Kubernetes is a modern marvel of orchestration - but without proper guardrails, it’s less a precision vessel and more a floating buffet for misconfigurations. With PodSecurityPolicy now consigned to the underworld (v1.25, may it rest), we’re left asking a critical question: who guards the gates of our clusters?

Enter Kyverno and OPA Gatekeeper - two policy engines, both alike in dignity, in fair Kubernetes where we lay our scene. Like Cerberus and Janus, they stand watch at the threshold: one barking at bad configs before they enter, the other scanning policy past and future in a bid for balance and order.

In this 30-minute odyssey, we’ll go beyond feature checklists to share hard-earned lessons from the chaotic beauty of production. You’ll see how these tools hold up under real-world pressure - where they shine, where they stumble, and how to make them work with your developers instead of against them. Think less red tape, more invisible shield.

If you’ve ever stared down a YAML file and thought, “Is this safe?” - This talk is your map, your Minotaur, and your exit strategy. Bring your curiosity, leave with clarity - and maybe even a few extra hours of sleep, knowing your cluster isn't standing wide open.