keyofG
zerokWrote a little something about #rego, #OpenPolicyAgent's policy language and how I use it for some configuration problems: https://zerokspot.com/weblog/2026/02/21/complex-applogic-config-with-rego/ #blogged
robrichhttps://docs.docker.com/build/policies - #Docker build policies written in #Rego validate #container build conditions and fail if not met. Just put a Dockerfile.rego next to the Dockerfile (or {filename}.rego to match Dockerfile location) and it'll pick it up. No build flags necessary.
Anders EknertFound while moving! Styra used to make a unique t-shirt for every #Kubecon back in the days. This was the first one made in the pandemic. Rudolph should have worn a mask though!
Torstein Krause JohansenMy discoveries in 2025: https://skybert.net/various/my-discoveries-in-2025/
Sean HoodI love spacelift.io for a number of reasons, namely it saves you from running #Terraform or #OpenTofu in whatever "CI" tool your company uses this week (been there, hated it) and doesn't cost an arm, leg and kidney that Terraform Cloud charge you (loved TFC until that switcharoo).
Anyway, I've been wrapping up a thing I've been working on. Many SaaS tools allow you to send #webhooks, but rarely give you control over if, where and what is sent. Now #Spacelift let you control all of this using a Policy based on #OpenPolicyAgent.
SL provide an event, you develop your policy in the #Rego language, not only can you use that policy to decide: Is this an event I want to send a webhook for? But more than that, you can use the policy language to craft the exact payload. Since you may not get a choice of what that looks like on the other end.
Docs: https://docs.spacelift.io/concepts/policy/notification-policy
Now that's just for notifications etc. You can control almost anything within the tool: Logins, Plans, Triggers, Pushes and more.
Open Policy Agent (OPA)Using or trialling OPA? We want to hear from you in our 2025 Community Survey.
https://www.surveymonkey.com/r/SCBSDZN
Whether you're new to OPA or have been on the Rego train for years, hearing about how you use OPA projects will help us share OPA for the months and years to come.
We're going to be at KubeCon tomorrow in the project pavilion. Come and say hi!
HabrПолитики над конфигами (OPA/Rego) в GitOps-пайплайне
Привет, Хабр! Представим, что вы отвечаете за десятки конфигурационных файлов Kubernetes (или Terraform, Ansible, не суть важно) в репозитории, и каждый pull request может потенциально привести к тому, что в кластер уйдёт что-то не то. Наш любимый коллега случайно поставил контейнер с privileged -правами, другой задеплоил образ из публичного репозитория Docker Hub, а третий вовсе забыл про лимиты памяти и CPU. Без автоматического контроля такие промахи легко попадут в продакшн. Ошибки в настройках сегодня одна из главных причин инцидентов безопасности в облачных средах. Как же нам держать всё под контролем? Внедрить политики как код: формализованные правила, проверяемые автоматически на каждом шаге. В этой статье я расскажу, как применять Open Policy Agent и язык Rego, чтобы навести порядок в GitOps-пайплайне и не допускать лишнего в конфигурациях. Читать про внедрение политик в GitOps
https://habr.com/ru/companies/otus/articles/960368/
#gitops #Open_Policy_Agent #Rego #Policy_as_Code #политики_как_код
Took a walk with Harry today, and we spotted a car evidently owned by a person of culture.
On my way to present on #OPA and #Rego for the #CloudNative #Mauritius community. Sadly not in person ☀️ but virtually from cloudy Stockholm. Still, looking forward to getting to do some live coding!