Policy as Code in Practice: Crafting Real Cluster Guardrails with Kyverno & Gatekeeper

Kubernetes has matured into the control plane of the modern cloud - but for most organizations, the real operational danger isn’t cluster downtime, it’s silent misconfigurations making their way into production. With PodSecurityPolicy now retired, teams are left balancing autonomy and safety across fast-moving engineering groups, distributed clusters, and increasingly strict compliance models.

This workshop dives into the heart of that challenge through two major open-source policy engines: Kyverno and OPA Gatekeeper. Across 90 minutes of guided, hands-on work, attendees learn how to design, test, and operationalize policy as code that actually scales - technically and culturally.

Instead of a feature comparison, we explore how both engines behave under real-world pressure: multi-team GitOps workflows, high-velocity CI/CD pipelines, developer onboarding, incident debugging, and those “why did this pass validation?” moments every platform engineer knows too well.

Participants will build and break policies, investigate misconfigurations, and apply production-tested patterns to create policies that are secure, maintainable, and developer-friendly. All exercises are based on practical lessons learned from complex cloud-native environments, without products, vendors, or commercial stacks.

What attendees will take away:
- A practical mental model of how Kyverno and Gatekeeper differ in policy design, evaluation models, mutating capabilities, and operational complexity
- Hands-on experience writing and testing policies that protect clusters from common failure modes: privilege escalation, unsafe defaults, weak security posture, and inconsistent configuration
- Strategies to make policy engines work with developers - enabling fast delivery without overwhelming them with friction or opaque rejections
- Opinionated but field-tested guidance for integrating policy engines into platform engineering, GitOps, and multi-cluster governance
- A curated starter suite of open-source policy patterns that attendees can bring directly into their Kubernetes environments

By the end, participants will understand not just how Kyverno and Gatekeeper work - but how to build a sustainable policy culture where safety is automated, invisible, and trusted.

Kyverno vs. OPA Gatekeeper: My Policies, My Rules

Kubernetes is a modern marvel of orchestration - but without proper guardrails, it’s less a precision vessel and more a floating buffet for misconfigurations. With PodSecurityPolicy now consigned to the underworld (v1.25, may it rest), we’re left asking a critical question: who guards the gates of our clusters?

Enter Kyverno and OPA Gatekeeper - two policy engines, both alike in dignity, in fair Kubernetes where we lay our scene. Like Cerberus and Janus, they stand watch at the threshold: one barking at bad configs before they enter, the other scanning policy past and future in a bid for balance and order.

In this 30-minute odyssey, we’ll go beyond feature checklists to share hard-earned lessons from the chaotic beauty of production. You’ll see how these tools hold up under real-world pressure - where they shine, where they stumble, and how to make them work with your developers instead of against them. Think less red tape, more invisible shield.

If you’ve ever stared down a YAML file and thought, “Is this safe?” - This talk is your map, your Minotaur, and your exit strategy. Bring your curiosity, leave with clarity - and maybe even a few extra hours of sleep, knowing your cluster isn't standing wide open.

Beyond Dashboards: Observability in Practice

Ever wondered what really happens when you try to build an observability stack from the ground up? It’s not just dashboards and unicorns! Join Claudiu Sonel, Senior DevOps Consultant at Endava, as he shares the good, the bad, and the “why is this metric even here?” moments from his recent journey into observability on hardware devices. Get ready for real-world stories, practical lessons, and a candid look at the challenges and surprises from the front lines of infrastructure and operations.

BIG DATA WEEK BUCHAREST 2025

EKS Load Balancing in Action: ALB, NLB, and Gateway API

Load balancing in Amazon EKS has evolved far beyond the classic “one Ingress, one ALB” model. Today, platform and cloud engineers must navigate multiple options - AWS Application Load Balancer (ALB), Network Load Balancer (NLB), and the emerging Kubernetes Gateway API - each offering distinct capabilities, involving different trade-offs, and carrying unique operational implications.

In this hands-on workshop, we guide participants through the practical realities of traffic management on Amazon EKS. Starting from real-world use cases, we compare ALB and NLB at both the Kubernetes and AWS infrastructure layers, using the AWS Load Balancer Controller as the foundation for provisioning and managing AWS load balancers from Kubernetes. We then move beyond traditional Ingress by introducing the Gateway API and its implementation on EKS, including the AWS Gateway API Controller for Amazon VPC Lattice.

Rather than focusing on theory or product promotion, we work directly with manifests, controllers, and AWS integrations to help attendees understand when to use each approach, why certain designs scale or fail in production, and how Gateway API changes the way teams model networking and ownership in Kubernetes - especially as the ecosystem moves away from legacy Ingress patterns.

Participants leave with a clear mental model of EKS load balancing options, practical deployment experience, and concrete patterns they can apply immediately in their own AWS environments.

Delivered by Elif Samedin and Claudiu Sonel

AWS Community Day Romania 2026

Amazon EKS Autoscaling

Efficient resource management is vital for businesses scaling their applications in Amazon EKS. This makes autoscaling a crucial aspect of managing workloads in Amazon Elastic Kubernetes Service (EKS), ensuring optimal resource utilization and performance while keeping costs under control.

In this hands-on workshop, you'll dive into the world of autoscaling in Amazon Elastic Kubernetes Service (EKS) using a variety of powerful tools and techniques. We'll start by exploring the fundamentals of autoscaling in Kubernetes and how it integrates with Amazon EKS. You'll learn how to use Cluster Autoscaler and Horizontal Pod Autoscaler to dynamically scale your clusters and workloads based on demand.

We'll then introduce Karpenter, an open-source, high-performance Kubernetes cluster autoscaler that simplifies the scaling process with advanced features like node provisioning and efficient resource utilization. A key part of the session will include a detailed comparison between Cluster Autoscaler (CA) and Karpenter, focusing on their differences, use cases, and benefits, helping you choose the best autoscaling tool for your environment.

Additionally, you’ll gain hands-on experience with practical tools such as Terraform for automating infrastructure setup and kubectl commands to manage Kubernetes resources efficiently. By the end of this workshop, you'll be equipped with the knowledge and skills to implement autoscaling strategies in your EKS environment, optimizing both performance and cost.

What You'll Learn:
- Setting up and configuring Cluster Autoscaler and Horizontal Pod Autoscaler in Amazon EKS.
- Introduction to Karpenter and how it compares to Cluster Autoscaler.
- Automating infrastructure provisioning with Terraform.
- Managing autoscaling with kubectl commands for EKS.
- Best practices for autoscaling Kubernetes workloads in production environments.

Prerequisites:
- Basic familiarity with Kubernetes concepts and Amazon EKS.
- Experience with command-line tools like kubectl and Terraform is helpful but not required.

This workshop is ideal for DevOps engineers, Kubernetes enthusiasts, and anyone looking to optimize resource management in Amazon EKS through autoscaling. Whether you're looking to fine-tune your existing autoscaling setup or explore new ways to optimize resource usage in Amazon EKS, this workshop will equip you with the tools and knowledge to scale your infrastructure effectively.