creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-kubernetes-pod-security-standards/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.5 KiB
Raw Blame History

API Reference: Implementing Kubernetes Pod Security Standards

PSA Namespace Labels

# Apply restricted enforcement
kubectl label namespace production \
  pod-security.kubernetes.io/enforce=restricted \
  pod-security.kubernetes.io/audit=restricted \
  pod-security.kubernetes.io/warn=restricted --overwrite

Pod Security Standard Levels

Level Description Blocks
Privileged Unrestricted Nothing
Baseline Minimally restrictive hostNetwork, privileged, hostPID/IPC
Restricted Heavily restricted + runAsNonRoot, drop ALL caps, seccomp

PSA Modes

Mode Behavior
enforce Reject violating pods
audit Log violations (allow pod)
warn Warn user (allow pod)

Baseline Violations

Field Forbidden Value
spec.hostNetwork true
spec.hostPID true
spec.hostIPC true
containers[*].securityContext.privileged true
containers[*].securityContext.capabilities.add Non-default

Restricted Violations (adds to Baseline)

Field Required
runAsNonRoot true
allowPrivilegeEscalation false
capabilities.drop ["ALL"]
seccompProfile.type RuntimeDefault or Localhost

References

Reference in New Issue View Git Blame Copy Permalink