跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

Kubernetes Security Policies

技能 活跃

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

目的

To enable users to implement robust, defense-in-depth security for Kubernetes clusters through specific policy configurations.

功能

  • Implement Network Policies (default deny, DNS, ingress/egress)
  • Configure Pod Security Standards (privileged, baseline, restricted)
  • Generate RBAC roles and bindings (Role, ClusterRole, RoleBinding)
  • Provide OPA Gatekeeper ConstraintTemplates and Constraints
  • Detail Service Mesh Security (Istio PeerAuthentication, AuthorizationPolicy)

使用场景

  • Securing Kubernetes clusters with comprehensive policies
  • Implementing network segmentation and isolation between pods
  • Enforcing pod security standards for compliance
  • Setting up least-privilege access controls with RBAC

非目标

  • Deploying or managing Kubernetes clusters themselves
  • Automating the application of policies beyond providing examples
  • Providing runtime security enforcement tools beyond configuration guidance

工作流

  1. Understand the need for specific security policies (NetworkPolicy, PSP, RBAC).
  2. Review provided examples for desired policy type (e.g., default deny, RBAC Role, PSP namespace label).
  3. Adapt and apply the YAML configuration to the target Kubernetes environment.
  4. Troubleshoot common issues using provided guidance.
  5. Incorporate provided best practices into cluster security strategy.

实践

  • Security Policy Implementation
  • RBAC Configuration
  • Network Segmentation
  • Pod Security Standards

先决条件

  • Kubernetes cluster access
  • kubectl command-line tool
  • Understanding of Kubernetes concepts

Versioning

  • warning:Release ManagementWhile the repository has recent commits, there is no clear versioning signal (semver in frontmatter, changelog, or releases) to indicate distinct versions of the skill. Installation instructions likely point to 'main'.

Practical Utility

  • info:Edge casesThe Troubleshooting section addresses common issues like NetworkPolicy not working and RBAC permission denied, providing recovery steps.

安装

请先添加 Marketplace

/plugin marketplace add wshobson/agents
/plugin install kubernetes-operations@claude-code-workflows

质量评分

96 /100
13 days ago 分析

信任信号

最近提交14 days ago
星标35.3k
许可证MIT
状态
查看源代码

类似扩展

K8s Manifest Generator

100

Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.

技能
wshobson

Ship Gate

100

Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.

技能
alirezarezvani

Setup Container Registry

99

Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.

技能
pjt222

Kubernetes Specialist

99

Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.

技能
jeffallan

Enforce Policy As Code

98

Implement policy-as-code enforcement using OPA Gatekeeper or Kyverno to validate and mutate Kubernetes resources according to organizational policies. Covers constraint templates, admission control, audit mode, reporting violations, and integrating with CI/CD pipelines for shift-left policy validation. Use when enforcing resource configuration standards, preventing security misconfigurations such as privileged containers, ensuring compliance before deployment, standardizing naming conventions, or auditing existing cluster resources against policies.

技能
pjt222

OpenClaw Release Maintainer

100

Prepare or verify OpenClaw stable/beta releases, changelogs, release notes, publish commands, and artifacts.

技能
steipete