Kubernetes and container security skill for cluster hardening, RBAC review, admission control (OPA Gatekeeper, Kyverno), Pod Security Standards, network policies, secrets management, runtime defense (Falco, Tetragon), image supply chain (cosign, SLSA, in-toto), and CIS benchmark compliance. Use to assess and harden clusters you operate.
설치
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
Kubernetes and container security skill for cluster hardening, RBAC review, admission control (OPA Gatekeeper, Kyverno), Pod Security Standards, network policies, secrets management, runtime defense (Falco, Tetragon), image supply chain (cosign, SLSA, in-toto), and CIS benchmark compliance. Use to assess and harden clusters you operate.
Kubernetes Security
Authorization Boundary
Require cluster context, namespace scope, and read-only kubeconfig before live queries.
Avoid disruptive runtime probes on production; prefer staging or ephemeral clusters.
Hardening Workflow
Inventory: API server flags, node OS, CNI, CSI, ingress, service mesh, admission plugins, controllers.
RBAC: enumerate ClusterRole/RoleBinding; flag wildcard verbs, system:masters, escalate, bind, impersonate, secret reads from broad subjects.
Workloads: enforce Pod Security restricted, drop capabilities, read-only rootfs, non-root UID, seccomp RuntimeDefault, no hostPath/hostNetwork/hostPID.
Network: default-deny NetworkPolicy; explicit egress to known services; mTLS via mesh where applicable.
Supply chain: signed images (cosign verify), provenance attestations (SLSA), admission policy that blocks unsigned.