Unified policy for north-south & east-west traffic with Kyverno & Gateway API

The Kubernetes Gateway API is rapidly becoming the standard for traffic management, but its power and flexibility introduce new risks. A simple misconfiguration in an HTTPRoute could expose an internal service to the internet, while inconsistent Gateway configurations can lead to security vulnerabilities. This session explores how platform and application teams can use this new standard without compromising security and best practices.

The session introduces Kyverno as a policy engine for the Gateway API ecosystem. It demonstrates how to write Kubernetes-native policies to validate, mutate, and generate Gateway API resources. Attendees learn how to enforce critical guardrails, such as mandating corporate TLS certificates on all Gateways, preventing developers from using risky wildcard hostnames, and ensuring all routes have a default timeout policy.

The session also looks ahead at how these same principles apply to service mesh with the GAMMA initiative, providing a unified policy approach for both north-south and east-west traffic.