Is this suitable for meeting compliance standards like NIST or CIS?

Yes, the patterns provided are designed to align with the CIS Kubernetes Benchmark and NIST Cybersecurity Framework requirements.

Can I use this for multi-tenant cluster isolation?

Absolutely. It provides templates for default-deny network policies and specific RBAC patterns to ensure tenants remain isolated from one another.

Does it provide security for Service Meshes like Istio?

Yes, the skill includes patterns for Istio PeerAuthentication (mTLS) and AuthorizationPolicies for service-to-service security.

Does this skill support the modern replacement for PodSecurityPolicy?

Yes, it specifically focuses on the current Kubernetes Pod Security Standards (PSS) implemented via admission labels at the namespace level.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: Microck

byMicrock

•

Security & Testing

Implements production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and fine-grained RBAC.

This skill provides a comprehensive toolkit for securing Kubernetes clusters by applying defense-in-depth principles. It guides users through implementing NetworkPolicies for network isolation, enforcing Pod Security Standards across namespaces, and configuring least-privilege RBAC. Whether you are hardening a multi-tenant environment or meeting strict compliance standards like CIS or NIST, this skill provides the patterns, manifests, and best practices needed to ensure your infrastructure remains resilient against modern threats.

Key Features

01Least-privilege RBAC setup using Roles, ClusterRoles, and RoleBindings

02Granular NetworkPolicy configuration for ingress/egress traffic isolation

03Hardened Pod Security Contexts including non-root execution and read-only filesystems

04Implementation of Namespace-level Pod Security Standards (Privileged, Baseline, Restricted)

0581 GitHub stars

06Advanced policy enforcement using OPA Gatekeeper ConstraintTemplates

Use Cases

01Standardizing security manifests for CIS Kubernetes Benchmark compliance

02Hardening a multi-tenant production cluster to prevent lateral movement

03Configuring secure mTLS and authorization policies within a Service Mesh

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add microck/ordinary-claude-skills k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill