What security standards does this skill support?

It implements the official Kubernetes Pod Security Standards (Privileged, Baseline, and Restricted) and aligns with CIS Kubernetes Benchmark recommendations.

How do I troubleshoot NetworkPolicies with this skill?

The skill provides specific kubectl commands to verify CNI support and audit effective permissions for service accounts.

Can it help with network isolation?

Yes, it includes specific templates for default-deny-all policies, DNS egress rules, and specific ingress rules for frontend-to-backend communication.

How does it handle Kubernetes access control?

The skill provides patterns for Role-Based Access Control (RBAC), including Roles, ClusterRoles, and RoleBindings designed for least-privilege access.

Does it support third-party security tools?

Yes, it includes configuration examples for OPA Gatekeeper ConstraintTemplates and Istio service mesh PeerAuthentication/mTLS.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

0•

Deployment & DevOps

Implements production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC to harden cluster environments.

This skill provides a comprehensive framework for securing Kubernetes clusters through multi-layered defense strategies. It offers ready-to-use templates and best practices for configuring network isolation, enforcing Pod Security Standards (Privileged, Baseline, Restricted), and managing fine-grained access control with RBAC. Whether you are implementing admission control with OPA Gatekeeper, configuring Istio mTLS, or hardening pod security contexts for compliance, this skill ensures your infrastructure meets industry security benchmarks like CIS and NIST while preventing unauthorized lateral movement and privilege escalation.

Key Features

01Advanced policy enforcement examples for OPA Gatekeeper and Istio Service Mesh

020 GitHub stars

03Pod Security Context enforcement including non-root execution and read-only filesystems

04Implementation of Kubernetes Pod Security Standards (Privileged, Baseline, Restricted)

05NetworkPolicy templates for granular ingress/egress control and default-deny rules

06Comprehensive RBAC patterns for namespace-scoped and cluster-wide least-privilege access

Use Cases

01Hardening production Kubernetes clusters to meet SOC2 or CIS compliance requirements

02Implementing network segmentation to isolate microservices and sensitive data

03Configuring secure multi-tenant isolation using namespaces and restricted service accounts

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/hermetic-academy k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill