Kubernetes Authorization

Kubernetes Authorization is a pluggable mechanism that lets administrators control which users can run which APIs and is often handled by builtin RBAC. OPA’s policy language is more flexible than the RBAC, for example, writing policy using a prohibited list of APIs instead of the usual RBAC style of listing the permitted APIs.

• https://github.com/open-policy-agent/contrib/tree/main/k8s_authorization

• https://blog.styra.com/blog/kubernetes-authorization-webhook
• https://itnext.io/kubernetes-authorization-via-open-policy-agent-a9455d9d5ceb
• https://itnext.io/optimizing-open-policy-agent-based-kubernetes-authorization-via-go-execution-tracer-7b439bb5dc5b

• Styra in the OPA Ecosystem
  • styra.com