AgentSkillsCN

k8s-security-policies

为生产环境打造安全防护,实施包括 NetworkPolicy、PodSecurityPolicy 以及 RBAC 在内的 Kubernetes 安全策略。无论是在 Kubernetes 集群的安全加固、网络隔离的部署,还是在 Pod 安全标准的强制执行过程中,这一技能都大有裨益。

SKILL.md
--- frontmatter
version: 4.1.0-fractal
name: k8s-security-policies
description: Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

Kubernetes Security Policies

Comprehensive guide for implementing NetworkPolicy, PodSecurityPolicy, RBAC, and Pod Security Standards in Kubernetes.

Do not use this skill when

  • The task is unrelated to kubernetes security policies
  • You need a different domain or tool outside this scope

Instructions

  • Clarify goals, constraints, and required inputs.
  • Apply relevant best practices and validate outcomes.
  • Provide actionable steps and verification.
  • If detailed examples are required, open resources/implementation-playbook.md.

Purpose

Implement defense-in-depth security for Kubernetes clusters using network policies, pod security standards, and RBAC.

Use this skill when

  • Implement network segmentation
  • Configure pod security standards
  • Set up RBAC for least-privilege access
  • Create security policies for compliance
  • Implement admission control
  • Secure multi-tenant clusters

Pod Security Standards

🧠 Knowledge Modules (Fractal Skills)

1. 1. Privileged (Unrestricted)

2. 2. Baseline (Minimally restrictive)

3. 3. Restricted (Most restrictive)

4. Default Deny All

5. Allow Frontend to Backend

6. Allow DNS

7. Role (Namespace-scoped)

8. ClusterRole (Cluster-wide)

9. RoleBinding

10. Restricted Pod

11. ConstraintTemplate

12. Constraint

13. PeerAuthentication (mTLS)

14. AuthorizationPolicy

15. CIS Kubernetes Benchmark

16. NIST Cybersecurity Framework