Skip to content

Open Policy Agent — Trivia & Interesting Facts

Surprising, historical, and little-known facts about OPA and the policy-as-code movement.

OPA was created at Styra and open-sourced in 2016

OPA was built at Styra — a company founded specifically to commercialize policy-as-code for cloud-native infrastructure. Styra open-sourced OPA in late 2016 and later joined the Cloud Native Computing Foundation. The commercial product (Styra DAS) offers a managed control plane on top of the open-source engine.

OPA graduated from the CNCF in 2021

OPA became a CNCF graduated project in February 2021, joining the ranks of Kubernetes, Prometheus, and Envoy. Graduation signals production-readiness, a healthy contributor community, and formal governance. OPA was the first policy engine to graduate from the CNCF.

"Rego" is not an acronym — and the name has an unusual origin

Rego (pronounced "ray-go") is not an acronym for anything. The name was inspired by the word "regulation" and was chosen to evoke the idea of rules governing behavior. Confusingly, it shares a name with the Brazilian city and is occasionally mispronounced "ree-go" by newcomers.

Gatekeeper v1 was a completely different project

The original "Gatekeeper" was an independent admission controller project predating the current Gatekeeper. Gatekeeper v2 was a prototype that used OPA directly. Gatekeeper v3 (the current project, under open-policy-agent/gatekeeper) was a complete rewrite using Kubernetes CRDs (ConstraintTemplate and Constraint) to provide a native Kubernetes experience. The v1/v2 lineage is essentially abandoned.

Conftest originated at the Financial Times

Conftest was created by engineers at the Financial Times in 2019 as a way to test configuration files using Rego without standing up an OPA server. It became a standalone project under the open-policy-agent GitHub organization and is now widely used for CI-time validation of Kubernetes manifests, Terraform plans, and Dockerfiles.

Netflix and Goldman Sachs are among OPA's early high-profile adopters

Netflix uses OPA for API authorization across microservices and contributed significant operational learnings back to the project. Goldman Sachs uses OPA for Kubernetes admission control across large internal clusters. Both organizations presented at KubeCon describing OPA deployments at a scale that validated the engine's performance characteristics.

The policy-as-code movement predates OPA — but OPA unified it

Before OPA, teams enforced policy in ad-hoc ways: custom admission webhooks written in Go, lambda functions running Rego-like logic, JSON Schema validators, and shell scripts in CI. OPA provided a single, language-agnostic evaluation engine with a standardized query interface, kickstarting the broader "policy-as-code" category and spawning adjacent tools like Conftest, Gator, and cloud-provider policy engines.

OPA can compile Rego to WebAssembly for edge deployments

OPA includes a Rego-to-WASM compiler (opa build -t wasm). The compiled WASM module can be embedded in any environment with a WASM runtime — including browsers, edge workers (Cloudflare Workers, Fastly Compute), and Go/Rust/Java applications — without running a full OPA server. This enables policy evaluation at the absolute edge of the network with sub-millisecond latency.

AWS Cedar is a direct OPA competitor with a different design philosophy

AWS released Cedar in 2023 as an open-source policy language and engine. Where Rego is Turing-complete and extremely flexible, Cedar is deliberately constrained: every Cedar policy is guaranteed to terminate in bounded time, and Cedar formally verifies certain safety properties at policy-write time. The tradeoff is expressiveness for provability. OPA is more widely adopted; Cedar is gaining traction in AWS-centric environments.

The OPA Playground lets you test Rego policies in a browser with zero setup

The official OPA Playground at play.openpolicyagent.org provides a full OPA evaluation environment in the browser: write policy, provide input and data, run queries, and inspect results. It supports all OPA features including import, partial rules, and comprehensions. New contributors to policy-as-code projects almost universally start here before installing OPA locally.