Can I use this for multi-tenant clusters?

Yes, the skill includes patterns for namespace isolation, default-deny network policies, and restricted RBAC specifically designed for multi-tenant environments.

Does it replace PodSecurityPolicy?

Since PodSecurityPolicy is deprecated, this skill focuses on the modern Kubernetes replacement: Pod Security Standards (Privileged, Baseline, and Restricted) applied via namespace labels.

Does it support service mesh security?

Yes, it includes configurations for Istio PeerAuthentication (mTLS) and AuthorizationPolicies to secure service-to-service communication.

How does this skill help with Kubernetes compliance?

It provides templates and patterns aligned with the CIS Kubernetes Benchmark and NIST frameworks, covering node authentication, audit logging, and secrets encryption.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: Microck

byMicrock

•

セキュリティとテスト

Implements production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC to secure clusters and enforce compliance.

概要

This skill provides a comprehensive toolkit for securing Kubernetes environments through defense-in-depth strategies. It enables Claude to generate and audit security-focused manifests, including namespace-level Pod Security Standards (Privileged, Baseline, Restricted), granular NetworkPolicies for traffic isolation, and least-privilege RBAC configurations. Additionally, it supports advanced security patterns like OPA Gatekeeper constraints and Istio service mesh authentication, ensuring clusters remain compliant with industry frameworks such as the CIS Benchmarks and NIST standards.

主な機能

Automated generation of NetworkPolicies for fine-grained ingress and egress control
Least-privilege RBAC role and binding configuration for users and service accounts
81 GitHub stars
Hardened container security context configurations including non-root and read-only filesystems
Implementation of Kubernetes Pod Security Standards (PSS) at the namespace level
OPA Gatekeeper and Kyverno policy enforcement templates for admission control

ユースケース

Configuring multi-tenant environments with strict access controls and resource isolation
Hardening production clusters to meet CIS Kubernetes Benchmark and regulatory compliance
Isolating microservices within a shared cluster to prevent lateral movement and unauthorized access

概要

主な機能

Automated generation of NetworkPolicies for fine-grained ingress and egress control
Least-privilege RBAC role and binding configuration for users and service accounts
81 GitHub stars
Hardened container security context configurations including non-root and read-only filesystems
Implementation of Kubernetes Pod Security Standards (PSS) at the namespace level
OPA Gatekeeper and Kyverno policy enforcement templates for admission control

ユースケース

Configuring multi-tenant environments with strict access controls and resource isolation
Hardening production clusters to meet CIS Kubernetes Benchmark and regulatory compliance
Isolating microservices within a shared cluster to prevent lateral movement and unauthorized access