Manage OPA for Kubernetes

Manage OPA for Kubernetes Security

Styra Declarative Authorization Service was purpose-built by the founders of Open Policy Agent to simplify and accelerate OPA for Kubernetes Admission Control.

We've collected all the K8s features—available across all three DAS versions above—into our "Kubernetes Security and Compliance via Admission Control" paper. 

In it you'll see
how Kubernetes lets you extend its API server for custom rules and policies, how Styra DAS integrates with Kubernetes Admission Control for policy enforcement, and even some sample policies that will help to secure and accelerate your Kubernetes development.

Get the Whitepaper

Frequently Asked Questions

Do I have to talk to a salesperson?

Nope!  Styra DAS Free and DAS Pro are both automatically provisioned for you within minutes.  No conversation, no demo.  

Of course, for DAS Enterprise, we'll need to understand the size of your deployment, and whether or not you want to run in the cloud or on-premises before we can get set up.

So what's keeping you?  Dive right in!  (...and know that our team is here if you need us, of course.)

What should I expect when I sign up for Das Free or DAS Pro?

Our goal was to make it as quick and easy as possible to get into Styra DAS, and get Admission Control policy deployed right away.

When you sign up above, just have a minikube ready, because as soon as you login we'll give you a quick tour of Styra DAS and its key capabilities. 

You'll then load up some sample resources onto minikube, and Styra DAS will suggest some policies to put in place.  You'll have full visibility into any current policy violations BEFORE you enforce them, and we'll even walk you running kubectl to create your first policy violation to see OPA+DAS in action.

No calls, no demos, no credit card.  No kidding!

What is OPA and how does it relate to Styra DAS? 
Open Policy Agent (OPA) is the cloud-native computing foundation project Styra founded to provide unified authorization across the cloud-native stack. Styra Declarative Authorization Service (DAS) is the control plane/management plane for OPA. It provides a single pane of glass for policy authoring, distribution, impact analysis, monitoring, and auditing. They're like PB&J—they go great together!
Where does OPA run and how does it communicate with Styra DAS?
Styra DAS is the control plane for OPA. You run OPA wherever you want and then connect it to Styra DAS as its management/control plane.  (For the Free/Pro versions you can only use OPA as a Kubernetes Admission Controller, but for the Enterprise you can run ANY OPA integration.)  For all communication, OPA reaches out to DAS over HTTPS and authenticates with a bearer token.  (We configure all this for you if you follow the installation instructions provided by the DAS).
Where can I learn more about policy authoring with OPA?
Styra DAS has over 100 Kubernetes Admission Control policies built right in, so you can get started in minutes—there's even a quick start to walk you through setting up your first policies if you like. 
 
If you want to dive deeper and understand how to build fully custom policies with Open Policy Agent, then Styra academy is what you're looking for!  We've built out 20 lessons on OPA, and its policy language Rego—directly from Styra, the folks who invented it!
*I want to trial DAS Pro - what should I know?

Because the trial is limited to 30 days, we have a couple of limitations to that trial period.  We want to make sure no one loses policies if they let a trial expire, and we want to mitigate the risk of some goofball trying to game/break the system.  (You know that goofball...  We all know that goofball.)

  - No vanity domains during the trial period.

  - During the trial period, deployment is limited to just 2 clusters, and 100 nodes

  - Only 20 rules can be enforced during the trial period. 

Mainly we want to make sure that when the trial period is over, no one loses data, is surprised by a sudden change when enforcement changes, or has to figure out how to manage wonky domain settings.  

That said, if you need to test more broadly, we are here to help, and can set you up with a full-featured trial as well - just let us know.