From Kubernetes Gatekeeper to Full-Stack Governance with OPA

Pulumi has announced the stabilization of its Open Policy Agent (OPA) support with the release of pulumi-policy-opa v1.1.0, which elevates OPA/Rego to a first-class policy language alongside Pulumi's native TypeScript and Python SDKs. This update allows users to write Rego policies to validate resources managed by Pulumi across various providers such as AWS, Azure, GCP, and Kubernetes, offering full feature parity with the existing SDKs. The release introduces Kubernetes Gatekeeper compatibility, enabling users to directly integrate existing .rego policies from Gatekeeper constraint templates into Pulumi policy packs without modification. These policies can now enforce security and operational standards during the pulumi preview process, catching violations before deployment. Additionally, OPA/Rego policies support various enforcement levels, custom configurations, and metadata annotations, allowing for flexible policy management and continuous compliance monitoring. The integration of OPA policies into Pulumi Insights provides organizations with enhanced visibility and governance across cloud environments, making it possible to run audit policy scans and maintain compliance without requiring redeployments.