How does this skill help with NetworkPolicies?

It provides ready-to-use templates for default-deny-all policies and specific ingress/egress rules to control traffic between services and external resources.

Can I use this for RBAC management?

Yes, the skill includes standard patterns for namespace-scoped Roles and cluster-wide ClusterRoles based on the principle of least privilege.

Does it support Pod Security Admission?

Absolutely, it provides configuration snippets for labeling namespaces with Privileged, Baseline, and Restricted security levels according to K8s standards.

What about external policy engines like OPA Gatekeeper?

The skill includes ConstraintTemplates and Constraints to help you implement custom policy enforcement for things like required labels or image registries.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

Security & Testing

Implements production-grade Kubernetes security through NetworkPolicies, RBAC, and Pod Security Standards to ensure cluster-wide defense-in-depth.

About

This skill provides a comprehensive framework for securing Kubernetes clusters by enforcing least-privilege access and network isolation. It helps developers and SREs implement critical security layers including namespace-level Pod Security Standards, fine-grained RBAC configurations, and complex NetworkPolicies. Beyond standard Kubernetes resources, it integrates advanced security tools like OPA Gatekeeper for policy enforcement and Istio for service mesh security, ensuring clusters meet industry compliance standards like the CIS Kubernetes Benchmark.

Key Features

Automated generation of NetworkPolicies for network segmentation
Hardened Pod Security Context configurations for container isolation
OPA Gatekeeper ConstraintTemplate and Constraint definitions
Namespace-level Pod Security Standard configuration (Baseline/Restricted)
Least-privilege RBAC role and binding templates
0 GitHub stars

Use Cases

Hardening a multi-tenant Kubernetes cluster for production environments
Enforcing organizational compliance standards using OPA Gatekeeper constraints
Implementing network isolation between microservices to prevent lateral movement

About

Key Features

Automated generation of NetworkPolicies for network segmentation
Hardened Pod Security Context configurations for container isolation
OPA Gatekeeper ConstraintTemplate and Constraint definitions
Namespace-level Pod Security Standard configuration (Baseline/Restricted)
Least-privilege RBAC role and binding templates
0 GitHub stars

Use Cases

Hardening a multi-tenant Kubernetes cluster for production environments
Enforcing organizational compliance standards using OPA Gatekeeper constraints
Implementing network isolation between microservices to prevent lateral movement