with one click
kubernetes-security
Kubernetes security: RBAC, PodSecurity, network policies.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Kubernetes security: RBAC, PodSecurity, network policies.
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
Planning lifecycle: specs, requirements, pre-plan ambiguity resolution, file-backed plans, plan validation, pause/resume, session handoff.
Fresh-subagent-per-task execution with two-stage review gates.
Comprehensive 3-wave review of all repo source files, producing a prioritized issue backlog.
Business operations: strategy, technology, growth, competitive intelligence, support, finance, HR, legal, operations, sales, productivity, product management.
Customer support workflows — ticket triage, response drafting, knowledge base articles, escalation handling, customer research. Use when triaging support tickets, drafting customer responses, creating KB articles, managing escalations, or researching customer context.
Finance and accounting: journal entries, reconciliation, variance analysis, financial statements, audit support, month-end close, SOX testing.
| name | kubernetes-security |
| promoted_to | kubernetes |
| description | Kubernetes security: RBAC, PodSecurity, network policies. |
| user-invocable | false |
| context | fork |
| agent | kubernetes-helm-engineer |
| routing | {"triggers":["kubernetes security","k8s RBAC","RBAC setup","pod security policy","network policy"],"category":"kubernetes","pairs_with":["kubernetes-debugging","cobalt-core"]} |
Harden Kubernetes clusters and workloads through RBAC, pod security, network isolation, secret management, and supply chain controls.
| Signal | Reference | Size |
|---|---|---|
| RBAC, Role, RoleBinding, ClusterRole, ServiceAccount, least-privilege, access control, permissions | references/rbac-patterns.md | ~60 lines |
| PodSecurity, SecurityContext, runAsNonRoot, readOnlyRootFilesystem, restricted, baseline, image hardening, distroless, Dockerfile | references/pod-security.md | ~90 lines |
| NetworkPolicy, default-deny, allow-list, egress, ingress, DNS, lateral movement, namespace isolation | references/network-policies.md | ~70 lines |
| cosign, Kyverno, OPA, admission controller, Sealed Secrets, External Secrets, supply chain, misconfiguration, privileged | references/supply-chain.md | ~120 lines |
Load greedily. If the user's question touches any signal keyword, load the matching reference before responding. Multiple signals matching = load all matching references.
Determine which security domain the user is asking about.
| Domain | Reference |
|---|---|
| Access control, permissions, roles | references/rbac-patterns.md |
| Pod hardening, container security | references/pod-security.md |
| Network isolation, traffic rules | references/network-policies.md |
| Image signing, secrets, admission control | references/supply-chain.md |
If the question spans multiple domains, load all relevant references. Most production hardening tasks touch at least RBAC + pod security.
Gate: Domain identified. Reference(s) loaded. Proceed to Phase 2.
Use loaded reference knowledge to answer with concrete YAML manifests and specific configurations. The references contain complete, copy-paste-ready examples for each security domain.
For general Kubernetes debugging, pair with the kubernetes-debugging skill.
Gate: Question answered with reference-backed manifests, not generic advice.
Validate the security posture against the misconfiguration table in references/supply-chain.md. Flag any of the 8 common misconfigurations if present in the user's manifests.