castai-security-basics

Featured

Secure CAST AI API keys, RBAC configuration, and Kvisor security agent. Use when hardening CAST AI cluster access, configuring security scanning, or implementing API key rotation procedures. Trigger with phrases like "cast ai security", "cast ai api key rotation", "cast ai rbac", "cast ai kvisor", "secure cast ai".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# CAST AI Security Basics ## Overview Secure your CAST AI integration: API key management, RBAC least-privilege, Kvisor runtime security agent, and network policy configuration. ## Prerequisites - CAST AI agent installed on cluster - Cluster admin access for RBAC configuration - Secrets manager (AWS Secrets Manager, Vault, etc.) ## Instructions ### Step 1: API Key Management ```bash # Use separate keys per environment # console.cast.ai > API > API Access Keys # Development: Read-Only key (monitoring only) # Staging: Full Access key with limited cluster scope # Production: Full Access key, rotated every 90 days # Store in secrets manager, never in code aws secretsmanager create-secret \ --name "castai/prod/api-key" \ --secret-string "${CASTAI_API_KEY}" # Rotate key procedure: # 1. Generate new key in console # 2. Update secrets manager # 3. Restart CAST AI agent pods to pick up new key # 4. Verify agent reconnects # 5. Revoke old key in console ``` ### Step 2: RBAC Least-Privilege Review ```bash # Audit CAST AI ClusterRoles kubectl get clusterroles -l app.kubernetes.io/managed-by=castai -o yaml # The CAST AI agent needs these minimum permissions: # - get/list/watch: pods, nodes, events, namespaces, replicasets # - get: persistentvolumes, storageclasses # The cluster controller additionally needs: # - create/delete: nodes (for autoscaling) # - patch: pods/eviction (for evictor) # Check for overly broad permissions kubectl auth can-i --list --as=system:servicea...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

castai-install-auth

Install and configure CAST AI agent on a Kubernetes cluster with API key authentication. Use when onboarding a cluster to CAST AI, setting up Helm charts, or configuring Terraform provider authentication. Trigger with phrases like "install cast ai", "connect cluster to cast ai", "cast ai setup", "cast ai api key", "cast ai helm install".

2,266 Updated today
jeremylongshore
AI & Automation Featured

castai-common-errors

Diagnose and fix CAST AI agent, API, and autoscaler errors. Use when the CAST AI agent is offline, nodes are not scaling, or API calls return errors. Trigger with phrases like "cast ai error", "cast ai not working", "cast ai agent offline", "cast ai debug", "fix cast ai".

2,266 Updated today
jeremylongshore
AI & Automation Featured

castai-prod-checklist

Production readiness checklist for CAST AI cluster onboarding. Use when going live with CAST AI autoscaling, validating Phase 2 setup, or preparing for production cost optimization. Trigger with phrases like "cast ai production", "cast ai go-live", "cast ai checklist", "cast ai launch".

2,266 Updated today
jeremylongshore
AI & Automation Featured

castai-reference-architecture

CAST AI reference architecture for multi-cluster Kubernetes cost optimization. Use when designing CAST AI deployment across environments, planning Terraform module structure, or establishing team standards. Trigger with phrases like "cast ai architecture", "cast ai best practices", "cast ai multi-cluster", "cast ai terraform structure".

2,266 Updated today
jeremylongshore
AI & Automation Featured

castai-core-workflow-b

Configure CAST AI Workload Autoscaler for pod-level right-sizing and VPA. Use when enabling workload autoscaling, configuring resource recommendations, or tuning pod CPU and memory requests with CAST AI. Trigger with phrases like "cast ai workload autoscaler", "cast ai pod sizing", "cast ai resource recommendations", "cast ai VPA".

2,266 Updated today
jeremylongshore