This is a comprehensive reference for locking down Kubernetes clusters with network policies, RBAC, and Pod Security Standards. It covers the three security levels (privileged, baseline, restricted), gives you ready-to-use network policy patterns like default-deny and selective ingress rules, and includes RBAC examples for both namespace and cluster-wide access. There's also OPA Gatekeeper setup and Istio service mesh security if you need admission control or mTLS. The best practices section is solid, calling out non-root containers, dropped capabilities, and read-only filesystems. It's thorough enough for compliance work (CIS, NIST) but still practical for day-to-day hardening. Worth having if you're implementing defense in depth or managing multi-tenant clusters.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill k8s-security-policies