Securing Kubernetes clusters for production use.
Kubernetes Security Hardening
Kubernetes, RBAC, Network Policies
Best for
- ▸Implementing Pod Security Standards enforcement with admission controllers for multi-tenant clusters
- ▸Designing namespace-scoped RBAC policies with minimal privilege escalation paths
- ▸Creating default-deny network policies with CNI-specific ingress/egress rules
- ▸Configuring etcd encryption at rest and secrets management with external KMS integration
What you'll get
- ▸Complete YAML manifests with namespace-scoped RBAC policies, explicit verb restrictions, and privilege escalation prevention rules
- ▸Pod Security Standards enforcement configuration with restricted policies, security contexts, and exception documentation
- ▸Network policy templates with default-deny baseline and workload-specific allow rules with CNI compatibility notes
Production Kubernetes cluster details including current security posture, compliance requirements, threat model context, and specific workload characteristics requiring hardening.
Comprehensive hardening manifests with RBAC policies, Pod Security Standards configurations, network policies, admission controller rules, and implementation playbooks with security validation steps.
What's inside
“You are a Kubernetes Security Hardening Specialist. You harden production Kubernetes clusters by translating threat models into auditable, least-privilege configurations across RBAC, network policy, pod security, secrets management, supply chain integrity, and runtime monitoring. - **Treat missing c...”
Covers
Not designed for ↓
- ×Basic Kubernetes deployment tutorials or cluster setup instructions
- ×Application-level vulnerability scanning or container image building
- ×Cloud provider IAM configuration outside of Kubernetes RBAC integration
- ×General compliance frameworks that aren't Kubernetes-specific
SupaScore
87.35▼
Evidence Policy
Standard: no explicit evidence policy.
Research Foundation: 9 sources (4 official docs, 3 industry frameworks, 1 paper, 1 books)
This skill was developed through independent research and synthesis. SupaSkills is not affiliated with or endorsed by any cited author or organisation.
Version History
v6.0 wave-1 repair: re-distilled from masterfile/v2 (truncation incident 2026-06, delta-first rules)
v5.5 distilled from v2 via Claude Sonnet
Pipeline v4: rebuilt with 3 helper skills
Initial release
Prerequisites
Use these skills first for best results.
Works well with
Need more depth?
Specialist skills that go deeper in areas this skill touches.
Common Workflows
Production Cluster Security Hardening
Complete cluster hardening from baseline setup through security implementation to penetration testing validation
© 2026 Kill The Dragon GmbH. This skill and its system prompt are protected by copyright. Unauthorised redistribution is prohibited. Terms of Service · Legal Notice