Kubernetes Security Policies
Skill ActiveImplement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.
To enable users to implement robust, defense-in-depth security for Kubernetes clusters through specific policy configurations.
Features
- Implement Network Policies (default deny, DNS, ingress/egress)
- Configure Pod Security Standards (privileged, baseline, restricted)
- Generate RBAC roles and bindings (Role, ClusterRole, RoleBinding)
- Provide OPA Gatekeeper ConstraintTemplates and Constraints
- Detail Service Mesh Security (Istio PeerAuthentication, AuthorizationPolicy)
Use Cases
- Securing Kubernetes clusters with comprehensive policies
- Implementing network segmentation and isolation between pods
- Enforcing pod security standards for compliance
- Setting up least-privilege access controls with RBAC
Non-Goals
- Deploying or managing Kubernetes clusters themselves
- Automating the application of policies beyond providing examples
- Providing runtime security enforcement tools beyond configuration guidance
Workflow
- Understand the need for specific security policies (NetworkPolicy, PSP, RBAC).
- Review provided examples for desired policy type (e.g., default deny, RBAC Role, PSP namespace label).
- Adapt and apply the YAML configuration to the target Kubernetes environment.
- Troubleshoot common issues using provided guidance.
- Incorporate provided best practices into cluster security strategy.
Practices
- Security Policy Implementation
- RBAC Configuration
- Network Segmentation
- Pod Security Standards
Prerequisites
- Kubernetes cluster access
- kubectl command-line tool
- Understanding of Kubernetes concepts
Versioning
- warning:Release ManagementWhile the repository has recent commits, there is no clear versioning signal (semver in frontmatter, changelog, or releases) to indicate distinct versions of the skill. Installation instructions likely point to 'main'.
Practical Utility
- info:Edge casesThe Troubleshooting section addresses common issues like NetworkPolicy not working and RBAC permission denied, providing recovery steps.
Installation
First, add the marketplace
/plugin marketplace add wshobson/agents/plugin install kubernetes-operations@claude-code-workflowsQuality Score
Trust Signals
Similar Extensions
K8s Manifest Generator
100Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Setup Container Registry
99Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.
Kubernetes Specialist
99Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.
Enforce Policy As Code
98Implement policy-as-code enforcement using OPA Gatekeeper or Kyverno to validate and mutate Kubernetes resources according to organizational policies. Covers constraint templates, admission control, audit mode, reporting violations, and integrating with CI/CD pipelines for shift-left policy validation. Use when enforcing resource configuration standards, preventing security misconfigurations such as privileged containers, ensuring compliance before deployment, standardizing naming conventions, or auditing existing cluster resources against policies.
OpenClaw Release Maintainer
100Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.