How does it help with network isolation?

It provides templates for 'Default Deny' policies and specific rules to allow only necessary traffic between frontend, backend, and system services like DNS.

Does it support policy-as-code tools like OPA Gatekeeper?

Yes, it includes ConstraintTemplates and Constraints for OPA Gatekeeper to enforce custom logic, such as requiring specific labels on all deployments.

Is service mesh security included?

The skill provides Istio-specific configurations for PeerAuthentication (mTLS) and AuthorizationPolicies to secure inter-service communication.

What Kubernetes security standards are supported?

This skill supports the official Kubernetes Pod Security Standards, including Privileged, Baseline, and Restricted profiles applied at the namespace level.

Can this skill help with RBAC troubleshooting?

Yes, it includes troubleshooting commands and patterns for checking effective permissions (auth can-i) for users and service accounts.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: drgaciw

bydrgaciw

Seguridad y Pruebas

Hardens Kubernetes clusters by implementing production-grade NetworkPolicies, RBAC configurations, and Pod Security Standards.

Acerca de

This skill provides a comprehensive framework for securing Kubernetes environments using defense-in-depth strategies. It enables developers and DevOps engineers to configure fine-grained network segmentation with NetworkPolicies, enforce the principle of least privilege through robust RBAC definitions, and apply Pod Security Standards (PSS) at the namespace level. Beyond standard resources, it also covers advanced security measures like OPA Gatekeeper constraints for admission control and Istio service mesh authentication, ensuring your clusters align with industry compliance benchmarks such as CIS and NIST.

Características Principales

OPA Gatekeeper ConstraintTemplates for custom admission policy enforcement
Robust RBAC configuration patterns for least-privilege access control
0 GitHub stars
Service mesh security via Istio mTLS and AuthorizationPolicies
Template-based generation of default-deny and app-specific NetworkPolicies
Implementation of Pod Security Standards (Baseline and Restricted profiles)

Casos de Uso

Automating the creation of secure-by-default manifests for new microservices
Securing multi-tenant Kubernetes clusters through strict namespace isolation
Hardening production workloads to meet SOC2, HIPAA, or CIS compliance requirements

Acerca de

Características Principales

OPA Gatekeeper ConstraintTemplates for custom admission policy enforcement
Robust RBAC configuration patterns for least-privilege access control
0 GitHub stars
Service mesh security via Istio mTLS and AuthorizationPolicies
Template-based generation of default-deny and app-specific NetworkPolicies
Implementation of Pod Security Standards (Baseline and Restricted profiles)

Casos de Uso

Automating the creation of secure-by-default manifests for new microservices
Securing multi-tenant Kubernetes clusters through strict namespace isolation
Hardening production workloads to meet SOC2, HIPAA, or CIS compliance requirements