Does this skill help with CIS compliance?

Yes, the patterns provided follow CIS Kubernetes Benchmark recommendations, including RBAC best practices and secrets management hardening.

Is Istio service mesh supported?

Yes, the skill includes templates for Istio PeerAuthentication and AuthorizationPolicies to enable mTLS and fine-grained service-to-service security.

Can I use this for network isolation?

Yes, the skill includes 'Default Deny' policies and specific allow-rules to ensure only authorized traffic flows between your applications.

What are Pod Security Standards (PSS)?

PSS are the built-in Kubernetes admission controller policies that replace PodSecurityPolicies. This skill provides configurations for Baseline and Restricted levels to harden your namespaces.

How do I troubleshoot policy issues?

The skill provides diagnostic commands to check CNI support for NetworkPolicies and 'kubectl auth can-i' commands to debug RBAC permission issues.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: anton-abyzov

byanton-abyzov

•

Seguridad y Pruebas

Implements comprehensive defense-in-depth security for Kubernetes clusters using industry-standard policies and access controls.

This skill provides a complete framework for securing Kubernetes environments by automating the creation of NetworkPolicies, RBAC configurations, and Pod Security Standards. It enables developers and SREs to enforce least-privilege access, isolate network traffic, and maintain compliance with frameworks like CIS Benchmarks. Whether you are setting up a multi-tenant cluster or hardening a production environment, this skill provides the patterns and manifests needed to ensure containers run as non-root, network boundaries are enforced, and administrative access is strictly controlled.

Características Principales

01Pre-configured Pod Security Standards (Baseline, Restricted, Privileged)

02Automated NetworkPolicy generation for microservices isolation

03Least-privilege RBAC role and binding templates

04OPA Gatekeeper constraint templates for admission control

0513 GitHub stars

06Hardened Pod Security Contexts for container runtime security

Casos de Uso

01Hardening production Kubernetes clusters to meet compliance requirements

02Implementing zero-trust networking between frontend and backend services

03Securing multi-tenant environments through namespace-level RBAC and isolation

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add anton-abyzov/specweave k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill