Which tools does this skill help manage?

This skill specifically provides implementation patterns and guidance for Kyverno, Kubernetes network policies, and Pod Security Standards.

What is the primary focus of the Phase 3 Runtime skill?

It focuses on hardening Kubernetes production environments by enforcing runtime policies, such as resource limits and image verification, using Kyverno.

How does this help with Kubernetes compliance?

It automates the implementation of security contexts and resource quotas, ensuring all running workloads meet predefined organizational and industry compliance standards.

Is this skill part of a larger framework?

Yes, it represents the third phase of the Adaptive Enforcement Lab (AEL) roadmap, following the automation phase and preceding advanced enforcement strategies.

Does this skill support an audit-only mode?

Yes, it includes a rollout strategy specifically designed for an audit-first approach, allowing you to monitor policy violations before switching to active enforcement.

Kubernetes Runtime Security Enforcement (Phase 3)

Name: Kubernetes Runtime Security Enforcement (Phase 3)
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

보안 및 테스팅

Hardens Kubernetes production environments through runtime policy enforcement, image verification, and resource constraints using Kyverno.

소개

This skill provides domain-specific guidance for the third phase of a security implementation roadmap, specifically focusing on runtime enforcement within Kubernetes clusters. It enables developers and DevOps engineers to implement Policy-as-Code using Kyverno, covering critical security controls such as image source verification, pod security standards, and network policies. By following an audit-first rollout strategy, the skill ensures that production workloads remain compliant without compromising system stability or availability.

주요 기능

Establishes granular network policies for traffic control
0 GitHub stars
Provides audit-first deployment strategies for production hardening
Automates image source verification to ensure workload integrity
Configures namespace quotas and Kubernetes pod security standards
Implements Kyverno policies for resource limits and security contexts

사용 사례

Automating Policy-as-Code enforcement to meet strict organizational compliance requirements
Hardening production Kubernetes clusters against unauthorized or insecure workloads
Transitioning from security auditing to active runtime enforcement using phased rollout metrics

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills phase-3-runtime-weeks-9-12

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개