How does this skill help with NetworkPolicies?

It provides ready-to-use templates for implementing a default-deny-all security posture and defining specific ingress/egress rules for frontend, backend, and DNS traffic.

Does it include Policy-as-Code support?

Yes, it features configuration templates for OPA Gatekeeper (ConstraintTemplates) and Istio AuthorizationPolicies to automate security enforcement.

How do I troubleshoot policy issues with this skill?

The skill includes specific troubleshooting commands for checking CNI support for NetworkPolicies and verifying effective RBAC permissions using 'kubectl auth can-i'.

Can I use this for RBAC management?

Yes, it includes standardized patterns for Roles, ClusterRoles, and RoleBindings to ensure both human users and ServiceAccounts operate with least-privilege access.

Does it support modern Pod Security Standards?

Yes, the skill covers the implementation of the Pod Security Admission controller, including Privileged, Baseline, and Restricted profile labels for namespaces.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

0•

보안 및 테스팅

Implement defense-in-depth Kubernetes security through network policies, RBAC configurations, and pod security standards.

This skill provides comprehensive guidance and production-grade templates for securing Kubernetes clusters across multiple layers. It empowers developers and DevOps engineers to implement robust security using NetworkPolicies for traffic isolation, RBAC for least-privilege access, and Pod Security Standards to enforce runtime restrictions. Whether you are configuring multi-tenant environments, preparing for compliance audits like CIS Benchmarks, or hardening service mesh communications with Istio and OPA Gatekeeper, this skill offers the implementation patterns and troubleshooting steps necessary for a secure container orchestration environment.

주요 기능

010 GitHub stars

02Policy enforcement configuration using OPA Gatekeeper and Istio service mesh

03Granular NetworkPolicy templates for default-deny and service-to-service isolation

04Hardened Pod Security Contexts for non-root execution and read-only filesystems

05Least-privilege RBAC patterns for users, groups, and service accounts

06Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)

사용 사례

01Hardening production clusters to meet CIS Kubernetes Benchmark compliance

02Implementing network segmentation and isolation in multi-tenant environments

03Configuring admission control to prevent insecure pod deployments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/after-the-third-cup k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill