k8s-security-policies

version: 4.1.0-fractal name: k8s-security-policies description: Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

Kubernetes Security Policies

Comprehensive guide for implementing NetworkPolicy, PodSecurityPolicy, RBAC, and Pod Security Standards in Kubernetes.

Do not use this skill when

• The task is unrelated to kubernetes security policies
• You need a different domain or tool outside this scope

Instructions

• Clarify goals, constraints, and required inputs.
• Apply relevant best practices and validate outcomes.
• Provide actionable steps and verification.
• If detailed examples are required, open resources/implementation-playbook.md.

Purpose

Implement defense-in-depth security for Kubernetes clusters using network policies, pod security standards, and RBAC.

Use this skill when

• Implement network segmentation
• Configure pod security standards
• Set up RBAC for least-privilege access
• Create security policies for compliance
• Implement admission control
• Secure multi-tenant clusters

Pod Security Standards

🧠 Knowledge Modules (Fractal Skills)

1. 1. Privileged (Unrestricted)

2. 2. Baseline (Minimally restrictive)

3. 3. Restricted (Most restrictive)

4. Default Deny All

5. Allow Frontend to Backend

6. Allow DNS

7. Role (Namespace-scoped)

8. ClusterRole (Cluster-wide)

9. RoleBinding

10. Restricted Pod

11. ConstraintTemplate

12. Constraint

13. PeerAuthentication (mTLS)

14. AuthorizationPolicy

15. CIS Kubernetes Benchmark

16. NIST Cybersecurity Framework