How does this skill help with network isolation?

It provides standardized templates for default-deny-all policies and specific ingress/egress rules to restrict traffic between namespaces and pods, ensuring a zero-trust network environment.

Does it support the latest Pod Security Admission (PSA)?

Yes, it includes configurations for Privileged, Baseline, and Restricted security levels that can be applied to namespaces via labels to enforce pod security standards.

Does it support third-party policy engines?

Yes, the skill includes support for OPA Gatekeeper constraint templates and Istio Service Mesh security policies like PeerAuthentication and AuthorizationPolicy.

Can I use this for RBAC management?

Absolutely. It includes patterns for Roles, ClusterRoles, and RoleBindings to ensure that both human users and ServiceAccounts operate under the principle of least privilege.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: yusoofsh

byyusoofsh

安全与测试

Implements production-grade Kubernetes security using NetworkPolicies, RBAC, and Pod Security Standards.

关于

This skill provides a comprehensive framework for securing Kubernetes clusters by implementing defense-in-depth strategies. It guides developers and SREs through the creation of network isolation rules, least-privilege RBAC configurations, and namespace-level pod security enforcement, ensuring clusters meet modern compliance and safety standards. Whether you are setting up multi-tenant environments or hardening individual microservices, this skill offers standardized templates for OPA Gatekeeper, Istio service mesh, and native Kubernetes security primitives.

主要功能

0 GitHub stars
Pod Security Standards enforcement (Baseline and Restricted)
Istio Service Mesh mTLS and AuthorizationPolicy implementation
NetworkPolicy templates for ingress and egress isolation
Least-privilege RBAC Role and ClusterRole configuration
OPA Gatekeeper constraint templates for custom policy enforcement

使用场景

Implementing network segmentation between microservices
Configuring secure RBAC for CI/CD and service accounts
Hardening production Kubernetes clusters for compliance

关于

主要功能

0 GitHub stars
Pod Security Standards enforcement (Baseline and Restricted)
Istio Service Mesh mTLS and AuthorizationPolicy implementation
NetworkPolicy templates for ingress and egress isolation
Least-privilege RBAC Role and ClusterRole configuration
OPA Gatekeeper constraint templates for custom policy enforcement

使用场景

Implementing network segmentation between microservices
Configuring secure RBAC for CI/CD and service accounts
Hardening production Kubernetes clusters for compliance