What security levels are supported for Pod Security Standards?

The skill supports all three Kubernetes Pod Security Standards: Privileged (unrestricted), Baseline (minimally restrictive for common workloads), and Restricted (highly hardened).

How does it handle service-to-service encryption?

The skill includes Istio-specific PeerAuthentication templates for enforcing mTLS (mutual TLS) and AuthorizationPolicies for granular service access control.

Can this skill help with NetworkPolicy troubleshooting?

Yes, it includes specific troubleshooting commands to check CNI support and verify effective policy application using kubectl.

Does it support third-party security tools like OPA Gatekeeper?

Yes, it provides ConstraintTemplates and Rego logic for OPA Gatekeeper to enforce custom validation rules during admission control.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: Activer007

byActiver007

0•

セキュリティとテスト

Implements production-grade Kubernetes security through NetworkPolicies, Pod Security Standards, and least-privilege RBAC.

This skill provides comprehensive guidance and templates for securing Kubernetes clusters using a defense-in-depth approach. It enables developers to implement critical security layers including granular NetworkPolicies for traffic isolation, standardized Pod Security levels (Privileged, Baseline, and Restricted), and strict Role-Based Access Control (RBAC). Whether you are hardening a production cluster for compliance, configuring multi-tenant isolation, or automating admission control with OPA Gatekeeper, this skill offers the specific patterns and troubleshooting steps needed to maintain a secure cloud-native infrastructure.

主な機能

01Pre-configured Pod Security Standards for namespace-level enforcement

02Least-privilege RBAC templates for users and service accounts

03Service mesh security integration including Istio mTLS and AuthorizationPolicies

04Automated generation of NetworkPolicies for network segmentation

05OPA Gatekeeper ConstraintTemplates for custom admission control

060 GitHub stars

ユースケース

01Implementing network isolation between microservices in multi-tenant environments

02Hardening production Kubernetes clusters to meet CIS or NIST benchmarks

03Enforcing secure container runtime configurations like non-root execution and read-only filesystems

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add activer007/ordinary-claude-skills k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill