opa-rbac-templates
OfficialEnforce least-privilege RBAC with OPA templates.
Authoradaptive-enforcement-lab
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Provides OPA-based RBAC templates to block cluster-admin bindings, restrict dangerous verbs, and disallow wildcard permissions across Kubernetes RBAC.
Core Features & Use Cases
- Cluster-Admin Prevention: Blocks cluster-admin role bindings except for approved break-glass accounts.
- Privileged Verb Restrictions: Prevents use of escalation, bind, and impersonate verbs in RBAC rules.
- Wildcard Prevention: Requires explicit resources and verbs instead of resources: [""] or verbs: [""].
- Implementation & Examples: Includes ready-to-apply templates (cluster-admin.yaml, privileged-verbs.yaml, wildcards.yaml) and reference guidance for audits.
Quick Start
Apply the opa-rbac-templates policies to enforce least-privilege RBAC in your cluster and block cluster-admin bindings, dangerous verbs, and wildcard permissions.
Dependency Matrix
Required Modules
kubectljq
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: opa-rbac-templates Download link: https://github.com/adaptive-enforcement-lab/claude-skills/archive/main.zip#opa-rbac-templates Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.