those running large authorization platforms such as Netflix’s security team.
“When it comes to enterprises, they need to be able to control who can do what, we designed OPA from the beginning to be this reusable library that policy enables other things, and it compliments these other projects really nicely,” Sandall said.
Styra has a SaaS offering that helps those working in the public cloud, allowing them to control who can do what at a very fine level. When thinking about permissions and security within environments, one must think about the semantics of policies so they can serve not only developers that can change policies, versus those who do not have those permissions.
“There’s different people that are involved in creating policy. There’s people that do it so often they just need a point-and-click UI. Then there’s people that want to be able to control at a fine grain, for that you need a language that lets you do fine grain operations against Kubernetes objects that lets you know what’s able to happen and what’s not, and we enable both.”
In this Edition:
1:14: What is OPA?
3:12: How is policy affecting the overall projects you’re seeing emerge?
7:15: How is policy evolving with microservices, the use of container technologies, and the new thinking surrounding monitoring?
10:20: Exploring Styra
14:15: The OPA language and its semantics in regards to data logging and policy
17:59: What were the challenges of building a lightweight policy?
The Cloud Native Computing Foundation sponsored this podcast.