Does it cover service mesh security?

Yes, the skill includes Istio-specific configurations for PeerAuthentication (mTLS) and AuthorizationPolicies to secure service-to-service communication.

How do I troubleshoot applied security policies?

The skill includes specific troubleshooting commands for verifying CNI support and testing RBAC permissions using 'kubectl auth can-i'.

Can I use this for multi-tenant cluster isolation?

Yes, it includes specific patterns for network segmentation, default-deny policies, and RBAC to ensure secure separation between different teams or tenants.

Does this skill support the deprecated PodSecurityPolicy?

While it mentions PSP, the skill focuses on modern replacements including Pod Security Standards (PSS) and admission controllers like OPA Gatekeeper.

Is this compatible with the CIS Kubernetes Benchmark?

Yes, the configurations provided align with industry best practices outlined in the CIS Kubernetes Benchmark and NIST Cybersecurity Framework.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

보안 및 테스팅

Implements production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC configurations.

소개

This skill provides a comprehensive framework for securing Kubernetes clusters by implementing defense-in-depth strategies. It guides developers and SREs through the configuration of network segmentation, fine-grained access control (RBAC), and restrictive pod security standards to ensure compliance and multi-tenant isolation. Whether you are setting up default-deny network policies, enforcing non-root container execution with OPA Gatekeeper, or configuring mutual TLS with Istio, this skill offers the implementation patterns and best practices needed to harden production environments against common vulnerabilities.

주요 기능

0 GitHub stars
Service Mesh security integration with Istio mTLS and AuthorizationPolicies
NetworkPolicy templates for default-deny and service-specific isolation
Admission control patterns using OPA Gatekeeper ConstraintTemplates
Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)
Fine-grained RBAC configuration for namespace and cluster-scoped access

사용 사례

Hardening container workloads to meet CIS Benchmarks or NIST compliance
Securing multi-tenant Kubernetes clusters with network isolation and RBAC
Implementing automated policy enforcement and admission control for production namespaces

소개

주요 기능

0 GitHub stars
Service Mesh security integration with Istio mTLS and AuthorizationPolicies
NetworkPolicy templates for default-deny and service-specific isolation
Admission control patterns using OPA Gatekeeper ConstraintTemplates
Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)
Fine-grained RBAC configuration for namespace and cluster-scoped access

사용 사례

Hardening container workloads to meet CIS Benchmarks or NIST compliance
Securing multi-tenant Kubernetes clusters with network isolation and RBAC
Implementing automated policy enforcement and admission control for production namespaces