K8S Security Policies

What it does

This skill automates the implementation of Kubernetes security policies, focusing on NetworkPolicy, PodSecurityPolicy, RBAC (Role-Based Access Control), and Pod Security Standards. It guides users through establishing defense-in-depth security for their Kubernetes clusters by applying best practices and validating outcomes. The skill provides actionable steps to enforce these policies and achieve compliance.

When to use it

• Implement network segmentation within your Kubernetes cluster.
• Configure Pod Security Standards (Privileged, Baseline, or Restricted).
• Set up RBAC for least-privilege access control.
• Create security policies to meet specific compliance requirements.
• Implement admission control mechanisms.
• Secure multi-tenant Kubernetes clusters.

Key capabilities

• Implementation of Network Policies (e.g., Default Deny All, Allow Frontend to Backend, Allow DNS).
• Configuration of Pod Security Standards at the namespace level (Privileged, Baseline, Restricted).
• Creation and application of RBAC roles (namespace-scoped) and cluster roles.
• Provides example configurations for Network Policies and RBAC.

Example prompts

• "Implement a default deny all network policy in the 'production' namespace."
• "Configure the 'baseline' Pod Security Standard for a new namespace called 'development'."
• "Create an RBAC role that allows read-only access to pods within the 'production' namespace."

Tips & gotchas

• Clearly define your goals, constraints, and required inputs before using this skill.
• For detailed implementation examples, refer to the resources/implementation-playbook.md file.
• This skill is specifically for Kubernetes security policy implementation; it’s not suitable for tasks outside of that scope.