How does it help with network isolation?

It provides templates for 'Default Deny All' policies and specific allow-lists for frontend-to-backend traffic and DNS resolution to prevent lateral movement.

Can I use this for RBAC audits?

Yes, it includes troubleshooting commands and patterns for checking effective permissions (auth can-i) to ensure least-privilege access is maintained.

Does this skill support the deprecated PodSecurityPolicy?

While the industry is moving away from PSP, this skill focuses on modern replacements: the native Pod Security Standards (PSS) and admission controllers like OPA Gatekeeper.

Is Istio security included?

Yes, the skill includes PeerAuthentication for mTLS and AuthorizationPolicy templates for service-to-service security within a mesh.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: Activer007

byActiver007

보안 및 테스팅

Implements production-grade Kubernetes security configurations including NetworkPolicies, RBAC, and Pod Security Standards.

소개

This skill provides a comprehensive framework for securing Kubernetes clusters by applying defense-in-depth principles. It enables developers and DevOps engineers to implement granular network isolation, enforce least-privilege access control via RBAC, and apply standardized Pod Security Standards across namespaces. Whether you are hardening a multi-tenant environment, preparing for a security audit like CIS or NIST, or configuring advanced policy enforcement with OPA Gatekeeper and Istio, this skill provides the templates and best practices needed to ensure a robust security posture.

주요 기능

Automated generation of NetworkPolicies for network segmentation
Security context enforcement for rootless and read-only container runtimes
Least-privilege RBAC configuration for users and service accounts
0 GitHub stars
OPA Gatekeeper and Istio service mesh security policy templates
Implementation of Kubernetes Pod Security Standards (Baseline and Restricted)

사용 사례

Hardening multi-tenant Kubernetes clusters for production environments
Implementing Zero Trust network security using default-deny policies and mTLS
Achieving compliance with CIS Kubernetes Benchmarks and NIST frameworks

소개

주요 기능

Automated generation of NetworkPolicies for network segmentation
Security context enforcement for rootless and read-only container runtimes
Least-privilege RBAC configuration for users and service accounts
0 GitHub stars
OPA Gatekeeper and Istio service mesh security policy templates
Implementation of Kubernetes Pod Security Standards (Baseline and Restricted)

사용 사례

Hardening multi-tenant Kubernetes clusters for production environments
Implementing Zero Trust network security using default-deny policies and mTLS
Achieving compliance with CIS Kubernetes Benchmarks and NIST frameworks