Spotlight

Enforcing policies and governance for Kubernetes workloads using GateKeeper

Laxman Patel

This article explains how to use Gatekeeper to enforce in-cluster admission policies, such as rejecting :latest images, mandating labels, and disallowing privileged workloads.

More articles →

Tools and utilities

  • Kogaro – Kubernetes Configuration Hygiene Agent

    Kogaro continuously validates Kubernetes config with 60+ checks across reference, resource, security, image, and network domains, catching silent failures before they impact production.

  • Netfence: eBPF Network Filter Daemon

    Netfence runs as a daemon, injecting eBPF filter programs into cgroups and network interfaces, with a built-in DNS server that resolves allowed domains and populates IP allowlists, and connecting to a central control plane to synchronize network rules.

  • Hortator

    Hortator lets AI agents spawn sub-agents at runtime, with each agent running in its own pod with budget caps, network policies, PII redaction, and capability inheritance so children can never escalate beyond their parent's permissions.

  • Sealed Secrets Web

    Sealed Secrets Web is a tool that provides a web interface for managing and encrypting sensitive data in Kubernetes using the Sealed Secrets service by Bitnami.

  • ESP Kubernetes Reference Implementation

    ESP Kubernetes Reference Implementation runs compliance scanning in Kubernetes using ESP policies with pull-based agents that execute NIST, CIS, and STIG controls and produce CUI-free attestations forwarded to SIEM or cloud functions.

More projects →

Events starting soon

Discover more events onn Kube Events →

Subscribe to Learn Kubernetes Weekly

Trusted by 77K engineers. Delivered 150 issues and counting.

or subscribe via

Learn from production

More case studies →

Matching jobs

    • DevOps Engineer with Miratech

    • Salary: $81K to $297K a year

    • Location: remote from

    • Tech stack: Kubernetes, AWS, ArgoCD, Flux, Docker, Python, Cloudformation, Terraform, GitHub Actions, Jenkins

    • Engineering Manager with FIRY

    • Salary: $259K a year

    • Location: based in the office (and remote from home) in San Francisco, CA, USA

    • Tech stack: Kubernetes, AWS, Docker, Go, Java, Javascript, Python, Ruby

    • Head of Site Reliability Engineering with FIRY

    • Salary: $58.5K to $3.29L a year

    • Location: based in the office (and remote from home) in Bengaluru, IN

    • Tech stack: Kubernetes, AWS, ArgoCD, Go, Java, Python, GitHub Actions, Datadog, Prometheus, Jaeger

    • Head of Site Reliability Engineering with Kontakt.io

    • Salary: $196.2K to $357.5K a year

    • Location: based in the office in New York, NY, USA

    • Tech stack: Kubernetes, AWS, Docker, Terraform, Datadog, Grafana, Prometheus

    • Platform Engineer with Inversion

    • Salary: $139K to $201K a year

    • Location: based in the office in Playa Vista, CA, USA

    • Tech stack: Kubernetes, AWS, GCP, Docker, Python, Shell, Terraform, GitHub Actions, Jenkins, Grafana

Discover more Kubernetes jobs on Kube Careers →

Thanks to our sponsors who make Kube Today possible

Find out more about being a sponsor →

Build something

More tutorials →

More articles

Even more articles →