Secure your Kubernetes clusters with production-ready network policies, RBAC configurations, and pod security standards. This skill provides comprehensive templates and best practices for defense-in-depth security.
Baixar o ZIP da skill
Upload no Claude
Vá em Configurações → Capacidades → Skills → Upload skill
Ative e comece a usar
Testar
A utilizar "k8s-security-policies". Create a default deny NetworkPolicy for the production namespace
Resultado esperado:
A complete NetworkPolicy manifest with empty podSelector and both Ingress and Egress policy types, blocking all traffic by default
A utilizar "k8s-security-policies". Generate RBAC for a deployment manager role
Resultado esperado:
A Role with permissions for deployments (full CRUD) and pods (read-only), plus a RoleBinding to attach users or service accounts
Auditoria de Segurança
SeguroAll static analyzer findings are false positives. The skill contains documentation and YAML templates for Kubernetes security configurations. Network pattern detections reference metadata endpoint blocking (security best practice), and external command findings are bash examples in Markdown documentation, not executable code.
Pontuação de qualidade
O Que Você Pode Construir
DevSecOps Engineer
Implement network isolation between microservices and enforce least-privilege access controls for CI/CD pipelines
Platform Team Lead
Establish security baselines and compliance controls across multi-tenant Kubernetes clusters
Security Auditor
Review and validate existing Kubernetes security configurations against CIS benchmarks and NIST frameworks
Tente Estes Prompts
Create a NetworkPolicy that allows frontend pods to communicate with backend pods on port 8080 in the production namespace
Generate RBAC configuration for a service account that needs read-only access to ConfigMaps in the default namespace
Configure namespace labels to enforce restricted Pod Security Standards with audit and warn modes
Create a comprehensive security configuration including default deny NetworkPolicy, RBAC for developers, and Pod Security Standards for a new production namespace
Melhores Práticas
- Start with default deny NetworkPolicies, then explicitly allow required traffic
- Apply least-privilege principle for RBAC - grant minimum permissions needed
- Use dedicated ServiceAccounts for each application instead of default ServiceAccount
Evitar
- Using wildcard (*) permissions in RBAC for production workloads
- Running containers as root or with privileged security context
- Allowing unrestricted egress traffic without explicit NetworkPolicy rules
Perguntas Frequentes
What CNI plugins support NetworkPolicy?
How do I test NetworkPolicy changes safely?
What is the difference between Role and ClusterRole?
Are Pod Security Policies still available?
How do I allow DNS traffic with NetworkPolicy?
Can I block access to cloud metadata endpoints?
Detalhes do Desenvolvedor
Autor
sickn33Licença
MIT
Repositório
https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/k8s-security-policiesReferência
main
Estrutura de arquivos