Can I use this to block privileged mode in my cluster?

Yes, the skill provides templates to ensure that no containers can run with privileged: true, eliminating one of the most common container breakout vectors.

How does this skill replace PodSecurityPolicy (PSP)?

Since PodSecurityPolicy was removed in Kubernetes 1.25, this skill uses Kyverno admission controller policies to enforce the same security boundaries using the modern Pod Security Standards (PSS) framework.

Are these templates suitable for production environments?

Yes, these templates are based on AEL patterns and Kubernetes best practices designed specifically for high-security production environments requiring strict isolation.

Does this skill help with seccomp profile enforcement?

Absolutely. It includes templates that mandate the definition of securityContext.seccompProfile for all pods, reducing the kernel attack surface by blocking dangerous syscalls.

Kyverno Pod Security Templates

Name: Kyverno Pod Security Templates
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

0•

安全与测试

Enforces Kubernetes Pod Security Standards and privilege restrictions using Kyverno policies to secure containerized workloads.

This skill empowers Claude to implement and manage Kyverno policies that align with official Kubernetes Pod Security Standards (PSS). It provides automated patterns for hardening clusters by preventing privilege escalation, mandating non-root execution, and enforcing seccomp profiles, effectively replacing the deprecated PodSecurityPolicy (PSP) with modern, policy-as-code admission controls that reduce the attack surface of containerized applications.

主要功能

01Prevention of privileged container execution to eliminate breakout vectors

02Mandatory non-root user execution for containerized workloads

030 GitHub stars

04Strict seccomp profile enforcement for syscall filtering

05Automated enforcement of Kubernetes Pod Security Standards (PSS)

06Domain-specific implementation patterns for Kubernetes security boundaries

使用场景

01Automating security compliance audits for production-grade Kubernetes workloads

02Hardening Kubernetes clusters against privilege escalation and container breakouts

03Migrating from deprecated PodSecurityPolicy to modern Kyverno-based security

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills kyverno-pod-security-templates

For use in Claude.ai and ChatGPT

Download Skill