Does it provide templates for Service Mesh security?

Yes, the skill includes Istio-specific security patterns for PeerAuthentication (mTLS) and AuthorizationPolicies to secure service-to-service communication.

Can I use this for multi-tenant cluster isolation?

Absolutely. The skill provides 'default deny-all' NetworkPolicies and namespace-scoped RBAC patterns specifically designed for secure multi-tenancy.

Is it compatible with Open Policy Agent?

Yes, it provides OPA Gatekeeper ConstraintTemplates and Constraints for automated policy enforcement during the admission control phase.

Does this skill support the latest Pod Security Admission?

Yes, it includes implementation guides for the built-in Pod Security Standards (Privileged, Baseline, and Restricted) which replaced the deprecated PodSecurityPolicies.

How do I verify if my RBAC settings are working?

The skill includes specific troubleshooting commands using 'kubectl auth can-i' to audit and verify effective permissions for service accounts or users.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: Krosebrook

byKrosebrook

•

Security & Testing

Implement defense-in-depth security for Kubernetes clusters using Network Policies, Pod Security Standards, and granular RBAC.

This skill provides a comprehensive framework for securing Kubernetes environments by enforcing strict network isolation and access controls. It enables developers and DevOps engineers to implement industry-standard security measures, including Pod Security Standards (Privileged, Baseline, Restricted), Role-Based Access Control (RBAC) patterns, and OPA Gatekeeper constraints. Whether you are hardening production clusters, achieving compliance with CIS benchmarks, or managing multi-tenant environments, this skill guides you through implementing robust security policies, Service Mesh authorization, and secure pod contexts to ensure a resilient and compliant infrastructure.

Key Features

01Multi-level Pod Security Standards implementation (Baseline/Restricted)

02Advanced policy enforcement with OPA Gatekeeper and Istio

03Granular NetworkPolicy templates for microservice isolation

04Least-privilege RBAC configuration for users and service accounts

05Secure Pod Security Context configurations for production workloads

061 GitHub stars

Use Cases

01Hardening production Kubernetes clusters for CIS/NIST compliance

02Enforcing runtime security standards and admission control across namespaces

03Implementing network segmentation and zero-trust in multi-tenant environments

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add krosebrook/source-of-truth-monorepo k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill