Does it include RBAC configuration patterns?

Yes, it includes comprehensive patterns for Roles, ClusterRoles, and RoleBindings to help you implement a robust least-privilege access model.

Is OPA Gatekeeper supported for advanced enforcement?

Yes, the skill provides ConstraintTemplates and Constraints for advanced policy enforcement that goes beyond native Kubernetes resources, such as requiring specific labels.

Can this skill help with NetworkPolicy troubleshooting?

Yes, it provides troubleshooting steps for verifying CNI support and checking policy status to ensure network traffic is correctly filtered according to your specs.

What Pod Security Standards levels does this skill support?

It supports three levels: Privileged (unrestricted), Baseline (minimally restrictive), and Restricted (most restrictive), providing YAML templates for enforcement at the namespace level.

Kubernetes Security Policies

Name: Kubernetes Security Policies
Author: HermeticOrmus

byHermeticOrmus

0•

Security & Testing

Implements production-grade security for Kubernetes clusters using NetworkPolicies, RBAC, and Pod Security Standards.

This skill provides comprehensive guidance and implementation patterns for securing Kubernetes infrastructure with a defense-in-depth approach. It enables developers and DevOps engineers to enforce network isolation, configure least-privilege access control, and implement Pod Security Standards at the namespace level. Whether securing multi-tenant clusters, achieving compliance with CIS benchmarks, or integrating admission controllers like OPA Gatekeeper, this skill ensures clusters are hardened against unauthorized access and lateral movement through standardized, reusable security templates.

Key Features

01Implementation of Kubernetes NetworkPolicies for granular network segmentation

020 GitHub stars

03Configuration of Namespace-level Pod Security Standards including Restricted and Baseline profiles

04Least-privilege RBAC setup for Users, Groups, and ServiceAccounts

05Service mesh security integration using Istio PeerAuthentication and AuthorizationPolicies

06Policy enforcement patterns using OPA Gatekeeper for custom admission control

Use Cases

01Securing a multi-tenant production cluster through network isolation and restricted pod standards

02Hardening application workloads by implementing read-only filesystems and non-root execution

03Achieving compliance with CIS Kubernetes Benchmarks or NIST frameworks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add hermeticormus/floraheritage k8s-security-policies

For use in Claude.ai and ChatGPT

Download Skill