Move rego utilities to some kind of "stackable library of rules"

stackabletech / opa-operator

A kubernetes operator for the Open Policy Agent

Other

15 stars 3 forks source link

Move rego utilities to some kind of "stackable library of rules" #494

Open NickLarsenNZ opened 10 months ago

NickLarsenNZ commented 10 months ago

This should ideally be moved to some kind of "stackable library of rules", but we don't currently have a good way to deploy and manage that.

_Originally posted by @nightkr in https://github.com/stackabletech/opa-operator/pull/433#discussion_r1371502535_

NickLarsenNZ commented 10 months ago

@nightkr @soenkeliebau, I had a thought about the possibility of storing OPA packages in an OCI registry.

I haven't looked into it deeply, but I do see search results for "opa package oci", like: https://oras.land/blog/gatekeeper-policies-as-oci-image/

fhennig commented 10 months ago

Hmm, what would be the simplest way to do this? Rego rules are just deployed as ConfigMaps. What are the "management" features we need? We could just put the files somewhere and then you can kubectl apply them from there? :shrug: