Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Kubernetes Security Policies

Skill Aktiv

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

Zweck

To enable users to implement robust, defense-in-depth security for Kubernetes clusters through specific policy configurations.

Funktionen

  • Implement Network Policies (default deny, DNS, ingress/egress)
  • Configure Pod Security Standards (privileged, baseline, restricted)
  • Generate RBAC roles and bindings (Role, ClusterRole, RoleBinding)
  • Provide OPA Gatekeeper ConstraintTemplates and Constraints
  • Detail Service Mesh Security (Istio PeerAuthentication, AuthorizationPolicy)

Anwendungsfälle

  • Securing Kubernetes clusters with comprehensive policies
  • Implementing network segmentation and isolation between pods
  • Enforcing pod security standards for compliance
  • Setting up least-privilege access controls with RBAC

Nicht-Ziele

  • Deploying or managing Kubernetes clusters themselves
  • Automating the application of policies beyond providing examples
  • Providing runtime security enforcement tools beyond configuration guidance

Workflow

  1. Understand the need for specific security policies (NetworkPolicy, PSP, RBAC).
  2. Review provided examples for desired policy type (e.g., default deny, RBAC Role, PSP namespace label).
  3. Adapt and apply the YAML configuration to the target Kubernetes environment.
  4. Troubleshoot common issues using provided guidance.
  5. Incorporate provided best practices into cluster security strategy.

Praktiken

  • Security Policy Implementation
  • RBAC Configuration
  • Network Segmentation
  • Pod Security Standards

Voraussetzungen

  • Kubernetes cluster access
  • kubectl command-line tool
  • Understanding of Kubernetes concepts

Versioning

  • warning:Release ManagementWhile the repository has recent commits, there is no clear versioning signal (semver in frontmatter, changelog, or releases) to indicate distinct versions of the skill. Installation instructions likely point to 'main'.

Practical Utility

  • info:Edge casesThe Troubleshooting section addresses common issues like NetworkPolicy not working and RBAC permission denied, providing recovery steps.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add wshobson/agents
/plugin install kubernetes-operations@claude-code-workflows

Qualitätspunktzahl

96 /100
Analysiert 13 days ago

Vertrauenssignale

Letzter Commit15 days ago
Sterne35.3k
LizenzMIT
Status
Quellcode ansehen

Ähnliche Erweiterungen

K8s Manifest Generator

100

Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.

Skill
wshobson

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

Skill
alirezarezvani

Setup Container Registry

99

Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.

Skill
pjt222

Kubernetes Specialist

99

Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.

Skill
jeffallan

Enforce Policy As Code

98

Implement policy-as-code enforcement using OPA Gatekeeper or Kyverno to validate and mutate Kubernetes resources according to organizational policies. Covers constraint templates, admission control, audit mode, reporting violations, and integrating with CI/CD pipelines for shift-left policy validation. Use when enforcing resource configuration standards, preventing security misconfigurations such as privileged containers, ensuring compliance before deployment, standardizing naming conventions, or auditing existing cluster resources against policies.

Skill
pjt222

OpenClaw Release Maintainer

100

Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.

Skill
steipete