Just Enough

OPA Commercial Version

In addition to the open source variant of OPA, Styra offers a commercial product named Styra Declarative Authorization Service (Styra DAS), which is a control plane for OPA that lets you manage all your policies centrally. The product offers genuine added value because it comes with a large number of predefined rulesets. For example, in the more than 100 policies for admission controllers are the well-known payment card industry (PCI), MITRE, and Center for Internet Security (CIS) policy packs, with additional support for single sign-on and integration with Git.

Two DAS versions include DAS Free – limited to 100 rules, a maximum of four systems, or 10 Kubernetes nodes – and DAS Enterprise, which supports unlimited rules, systems, and nodes and two more policy packs, including Terraform. In addition to the aforementioned security benchmarks, the product enables centralized policy monitoring and evaluates compliance with policies, and you have the option to manage all the logic for authorizations from a central location and apply this to microservices.

Conclusions

OPA has long established itself as a major player in the Kubernetes environment. The flexibility of its Rego programming language expands the field of application to encompass the cloud-native environment. It has what it takes to become a standard product in security matters upon which major corporations – such as Google, Red Hat, Microsoft, and VMware – rely in their own products.