securing-kubernetes-on-cloud

Featured

This skill covers hardening managed Kubernetes clusters on EKS, AKS, and GKE by implementing Pod Security Standards, network policies, workload identity, RBAC scoping, image admission controls, and runtime security monitoring. It addresses cloud-specific security features including IRSA for EKS, Workload Identity for GKE, and Managed Identities for AKS.

DevOps & Infrastructure 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Securing Kubernetes on Cloud ## When to Use - When deploying new managed Kubernetes clusters in production with security requirements - When hardening existing EKS, AKS, or GKE clusters after a security audit or pentest finding - When implementing workload identity to eliminate static cloud credentials in pods - When enforcing pod security policies across namespaces to prevent container escapes - When integrating runtime security monitoring for detecting container-level threats **Do not use** for non-Kubernetes container deployments like ECS Fargate or Azure Container Instances, for application-level security within containers (see securing-serverless-functions), or for CI/CD pipeline security (see implementing-cloud-devsecops). ## Prerequisites - Managed Kubernetes cluster provisioned on EKS, AKS, or GKE with admin access - kubectl configured with cluster admin credentials - Familiarity with Kubernetes RBAC, namespaces, and security contexts - Container network interface plugin supporting network policies (Calico, Cilium) ## Workflow ### Step 1: Enforce Pod Security Standards Apply Pod Security Admission labels at the namespace level to enforce the Restricted profile in production namespaces. Pod Security Policies were removed in Kubernetes v1.25 and replaced with Pod Security Admission. ```yaml # Production namespace with restricted Pod Security Standard apiVersion: v1 kind: Namespace metadata: name: production labels: pod-security.kubernetes.io/enforce: ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Azure · Cloud Kubernetes · Infrastructure

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Listed

k8s-security

Kubernetes security review — RBAC discipline, Pod Security Standards (baseline/restricted), NetworkPolicy default-deny, admission controllers (Kyverno/Gatekeeper/VAP), External Secrets Operator, and runtime monitoring via Falco and audit logs.

4 Updated 1 weeks ago
roodlicht
DevOps & Infrastructure Featured

k8s-security-policies

Comprehensive guide for implementing NetworkPolicy, PodSecurityPolicy, RBAC, and Pod Security Standards in Kubernetes.

39,227 Updated today
sickn33
DevOps & Infrastructure Listed

k8s-security-policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or ...

42 Updated 2 months ago
diegosouzapw
DevOps & Infrastructure Listed

k8s-security-policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or ...

0 Updated 3 months ago
yunaamelia
DevOps & Infrastructure Solid

k8s-security-policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

36,166 Updated yesterday
wshobson