k8s-security-policies
by wshobsonImplement Kubernetes security policies including NetworkPolicy, RBAC, and pod security standards for secure, production-ready clusters. Ideal for enforcing network isolation and access controls.
Overview
The k8s-security-policies skill provides a practical toolkit for enforcing Kubernetes security best practices in your clusters. It helps platform engineers, DevOps teams, and security auditors implement and audit essential security controls such as NetworkPolicy, RBAC (Role-Based Access Control), and pod security standards. This skill is ideal for organizations aiming to secure Kubernetes environments, enforce network segmentation, and apply least-privilege access patterns.
Key features include:
- Ready-to-use NetworkPolicy YAML templates for common scenarios (default deny, DNS, frontend-backend, ingress controller, monitoring).
- Reference RBAC patterns for typical access roles (read-only, namespace admin, deployment manager, secret reader, CI/CD pipeline access).
- Guidance for adapting security policies to your specific namespaces and workloads.
Use k8s-security-policies when you need to:
- Harden Kubernetes clusters for production.
- Enforce network isolation between workloads.
- Apply and audit RBAC roles for secure access control.
- Meet compliance or internal security requirements.
How to Use
Installation Steps
- Add the skill to your project using:
npx skills add https://github.com/wshobson/agents --skill k8s-security-policies - Review the main documentation in
SKILL.mdfor an overview of the workflow and security concepts.
Exploring Templates and Patterns
- Open
assets/network-policy-template.yamlto find a collection of NetworkPolicy templates. These include default deny-all, DNS egress, frontend-to-backend, ingress controller, and monitoring access patterns. Customize namespaces and labels to fit your environment. - Check
references/rbac-patterns.mdfor RBAC best practices. This file provides YAML examples for common roles such as read-only, namespace admin, deployment manager, and secret reader. Use these as a starting point for your own RBAC policies.
Adapting to Your Environment
- Modify the provided YAML templates to match your cluster's namespaces, labels, and security requirements.
- Integrate these policies into your CI/CD pipeline or cluster bootstrapping process to ensure consistent enforcement.
Supporting Files and Folders
assets/: Contains policy templates and supporting YAML files.references/: Includes RBAC patterns and additional documentation.
FAQ
Who should use k8s-security-policies?
This skill is designed for Kubernetes administrators, DevOps engineers, and security teams responsible for securing cluster workloads and enforcing access controls.
What problems does k8s-security-policies solve?
It streamlines the process of applying proven security policies in Kubernetes, reducing manual effort and risk of misconfiguration. It helps enforce network segmentation, restricts unnecessary access, and provides a reference for RBAC best practices.
How do I customize the provided templates?
Edit the YAML files in assets/network-policy-template.yaml and references/rbac-patterns.md to match your namespaces, labels, and desired access levels. Always test changes in a non-production environment before rollout.
Can I use this skill with any Kubernetes distribution?
Yes, the templates and patterns are based on standard Kubernetes APIs and should work across all conformant distributions.
Where can I find more details or scripts?
Browse the Files tab to explore all available templates, references, and helper scripts included with the skill.