Files
Anthropic-Cybersecurity-Skills/skills/implementing-rbac-for-kubernetes-cluster.bak/assets/template.md
T
mukul975 c47eed6a64 Production hardening: security fixes, code quality, 724 skills complete
- Fix 25 shell=True subprocess calls with list-based commands
- Fix 49 verify=False in defensive skills (env-var override)
- Add timeout to 231 HTTP/subprocess/socket calls
- Fix 6 SQL injection patterns with whitelist validation
- Replace 8 __import__() with standard imports
- Remove 701 unused imports across 442 files
- Add authorized-testing disclaimers to all offensive skills
- Complete 11 incomplete skill directories
- Expand 10 stub SKILL.md files with full content
- Fix 2 YAML parse errors in frontmatter
- Fix 5 pre-existing syntax errors
- Convert 22 hardcoded paths/ports to environment variables
- Back up 21 redundant skill pairs to .bak
- Fix 2 global declaration errors
- 724/724 skills with full folder anatomy (SKILL.md + agent.py + api-reference.md + LICENSE)
- 0 compile errors across all 724 agent.py files
2026-03-19 13:26:49 +01:00

1.4 KiB

Kubernetes RBAC Configuration Template

Namespace RBAC Matrix

Namespace Cluster Admin Namespace Admin Developer Viewer CI/CD SA
production 2 users 2 users 0 5 users 1 SA
staging 2 users 3 users 5 users 3 users 1 SA
development 2 users 5 users 10 users 0 1 SA

Role Definitions

Role Name Scope Resources Verbs Use Case
namespace-admin Namespace * * (within NS) Full namespace control
developer Namespace pods, deployments, services, configmaps get,list,create,update,delete Workload management
viewer Namespace pods, deployments, services, configmaps get, list, watch Read-only monitoring
secret-reader Namespace secrets get, list Application secret access
ci-deployer Namespace deployments, services, configmaps get,list,create,update,patch CI/CD pipeline

Service Account Inventory

Service Account Namespace Bound Role automountToken Purpose

Audit Policy Configuration

  • Log all create/update/delete on RBAC resources (RequestResponse level)
  • Log all pod exec/attach events
  • Log all secret access events
  • Forward audit logs to SIEM
  • Alert on ClusterRoleBinding changes