mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 21:54:56 +03:00
mukul975
56 lines
1.9 KiB
Markdown
56 lines
1.9 KiB
Markdown
# Workflow Reference: Policy as Code with OPA
|
|
|
|
## Policy Lifecycle
|
|
|
|
```
|
|
Author Rego Policy
|
|
│
|
|
▼
|
|
┌──────────────────┐
|
|
│ Unit Test with │
|
|
│ OPA test │
|
|
└──────┬───────────┘
|
|
│
|
|
▼
|
|
┌──────────────────┐
|
|
│ Integration Test │
|
|
│ with conftest │
|
|
└──────┬───────────┘
|
|
│
|
|
▼
|
|
┌──────────────────┐
|
|
│ Deploy to Cluster│
|
|
│ (warn mode) │
|
|
└──────┬───────────┘
|
|
│
|
|
▼
|
|
┌──────────────────┐
|
|
│ Monitor + Triage │
|
|
│ Violations │
|
|
└──────┬───────────┘
|
|
│
|
|
▼
|
|
┌──────────────────┐
|
|
│ Switch to deny │
|
|
│ mode │
|
|
└──────────────────┘
|
|
```
|
|
|
|
## OPA/Gatekeeper Architecture
|
|
|
|
```
|
|
API Request → Kubernetes API Server → Gatekeeper Webhook
|
|
│
|
|
┌──────┴──────┐
|
|
│ OPA Engine │
|
|
│ (Rego eval) │
|
|
└──────┬──────┘
|
|
│
|
|
┌──────┴──────┐
|
|
│ Constraint │
|
|
│ Templates │
|
|
└──────┬──────┘
|
|
│
|
|
Allow / Deny
|
|
```
|