kubernetes-hardening

Secure Kubernetes clusters and workloads.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "kubernetes-hardening" with this command: npx skills add bagelhole/devops-security-agent-skills/bagelhole-devops-security-agent-skills-kubernetes-hardening

Kubernetes Hardening

Secure Kubernetes clusters and workloads.

When to Use This Skill

Use this skill when:

  • Hardening Kubernetes clusters

  • Implementing Pod Security Standards

  • Configuring network policies

  • Meeting security compliance

Pod Security Standards

Namespace with restricted policy

apiVersion: v1 kind: Namespace metadata: name: production labels: pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/warn: restricted

Security Context

apiVersion: v1 kind: Pod metadata: name: secure-pod spec: securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers:

  • name: app image: myapp:latest securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: ["ALL"]

Network Policies

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-all spec: podSelector: {} policyTypes:

  • Ingress
  • Egress

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-web spec: podSelector: matchLabels: app: web ingress:

  • from:
    • podSelector: matchLabels: app: frontend ports:
    • port: 8080

RBAC

apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: app-reader rules:

  • apiGroups: [""] resources: ["pods", "services"] verbs: ["get", "list"]

apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: app-reader-binding subjects:

  • kind: ServiceAccount name: myapp roleRef: kind: Role name: app-reader apiGroup: rbac.authorization.k8s.io

Best Practices

  • Enable Pod Security Standards

  • Implement network policies

  • Use RBAC with least privilege

  • Enable audit logging

  • Secure etcd with encryption

  • Use service mesh for mTLS

  • Regular security scanning

Related Skills

  • kubernetes-ops - K8s operations

  • container-hardening - Container security

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

linux-administration

No summary provided by upstream source.

Repository SourceNeeds Review
32-bagelhole
Security

sops-encryption

No summary provided by upstream source.

Repository SourceNeeds Review
31-bagelhole
Security

linux-hardening

No summary provided by upstream source.

Repository SourceNeeds Review
27-bagelhole
Security

windows-server

No summary provided by upstream source.

Repository SourceNeeds Review
22-bagelhole