What security standards does this skill support?

It implements the official Kubernetes Pod Security Standards (Privileged, Baseline, and Restricted) and aligns with CIS Kubernetes Benchmark recommendations.

How do I troubleshoot NetworkPolicies with this skill?

The skill provides specific kubectl commands to verify CNI support and audit effective permissions for service accounts.

Can it help with network isolation?

Yes, it includes specific templates for default-deny-all policies, DNS egress rules, and specific ingress rules for frontend-to-backend communication.

How does it handle Kubernetes access control?

The skill provides patterns for Role-Based Access Control (RBAC), including Roles, ClusterRoles, and RoleBindings designed for least-privilege access.

Does it support third-party security tools?

Yes, it includes configuration examples for OPA Gatekeeper ConstraintTemplates and Istio service mesh PeerAuthentication/mTLS.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

デプロイメントとDevOps

Implements production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC to harden cluster environments.

概要

This skill provides a comprehensive framework for securing Kubernetes clusters through multi-layered defense strategies. It offers ready-to-use templates and best practices for configuring network isolation, enforcing Pod Security Standards (Privileged, Baseline, Restricted), and managing fine-grained access control with RBAC. Whether you are implementing admission control with OPA Gatekeeper, configuring Istio mTLS, or hardening pod security contexts for compliance, this skill ensures your infrastructure meets industry security benchmarks like CIS and NIST while preventing unauthorized lateral movement and privilege escalation.

主な機能

Advanced policy enforcement examples for OPA Gatekeeper and Istio Service Mesh
0 GitHub stars
Pod Security Context enforcement including non-root execution and read-only filesystems
Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)
NetworkPolicy templates for granular ingress/egress control and default-deny rules
Comprehensive RBAC patterns for namespace-scoped and cluster-wide least-privilege access

ユースケース

Hardening production Kubernetes clusters to meet SOC2 or CIS compliance requirements
Implementing network segmentation to isolate microservices and sensitive data
Configuring secure multi-tenant isolation using namespaces and restricted service accounts

概要

主な機能

Advanced policy enforcement examples for OPA Gatekeeper and Istio Service Mesh
0 GitHub stars
Pod Security Context enforcement including non-root execution and read-only filesystems
Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)
NetworkPolicy templates for granular ingress/egress control and default-deny rules
Comprehensive RBAC patterns for namespace-scoped and cluster-wide least-privilege access

ユースケース

Hardening production Kubernetes clusters to meet SOC2 or CIS compliance requirements
Implementing network segmentation to isolate microservices and sensitive data
Configuring secure multi-tenant isolation using namespaces and restricted service accounts