Explore a comprehensive conference talk on implementing fine-grained user authorization for Kubernetes using Open Policy Agent (OPA) and LDAP. Dive into Yelp's journey of migrating from Mesos to Kubernetes and their innovative approach to overcoming authorization challenges. Learn about the shortcomings of existing Kubernetes authorization mechanisms and discover the design details of Yelp's new OPA-based system. Gain insights into strategies for provisioning authorization rules at scale, achieving zero-downtime migration, and addressing issues encountered along the way. Examine the authorization architecture, including OPA capabilities, user groups, and service metadata. Follow along with practical examples of basic and team-based authorization runs. Understand the rollout strategy, system reliability considerations, and potential future improvements for this advanced authorization solution.