Can I test policies without blocking production traffic?

Yes, the skill provides workflows for 'audit' and 'warn' modes, allowing you to identify violations in logs or user warnings before switching to 'enforce' mode.

How does this help with PodSecurityPolicy (PSP) migration?

It provides a phased approach to map existing PSP controls to the new PSS levels and implement the required namespace labels and security contexts.

What are the three PSS levels supported?

This skill covers all three Kubernetes security profiles: Privileged (unrestricted), Baseline (prevents known escalations), and Restricted (hardened best practices).

Does this require third-party tools?

No, it focuses on the native Pod Security Admission (PSA) controller built into Kubernetes 1.25 and newer, though it also includes integration tips for scanners like Kubescape.

Kubernetes Pod Security Standards

Name: Kubernetes Pod Security Standards
Author: mukul975

bymukul975

•

4,120

•

セキュリティとテスト

Implements and enforces Kubernetes Pod Security Standards (PSS) using the built-in admission controller to secure containerized workloads.

This skill provides Claude with the specialized knowledge to configure and migrate to Kubernetes Pod Security Standards (PSS), the native replacement for PodSecurityPolicy. It enables the automated generation of namespace labels for enforcement across three levels—Privileged, Baseline, and Restricted—and provides templates for compliant pod specifications. This is essential for security engineers and DevOps professionals aiming to harden cluster security, automate compliance checks, and implement gradual migration strategies using audit and warning modes before full enforcement.

主な機能

01Identifies security violations via dry-run and audit mode testing

02Generates PSS-compliant Kubernetes manifest files

03Configures Pod Security Admission (PSA) namespace labels

04Provides migration paths from deprecated PodSecurityPolicy (PSP)

05Implements security context hardening for restricted environments

064,120 GitHub stars

ユースケース

01Auditing and remediating security misconfigurations in existing container workloads

02Hardening production namespaces by enforcing the Restricted security profile

03Migrating legacy clusters to modern Kubernetes standards (1.25+) while minimizing downtime

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-kubernetes-pod-security-standards

For use in Claude.ai and ChatGPT

主な機能

01Identifies security violations via dry-run and audit mode testing

02Generates PSS-compliant Kubernetes manifest files

03Configures Pod Security Admission (PSA) namespace labels

04Provides migration paths from deprecated PodSecurityPolicy (PSP)

05Implements security context hardening for restricted environments

064,120 GitHub stars

ユースケース

01Auditing and remediating security misconfigurations in existing container workloads

02Hardening production namespaces by enforcing the Restricted security profile

03Migrating legacy clusters to modern Kubernetes standards (1.25+) while minimizing downtime

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills implementing-kubernetes-pod-security-standards

For use in Claude.ai and ChatGPT