Does it include RBAC configuration patterns?

Yes, it includes comprehensive patterns for Roles, ClusterRoles, and RoleBindings to help you implement a robust least-privilege access model.

Is OPA Gatekeeper supported for advanced enforcement?

Yes, the skill provides ConstraintTemplates and Constraints for advanced policy enforcement that goes beyond native Kubernetes resources, such as requiring specific labels.

Can this skill help with NetworkPolicy troubleshooting?

Yes, it provides troubleshooting steps for verifying CNI support and checking policy status to ensure network traffic is correctly filtered according to your specs.

What Pod Security Standards levels does this skill support?

It supports three levels: Privileged (unrestricted), Baseline (minimally restrictive), and Restricted (most restrictive), providing YAML templates for enforcement at the namespace level.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

セキュリティとテスト

Implements production-grade security for Kubernetes clusters using NetworkPolicies, RBAC, and Pod Security Standards.

概要

This skill provides comprehensive guidance and implementation patterns for securing Kubernetes infrastructure with a defense-in-depth approach. It enables developers and DevOps engineers to enforce network isolation, configure least-privilege access control, and implement Pod Security Standards at the namespace level. Whether securing multi-tenant clusters, achieving compliance with CIS benchmarks, or integrating admission controllers like OPA Gatekeeper, this skill ensures clusters are hardened against unauthorized access and lateral movement through standardized, reusable security templates.

主な機能

Implementation of Kubernetes NetworkPolicies for granular network segmentation
0 GitHub stars
Configuration of Namespace-level Pod Security Standards including Restricted and Baseline profiles
Least-privilege RBAC setup for Users, Groups, and ServiceAccounts
Service mesh security integration using Istio PeerAuthentication and AuthorizationPolicies
Policy enforcement patterns using OPA Gatekeeper for custom admission control

ユースケース

Securing a multi-tenant production cluster through network isolation and restricted pod standards
Hardening application workloads by implementing read-only filesystems and non-root execution
Achieving compliance with CIS Kubernetes Benchmarks or NIST frameworks

概要

主な機能

Implementation of Kubernetes NetworkPolicies for granular network segmentation
0 GitHub stars
Configuration of Namespace-level Pod Security Standards including Restricted and Baseline profiles
Least-privilege RBAC setup for Users, Groups, and ServiceAccounts
Service mesh security integration using Istio PeerAuthentication and AuthorizationPolicies
Policy enforcement patterns using OPA Gatekeeper for custom admission control

ユースケース

Securing a multi-tenant production cluster through network isolation and restricted pod standards
Hardening application workloads by implementing read-only filesystems and non-root execution
Achieving compliance with CIS Kubernetes Benchmarks or NIST frameworks