Does it support third-party policy engines?

Yes, it includes patterns for OPA Gatekeeper and Istio service mesh security for advanced admission control and mTLS.

What security standards does this skill support?

It supports standard Kubernetes Pod Security Standards (Privileged, Baseline, and Restricted) as well as CIS Benchmarks and NIST frameworks.

Can it help with network isolation?

Yes, it provides specific templates for default-deny-all policies and granular ingress/egress rules to isolate microservices.

How does it handle RBAC permissions?

It helps define namespace-scoped Roles and cluster-wide ClusterRoles to ensure users and service accounts follow the principle of least privilege.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

보안 및 테스팅

Implement production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and least-privilege RBAC.

소개

The k8s-security-policies skill enables Claude to architect and deploy defense-in-depth security measures for Kubernetes clusters. It provides standardized templates and implementation patterns for NetworkPolicies to segment traffic, Pod Security Standards to harden container runtimes, and fine-grained RBAC for identity management. Additionally, it integrates advanced enforcement tools like OPA Gatekeeper and Istio, helping developers and DevOps engineers meet CIS Benchmarks and strict compliance requirements in production-grade, multi-tenant environments.

주요 기능

0 GitHub stars
Service mesh security configuration with Istio PeerAuthentication and mTLS
Advanced policy enforcement using OPA Gatekeeper ConstraintTemplates
Configuration of Kubernetes Pod Security Standards (Baseline and Restricted)
Implementation of least-privilege Role-Based Access Control (RBAC)
Automated generation of NetworkPolicies for network isolation and segmentation

사용 사례

Hardening production workloads by enforcing non-root users and read-only filesystems
Securing multi-tenant clusters by isolating workloads and limiting namespace access
Automating compliance audits for network and identity management in Kubernetes

소개

주요 기능

0 GitHub stars
Service mesh security configuration with Istio PeerAuthentication and mTLS
Advanced policy enforcement using OPA Gatekeeper ConstraintTemplates
Configuration of Kubernetes Pod Security Standards (Baseline and Restricted)
Implementation of least-privilege Role-Based Access Control (RBAC)
Automated generation of NetworkPolicies for network isolation and segmentation

사용 사례

Hardening production workloads by enforcing non-root users and read-only filesystems
Securing multi-tenant clusters by isolating workloads and limiting namespace access
Automating compliance audits for network and identity management in Kubernetes