Is this compatible with Service Meshes?

Yes, the skill includes security patterns for Istio, specifically PeerAuthentication for mTLS and AuthorizationPolicies for fine-grained traffic control.

How does this skill handle NetworkPolicies?

It provides standardized YAML templates for default-deny-all policies, DNS egress rules, and specific service-to-service communication to ensure strict network segmentation.

Can I use this for RBAC configuration?

Yes, it generates namespace-scoped Roles and cluster-wide ClusterRoles designed around the principle of least privilege for users and service accounts.

Does it support the new Pod Security Admission?

Absolutely. It includes configurations for enforcing Privileged, Baseline, and Restricted security levels through namespace labels as per modern k8s standards.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: Activer007

byActiver007

セキュリティとテスト

Implements production-grade Kubernetes security including NetworkPolicies, RBAC, and Pod Security Standards.

概要

This skill provides a comprehensive framework for implementing defense-in-depth security within Kubernetes clusters. It enables the automated generation and configuration of NetworkPolicies for microsegmentation, Role-Based Access Control (RBAC) for least-privilege management, and Pod Security Standards to enforce workload restrictions. By leveraging standardized templates for admission control via OPA Gatekeeper and service mesh security with Istio, this skill ensures that k8s environments are resilient, compliant with CIS Benchmarks, and ready for secure multi-tenant production use.

主な機能

Pod Security Standards (Privileged, Baseline, Restricted) configuration
Service Mesh security via Istio PeerAuthentication and Authorization
NetworkPolicy generation for ingress/egress isolation
Admission control enforcement using OPA Gatekeeper
Least-privilege RBAC Role and Binding templates
0 GitHub stars

ユースケース

Configuring secure multi-tenant access controls for dev and prod environments
Implementing network isolation between microservices to prevent lateral movement
Enforcing security compliance for production clusters following CIS Benchmarks

概要

主な機能

Pod Security Standards (Privileged, Baseline, Restricted) configuration
Service Mesh security via Istio PeerAuthentication and Authorization
NetworkPolicy generation for ingress/egress isolation
Admission control enforcement using OPA Gatekeeper
Least-privilege RBAC Role and Binding templates
0 GitHub stars

ユースケース

Configuring secure multi-tenant access controls for dev and prod environments
Implementing network isolation between microservices to prevent lateral movement
Enforcing security compliance for production clusters following CIS Benchmarks