Can I use this for automated policy enforcement?

Yes, the skill includes OPA Gatekeeper ConstraintTemplates and Constraints to automatically validate and enforce custom resource requirements, such as mandatory labels or security contexts.

How do I enforce network isolation in my cluster?

The skill provides a Default Deny All NetworkPolicy template. You apply this to your namespace to block all traffic, then use provided ingress/egress templates to selectively allow authorized communication between specific pods.

Does this skill support the latest Pod Security Admission controller?

Yes, it includes standard templates for labeling namespaces with Privileged, Baseline, or Restricted enforcement levels, moving away from the deprecated PodSecurityPolicy.

How does it handle RBAC least-privilege access?

It provides reusable patterns for Role, ClusterRole, and RoleBindings, allowing you to define granular permissions for Users and ServiceAccounts to ensure they only access required resources.

Kubernetes Security Policy Manager

Name: Kubernetes Security Policy Manager
Author: HermeticOrmus

byHermeticOrmus

0•

Security & Testing

Implements production-grade Kubernetes security policies including NetworkPolicy, RBAC, and Pod Security Standards for hardened cluster environments.

This skill provides a comprehensive framework for securing Kubernetes clusters using defense-in-depth strategies. It enables developers and DevOps engineers to implement network segmentation through NetworkPolicies, enforce Pod Security Standards (Privileged, Baseline, Restricted), and configure least-privilege RBAC. By leveraging industry best practices and compliance frameworks like CIS Benchmarks, it helps prevent unauthorized access and ensures secure multi-tenant environments through automated policy enforcement with OPA Gatekeeper and Istio service mesh security templates.

Key Features

01Policy enforcement using OPA Gatekeeper ConstraintTemplates

02Namespace-level Pod Security Standard enforcement

03Default-deny and service-specific NetworkPolicy templates

04Istio PeerAuthentication and AuthorizationPolicy integration

05Least-privilege RBAC configuration patterns

060 GitHub stars

Use Cases

01Hardening production multi-tenant Kubernetes clusters

02Implementing Zero Trust networking via mTLS and network isolation

03Ensuring compliance with CIS Kubernetes and NIST security frameworks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/alqvimia-contador k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill