What security levels are supported for Pod Security Standards?

The skill supports all three Kubernetes Pod Security Standards: Privileged (unrestricted), Baseline (minimally restrictive for common workloads), and Restricted (highly hardened).

How does it handle service-to-service encryption?

The skill includes Istio-specific PeerAuthentication templates for enforcing mTLS (mutual TLS) and AuthorizationPolicies for granular service access control.

Can this skill help with NetworkPolicy troubleshooting?

Yes, it includes specific troubleshooting commands to check CNI support and verify effective policy application using kubectl.

Does it support third-party security tools like OPA Gatekeeper?

Yes, it provides ConstraintTemplates and Rego logic for OPA Gatekeeper to enforce custom validation rules during admission control.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: Activer007

byActiver007

セキュリティとテスト

Implements production-grade Kubernetes security through NetworkPolicies, Pod Security Standards, and least-privilege RBAC.

概要

This skill provides comprehensive guidance and templates for securing Kubernetes clusters using a defense-in-depth approach. It enables developers to implement critical security layers including granular NetworkPolicies for traffic isolation, standardized Pod Security levels (Privileged, Baseline, and Restricted), and strict Role-Based Access Control (RBAC). Whether you are hardening a production cluster for compliance, configuring multi-tenant isolation, or automating admission control with OPA Gatekeeper, this skill offers the specific patterns and troubleshooting steps needed to maintain a secure cloud-native infrastructure.

主な機能

Pre-configured Pod Security Standards for namespace-level enforcement
Least-privilege RBAC templates for users and service accounts
Service mesh security integration including Istio mTLS and AuthorizationPolicies
Automated generation of NetworkPolicies for network segmentation
OPA Gatekeeper ConstraintTemplates for custom admission control
0 GitHub stars

ユースケース

Implementing network isolation between microservices in multi-tenant environments
Hardening production Kubernetes clusters to meet CIS or NIST benchmarks
Enforcing secure container runtime configurations like non-root execution and read-only filesystems

概要

主な機能

Pre-configured Pod Security Standards for namespace-level enforcement
Least-privilege RBAC templates for users and service accounts
Service mesh security integration including Istio mTLS and AuthorizationPolicies
Automated generation of NetworkPolicies for network segmentation
OPA Gatekeeper ConstraintTemplates for custom admission control
0 GitHub stars

ユースケース

Implementing network isolation between microservices in multi-tenant environments
Hardening production Kubernetes clusters to meet CIS or NIST benchmarks
Enforcing secure container runtime configurations like non-root execution and read-only filesystems