What security standards does this skill support?

It supports Pod Security Standards (Privileged, Baseline, Restricted), RBAC least-privilege patterns, and NetworkPolicy microsegmentation based on CIS and NIST benchmarks.

How does it help with Kubernetes admission control?

It provides OPA Gatekeeper templates and constraints to automatically reject resources that do not meet your organization's security and labeling requirements.

Can I use this for multi-tenant clusters?

Yes, it provides specific configurations for network isolation, default-deny policies, and namespace-scoped RBAC ideal for multi-tenant environments.

Does it support service mesh security?

Yes, the skill includes Istio-specific security policies such as PeerAuthentication for mTLS and AuthorizationPolicies for service-to-service security.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: amurata

byamurata

•

安全与测试

Implement and enforce production-grade security standards across Kubernetes clusters including NetworkPolicy, RBAC, and Pod Security Standards.

关于

This skill provides a comprehensive framework for securing Kubernetes environments through defense-in-depth strategies. It enables developers and DevOps engineers to quickly implement network segmentation, fine-grained RBAC permissions, and standardized pod security contexts. By integrating industry best practices like the CIS Kubernetes Benchmark and NIST frameworks, this tool helps ensure clusters are hardened against unauthorized access and lateral movement while simplifying the creation of compliance-ready manifests and admission control policies.

主要功能

Hardened Pod Security Contexts for container-level runtime security and non-root execution.
3 GitHub stars
Policy enforcement via OPA Gatekeeper ConstraintTemplates and Constraints.
Automated generation of NetworkPolicy manifests for microsegmentation.
Implementation of Pod Security Standards (Baseline and Restricted) at the namespace level.
RBAC configuration templates for enforcing least-privilege access controls.

使用场景

Securing multi-tenant Kubernetes clusters with strict network isolation and namespace boundaries.
Hardening container workloads to run as non-root with restricted capabilities and read-only filesystems.
Preparing infrastructure for security compliance audits such as CIS Benchmarks or NIST frameworks.

关于

主要功能

Hardened Pod Security Contexts for container-level runtime security and non-root execution.
3 GitHub stars
Policy enforcement via OPA Gatekeeper ConstraintTemplates and Constraints.
Automated generation of NetworkPolicy manifests for microsegmentation.
Implementation of Pod Security Standards (Baseline and Restricted) at the namespace level.
RBAC configuration templates for enforcing least-privilege access controls.

使用场景

Securing multi-tenant Kubernetes clusters with strict network isolation and namespace boundaries.
Hardening container workloads to run as non-root with restricted capabilities and read-only filesystems.
Preparing infrastructure for security compliance audits such as CIS Benchmarks or NIST frameworks.