CtrlK
BlogDocsLog inGet started
Tessl Logo

k8s-security-policies

Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.

79

1.21x
Quality

68%

Does it follow best practices?

Impact

95%

1.21x

Average score across 3 eval scenarios

SecuritybySnyk

Passed

No known issues

Optimize this skill with Tessl

npx tessl skill review --optimize ./tests/ext_conformance/artifacts/agents-wshobson/kubernetes-operations/skills/k8s-security-policies/SKILL.md
SKILL.md
Quality
Evals
Security

Evaluation results

100%

50%

Network Isolation for a Three-Tier E-Commerce Application

NetworkPolicy defense-in-depth

Criteria
Without context
With context

Default-deny-all policy

100%

100%

DNS allowance

100%

100%

Tier labels in ingress selectors

0%

100%

Tier labels in target selectors

0%

100%

Metadata service blocked

0%

100%

Combined cross-namespace selector

100%

100%

No unrestricted allow-all

0%

100%

Port specificity

50%

100%

85%

Kubernetes Access Control for a Data Pipeline Service

RBAC least-privilege configuration

Criteria
Without context
With context

Role not ClusterRole

100%

100%

No wildcard verbs

100%

100%

No wildcard resources

100%

100%

resourceNames restriction

0%

0%

Dedicated ServiceAccount

100%

100%

Token auto-mount disabled

100%

100%

RoleBinding to ServiceAccount

100%

100%

Minimal verbs

100%

100%

100%

Hardened Kubernetes Manifests for a Financial Services Workload

Pod security hardening

Criteria
Without context
With context

PSS enforce label

100%

100%

PSS audit label

100%

100%

PSS warn label

100%

100%

runAsNonRoot set

100%

100%

runAsUser set

100%

100%

fsGroup set

100%

100%

seccompProfile set

100%

100%

No privilege escalation

100%

100%

Read-only filesystem

100%

100%

All capabilities dropped

100%

100%

Repository
Dicklesworthstone/pi_agent_rust
Commit

47823e3

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Network Isolation for a Three-Tier E-Commerce ApplicationKubernetes Access Control for a Data Pipeline ServiceHardened Kubernetes Manifests for a Financial Services Workload

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.

Claim skill