Does it support OPA Gatekeeper?

Absolutely, it includes templates for common constraints like requiring specific labels or enforcing resource limits via admission control.

How does this skill help with Network Policies?

It provides templates for default-deny-all, DNS egress, and specific service-to-service communication rules to segment cluster traffic effectively.

How do I verify my cluster permissions?

The skill provides specific troubleshooting commands, such as 'kubectl auth can-i', to help you validate and debug user or service account permissions.

Can I use this for RBAC management?

Yes, it generates namespace-scoped Roles and RoleBindings following the principle of least privilege for users and ServiceAccounts.

Kubernetes Security Assistant

Name: Kubernetes Security Assistant
Author: eyadsibai

byeyadsibai

Deployment & DevOps

Implements defense-in-depth security configurations for Kubernetes clusters including network policies, RBAC, and pod security standards.

About

The Kubernetes Security skill provides domain-specific guidance for hardening containerized environments through automated security manifest generation. It enables developers and DevOps engineers to implement strict Pod Security Standards (PSS), configure granular Network Policies for microsegmentation, and manage least-privilege RBAC roles. By integrating OPA Gatekeeper templates and Istio mTLS configurations, this skill ensures clusters adhere to modern cloud-native security best practices while providing troubleshooting utilities for permission auditing.

Key Features

OPA Gatekeeper constraint templates for admission control
Granular Network Policy generation (Ingress/Egress)
Pod Security Standard (PSS) namespace enforcement
0 GitHub stars
Least-privilege RBAC Role and Binding configuration
Istio Service Mesh security and mTLS enforcement

Use Cases

Implementing zero-trust networking via default-deny policies
Hardening production Kubernetes clusters to meet compliance requirements
Troubleshooting and debugging RBAC permissions or network connectivity

About

Key Features

OPA Gatekeeper constraint templates for admission control
Granular Network Policy generation (Ingress/Egress)
Pod Security Standard (PSS) namespace enforcement
0 GitHub stars
Least-privilege RBAC Role and Binding configuration
Istio Service Mesh security and mTLS enforcement

Use Cases

Implementing zero-trust networking via default-deny policies
Hardening production Kubernetes clusters to meet compliance requirements
Troubleshooting and debugging RBAC permissions or network connectivity