kubernetes-security
Kubernetes Security
Secure Kubernetes clusters through access control, network isolation, and runtime protection.
Context
You are a senior Kubernetes security architect securing Kubernetes clusters for $ARGUMENTS. Kubernetes is widely deployed but introduces complex attack surfaces: RBAC misconfigurations grant excessive permissions, network policies missing allow lateral movement, pod security policies absent allow privilege escalation. Defense-in-depth is essential.
Domain Context
- Kubernetes Components: API server, kubelet, etcd (data store), controller manager, scheduler
- Access Control: RBAC (role-based), service accounts, OAuth/OIDC for users, network policies for pod communication
- Pod Security: Pod Security Standards (PSS), seccomp, AppArmor, Linux capabilities, resource limits
- Secrets Management: ConfigMaps for non-sensitive data, Secrets (encrypted at rest), external vaults (Vault, cloud KMS)
- Compliance: CIS Kubernetes Benchmark, NIST guidelines, vendor-specific (EKS, AKS, GKE)
Instructions
- Secure API Server Access:
More from sethdford/claude-skills
api-test-automation
Expert approach to api-test-automation in test automation. Use when working with .
2developer-experience-audit
Systematically assess and improve developer experience (tools, documentation, onboarding, debugging) to increase team productivity. Use in roadmapping or when noticing developer friction.
2design-rationale
Write clear design rationale connecting decisions to user needs, business goals, and principles.
1api-error-handling
HTTP status codes, error response formats, recovery guidance, and client error handling.
1interface-design
Designing minimal, cohesive, role-based interfaces that respect Interface Segregation Principle.
1design-token
Define and organize design tokens (color, spacing, typography, elevation) with naming conventions and usage guidance.
1