implementing-rbac-hardening-for-kubernetes

Featured

Harden Kubernetes Role-Based Access Control by implementing least-privilege policies, auditing role bindings, eliminating cluster-admin sprawl, and integrating external identity providers.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing RBAC Hardening for Kubernetes ## Overview Kubernetes RBAC regulates access to cluster resources based on roles assigned to users, groups, and service accounts. Default configurations often grant excessive permissions, and without active hardening, RBAC becomes a primary attack vector for privilege escalation, lateral movement, and data exfiltration. Hardening requires implementing least-privilege principles, eliminating unnecessary ClusterRole bindings, separating service accounts, integrating external identity providers, and continuous auditing. ## When to Use - When deploying or configuring implementing rbac hardening for kubernetes capabilities in your environment - When establishing security controls aligned to compliance requirements - When building or improving security architecture for this domain - When conducting security assessments that require this implementation ## Prerequisites - Kubernetes cluster v1.24+ with RBAC enabled (default since v1.6) - kubectl access with cluster-admin for initial audit - External identity provider (OIDC) for user authentication - Audit logging enabled on the API server ## Core Hardening Principles ### 1. Eliminate cluster-admin Sprawl Audit and remove unnecessary cluster-admin bindings: ```bash # List all cluster-admin bindings kubectl get clusterrolebindings -o json | jq -r ' .items[] | select(.roleRef.name == "cluster-admin") | "\(.metadata.name) -> \(.subjects[]? | "\(.kind)/\(.name) (\(.namespace //...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

auditing-kubernetes-cluster-rbac

Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous ClusterRoleBindings, service account abuse, and privilege escalation paths using kubectl, rbac-tool, KubiScan, and Kubeaudit.

12,642 Updated today
mukul975
AI & Automation Solid

rbac-design

Design minimal-privilege RBAC for workloads, operators, and human access in multi-tenant clusters.

14 Updated 3 days ago
sawrus
DevOps & Infrastructure Listed

k8s-security

Kubernetes security review — RBAC discipline, Pod Security Standards (baseline/restricted), NetworkPolicy default-deny, admission controllers (Kyverno/Gatekeeper/VAP), External Secrets Operator, and runtime monitoring via Falco and audit logs.

4 Updated 1 weeks ago
roodlicht
AI & Automation Featured

castai-security-basics

Secure CAST AI API keys, RBAC configuration, and Kvisor security agent. Use when hardening CAST AI cluster access, configuring security scanning, or implementing API key rotation procedures. Trigger with phrases like "cast ai security", "cast ai api key rotation", "cast ai rbac", "cast ai kvisor", "secure cast ai".

2,266 Updated today
jeremylongshore
DevOps & Infrastructure Featured

securing-kubernetes-on-cloud

This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards, network policies, workload identity, RBAC scoping, image admission controls, and runtime security monitoring. It addresses cloud-specific security features including IRSA for EKS, Workload Identity for GKE, and Managed Identities for AKS.

12,642 Updated today
mukul975