Skip to main content

Kubernetes Security Policies

Skill Active

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

Purpose

To enable users to implement robust, defense-in-depth security for Kubernetes clusters through specific policy configurations.

Features

  • Implement Network Policies (default deny, DNS, ingress/egress)
  • Configure Pod Security Standards (privileged, baseline, restricted)
  • Generate RBAC roles and bindings (Role, ClusterRole, RoleBinding)
  • Provide OPA Gatekeeper ConstraintTemplates and Constraints
  • Detail Service Mesh Security (Istio PeerAuthentication, AuthorizationPolicy)

Use Cases

  • Securing Kubernetes clusters with comprehensive policies
  • Implementing network segmentation and isolation between pods
  • Enforcing pod security standards for compliance
  • Setting up least-privilege access controls with RBAC

Non-Goals

  • Deploying or managing Kubernetes clusters themselves
  • Automating the application of policies beyond providing examples
  • Providing runtime security enforcement tools beyond configuration guidance

Workflow

  1. Understand the need for specific security policies (NetworkPolicy, PSP, RBAC).
  2. Review provided examples for desired policy type (e.g., default deny, RBAC Role, PSP namespace label).
  3. Adapt and apply the YAML configuration to the target Kubernetes environment.
  4. Troubleshoot common issues using provided guidance.
  5. Incorporate provided best practices into cluster security strategy.

Practices

  • Security Policy Implementation
  • RBAC Configuration
  • Network Segmentation
  • Pod Security Standards

Prerequisites

  • Kubernetes cluster access
  • kubectl command-line tool
  • Understanding of Kubernetes concepts

Versioning

  • warning:Release ManagementWhile the repository has recent commits, there is no clear versioning signal (semver in frontmatter, changelog, or releases) to indicate distinct versions of the skill. Installation instructions likely point to 'main'.

Practical Utility

  • info:Edge casesThe Troubleshooting section addresses common issues like NetworkPolicy not working and RBAC permission denied, providing recovery steps.

Installation

First, add the marketplace

/plugin marketplace add wshobson/agents
/plugin install kubernetes-operations@claude-code-workflows

Quality Score

96 /100
Analyzed 13 days ago

Trust Signals

Last commit15 days ago
Stars35.3k
LicenseMIT
Status
View Source

Similar Extensions

K8s Manifest Generator

100

Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.

Skill
wshobson

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

Skill
alirezarezvani

Setup Container Registry

99

Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.

Skill
pjt222

Kubernetes Specialist

99

Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.

Skill
jeffallan

Enforce Policy As Code

98

Implement policy-as-code enforcement using OPA Gatekeeper or Kyverno to validate and mutate Kubernetes resources according to organizational policies. Covers constraint templates, admission control, audit mode, reporting violations, and integrating with CI/CD pipelines for shift-left policy validation. Use when enforcing resource configuration standards, preventing security misconfigurations such as privileged containers, ensuring compliance before deployment, standardizing naming conventions, or auditing existing cluster resources against policies.

Skill
pjt222

OpenClaw Release Maintainer

100

Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.

Skill
steipete

© 2025 SkillRepo · Find the right skill, skip the noise.