How does this skill help with RBAC?

It provides templates and implementation logic for creating ServiceAccounts, Roles, and RoleBindings that follow the principle of least privilege.

Can it generate Network Policies?

Yes, it includes patterns for both ingress and egress control to effectively isolate workloads and restrict traffic within your cluster.

Is it compatible with Kubernetes Pod Security Standards?

Absolutely, it includes configurations for enforcing 'Restricted' profiles at the namespace level to comply with modern K8s security requirements.

Does it support external secret management?

Yes, it provides guidance for integrating with tools like External Secrets Operator and HashiCorp Vault to avoid hardcoding sensitive data.

Does it help prevent resource exhaustion?

Yes, it implements ResourceQuotas and LimitRanges to ensure that individual containers cannot destabilize the entire cluster.

Kubernetes Security Best Practices

Name: Kubernetes Security Best Practices
Author: TheBushidoCollective

byTheBushidoCollective

•

デプロイメントとDevOps

Implements hardened Kubernetes configurations using RBAC, network policies, and pod security standards.

概要

The Kubernetes Security skill provides Claude with deep expertise in hardening containerized environments and cluster infrastructure. It enables the generation of production-ready YAML manifests that adhere to the principle of least privilege, covering essential areas such as Role-Based Access Control (RBAC), Network Policies for workload isolation, and advanced Pod Security Contexts. By using this skill, developers can automatically apply security best practices including non-root execution, read-only filesystems, and resource quotas to prevent privilege escalation and ensure cluster stability.

主な機能

Hardened Pod Security Context configurations
Least-privilege NetworkPolicy implementation
Granular RBAC Role and ServiceAccount templates
Container image security and resource limit enforcement
39 GitHub stars
Secure Secrets management and external integration

ユースケース

Auditing and updating existing K8s manifests for security compliance
Establishing multi-tenant isolation using NetworkPolicies and ResourceQuotas
Hardening production workloads against common container vulnerabilities

概要

主な機能

Hardened Pod Security Context configurations
Least-privilege NetworkPolicy implementation
Granular RBAC Role and ServiceAccount templates
Container image security and resource limit enforcement
39 GitHub stars
Secure Secrets management and external integration

ユースケース

Auditing and updating existing K8s manifests for security compliance
Establishing multi-tenant isolation using NetworkPolicies and ResourceQuotas
Hardening production workloads against common container vulnerabilities