Kubernetes and container security skill for cluster hardening, RBAC review, admission control (OPA Gatekeeper, Kyverno), Pod Security Standards, network policies, secrets management, runtime defense (Falco, Tetragon), image supply chain (cosign, SLSA, in-toto), and CIS benchmark compliance. Use to assess and harden clusters you operate.
インストール
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
Kubernetes and container security skill for cluster hardening, RBAC review, admission control (OPA Gatekeeper, Kyverno), Pod Security Standards, network policies, secrets management, runtime defense (Falco, Tetragon), image supply chain (cosign, SLSA, in-toto), and CIS benchmark compliance. Use to assess and harden clusters you operate.
Kubernetes Security
Authorization Boundary
Require cluster context, namespace scope, and read-only kubeconfig before live queries.
Avoid disruptive runtime probes on production; prefer staging or ephemeral clusters.
Hardening Workflow
Inventory: API server flags, node OS, CNI, CSI, ingress, service mesh, admission plugins, controllers.
RBAC: enumerate ClusterRole/RoleBinding; flag wildcard verbs, system:masters, escalate, bind, impersonate, secret reads from broad subjects.
Workloads: enforce Pod Security restricted, drop capabilities, read-only rootfs, non-root UID, seccomp RuntimeDefault, no hostPath/hostNetwork/hostPID.
Network: default-deny NetworkPolicy; explicit egress to known services; mTLS via mesh where applicable.
Supply chain: signed images (cosign verify), provenance attestations (SLSA), admission policy that blocks unsigned.