Can I use this for both OPA Gatekeeper and Kyverno?

Yes, the skill includes comprehensive guidance for both major admission controllers, allowing you to validate, mutate, or reject resources based on custom security policies.

Does it support external secret managers like HashiCorp Vault?

Absolutely. It covers integrating Kubernetes with external secret stores including Vault, AWS Secrets Manager, and the External Secrets Operator to avoid using native base64 secrets.

How does this skill help with Kubernetes compliance?

It provides structured workflows and reference templates for meeting CIS Benchmarks, NIST, and PCI-DSS standards by enforcing hardened configurations and auditing current cluster settings.

What is the recommended approach for transition to Pod Security Admission?

The skill guides you through a phased approach: auditing current workloads, enabling warning modes in dev/staging, and finally enforcing the 'Restricted' profile in production.

Kubernetes Security Hardening

Name: Kubernetes Security Hardening
Author: NickCrew

byNickCrew

•

보안 및 테스팅

Implements enterprise-grade security policies and compliance standards for hardened Kubernetes cluster deployments.

This skill provides comprehensive guidance for securing Kubernetes environments through advanced configurations, including Pod Security Standards (PSS), zero-trust Network Policies, and least-privilege RBAC. It assists DevOps engineers and security professionals in automating security audits, configuring admission controllers like OPA Gatekeeper or Kyverno, and managing secrets via external providers. Designed for production-grade environments, it helps users meet strict compliance requirements such as CIS Benchmarks, NIST, and SOC2 while minimizing the attack surface of containerized workloads.

주요 기능

01Least-privilege Role-Based Access Control (RBAC) auditing

02Automated Pod Security Standards (PSS/PSA) implementation

03Integration with OPA Gatekeeper and Kyverno admission controllers

04Secure secrets management and container image vulnerability scanning

05Zero-trust Network Policy and micro-segmentation design

067 GitHub stars

사용 사례

01Implementing network micro-segmentation to isolate sensitive microservices

02Remediating overly permissive RBAC roles and service accounts across namespaces

03Hardening production clusters to meet CIS Benchmarks and NIST compliance

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add nickcrew/claude-cortex kubernetes-security-policies

For use in Claude.ai and ChatGPT

Download Skill