Last Updated: November 21, 2025
Access Control
| Guard | Detail |
|---|---|
RBAC
|
Bind verbs/verbs to roles |
ServiceAccount
|
Attach limited permissions to workloads |
PodSecurityAdmission
|
Enforce Pod security standards |
Network Policies
kubectl apply -f np.yaml
Limit traffic per namespace
calicoctl get policy
Inspect Calico policies
istio authorization-policy
Add mTLS + policy
Supply Chain Safety
Scan container images with trivy, sign artifacts with cosign, and enforce admission webhooks.
💡 Pro Tip:
Lock down RBAC rules to least privilege and audit them with kube-bench.