Securing our clusters with gatekeeper and OPA

Cloud Native DC

Nov 4, 2021, 8:40 – 9:15 PM

Virtual event

About this event

NOTE: This talk is part of Kubernetes Community Days DC

Please register for KDC DC here!

Michael Irwin, Application Architect @ Virginia Tech

While Kubernetes has a rich feature-set with RBAC and namespaces, it still falls short in making a multi-tenant solution possible out-of-the-box. How do you protect teams from each other without simply taking all of the control from them? For example, how do you prevent a team from defining an Ingress object that takes the traffic from another? Or how do you prevent teams from creating additional LoadBalancer services? Fortunately, Gatekeeper has come to the rescue! In this talk, we'll talk about admissions controllers and how Gatekeeper can solve these problems. We'll go over the Rego language (which takes some time to wrap your head around) and provide several examples of how Virginia Tech is using Gatekeeper to support multi-tenancy. While policy enforcement sounds scary, it certainly doesn't have to be!


  • Faheem Memon

    Freewheel / Comcast

    Principal Engineer

  • Matthew Cascio

    American Red Cross

    Governance & Strategy | CNCF Ambassador