How do I troubleshoot blocked network traffic?

The skill provides commands to verify CNI support for NetworkPolicies and tools to describe active policies to identify misconfigurations.

Can this skill assist with RBAC configuration?

Yes, it provides predefined patterns for creating Roles, ClusterRoles, and RoleBindings to ensure users and service accounts have the minimum permissions necessary.

How does this skill help with Network Policies?

It provides standardized templates for default-deny-all policies and specific allow-rules, enabling you to restrict traffic flow between frontend and backend services.

Does it support policy enforcement tools like OPA Gatekeeper?

Yes, the skill includes ConstraintTemplates and Constraints for OPA Gatekeeper to automate the validation of resource labels and other custom security requirements.

What are Kubernetes Pod Security Standards?

They are a set of security levels—Privileged, Baseline, and Restricted—defined by Kubernetes that can be enforced at the namespace level via labels to control pod security context.

Kubernetes Security Policy Expert

Name: Kubernetes Security Policy Expert
Author: carloscroc

bycarloscroc

보안 및 테스팅

Implements defense-in-depth security for Kubernetes clusters using Network Policies, RBAC, and Pod Security Standards.

소개

This skill provides a comprehensive framework for securing Kubernetes environments by enforcing least-privilege access and robust network isolation. It guides users through configuring Pod Security Standards at the namespace level, implementing granular RBAC controls, and establishing default-deny network policies to prevent lateral movement. Beyond native controls, the skill includes implementation patterns for OPA Gatekeeper admission control and Istio service mesh security, ensuring production-grade compliance and a hardened security posture for multi-tenant or sensitive workloads.

주요 기능

0 GitHub stars
Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)
Admission control patterns using OPA Gatekeeper ConstraintTemplates
Least-privilege RBAC configuration for users and service accounts
Service mesh security integration including Istio mTLS and AuthorizationPolicies
Automated NetworkPolicy generation for ingress and egress isolation

사용 사례

Hardening production clusters for regulatory compliance such as CIS or NIST benchmarks
Remediating security vulnerabilities in pod configurations and container runtimes
Securing multi-tenant clusters by implementing strict namespace-level isolation

소개

주요 기능

0 GitHub stars
Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)
Admission control patterns using OPA Gatekeeper ConstraintTemplates
Least-privilege RBAC configuration for users and service accounts
Service mesh security integration including Istio mTLS and AuthorizationPolicies
Automated NetworkPolicy generation for ingress and egress isolation

사용 사례

Hardening production clusters for regulatory compliance such as CIS or NIST benchmarks
Remediating security vulnerabilities in pod configurations and container runtimes
Securing multi-tenant clusters by implementing strict namespace-level isolation