Kubernetes Policies

KolTEQ's collection of Kubernetes policies

Open-source policy packs for ValidatingAdmission, MutatingAdmission, Audit, and Network policies—built to help teams ship safer Kubernetes defaults with confidence. Available on GitHub.

View on GitHub

Browse policies Browse bundles

Free & Open Source

Curated bundles you can deploy immediately.

KolTEQ Best Practices

Best practice validating admission bundle that enforces pod hardening, safer runtime defaults, and broader cluster guardrails (RBAC, secrets, exposure, and risky config restrictions) for a strong security baseline.

View bundle

Pod Security Admission

Pod Security Standards implemented as Validating Admission Policies, with the same levels (baseline and restricted).

View bundle

Enterprise policies

Enterprise bundles map directly to regulatory frameworks and provide policy-to-control traceability.

DORA

Operational resilience controls aligned to the EU Digital Operational Resilience Act.

NIS2

Security baseline and reporting obligations mapped to the NIS2 directive.

PCI DSS

Payment card security controls with Kubernetes-native enforcement patterns.

FINMA

Swiss financial regulator expectations for operational risk and controls.

BSI C5

Cloud security compliance criteria mapped to technical policies.

ISO 27001

Annex A control mappings and evidence-ready guardrails for audits.

Your Compliance Benchmark

Need something bespoke? KolTEQ designs and implements custom compliance benchmarks on request, tailored to your internal standards and regulatory obligations.

Enterprise bundle pricing

Starting at CHF 300/month per bundle for up to 5 clusters. Discounts apply for multi-bundle packages and annual billing.

Bundles selected2

3 bundles: 5% off · 4 bundles: 10% off · 5+ bundles: 20% off

Clusters covered5

Pricing scales per 5 clusters · 1 pack applied

10 clusters: 5% off · 25 clusters: 10% off · 50+ clusters: 20% off

Pay annually (additional 15% off)

Estimated monthly (CHF)

CHF 600

Estimated annual (CHF)

CHF 7’200

Get quote for 2 bundles

KubeAPT for cluster policy management

KubeAPT is a command-line Kubernetes Admission Policy Toolkit for validating and hardening cluster admission controls. It evaluates ValidatingAdmissionPolicies and bindings, checks Pod Security Admission posture, and scans clusters for admission safeguards. It also manages curated policy bundles and standalone policies, letting you download, inspect, and apply rulesets to strengthen admission security.

Visit kubeapt.io