Policy Bundle

KolTEQ Best Practices

Best practice validating admission bundle that enforces pod hardening, safer runtime defaults, and broader cluster guardrails (RBAC, secrets, exposure, and risky config restrictions) for a strong security baseline.

Browse policies Back to bundles

Use the bundle

Choose the workflow that fits your platform—automated management with KubeAPT, manual deploy with kubectl, or policy usage examples for namespace enforcement.

Deploy, uninstall, validate, and continuously manage this policy bundle with KubeAPT.

Check out KubeAPT

Deploy with kubectl

Apply the bundle directly using kubectl or your GitOps pipeline.

deploy.sh

mkdir -p /tmp/kolteq && \
curl -L https://github.com/kolteq/kubernetes-security-policies/releases/download/vap_kolteq-best-practices%40v0.1.0/kolteq-best-practices_v0.1.0.tar.gz | tar -xz -C /tmp/kolteq && \
kubectl apply -f /tmp/kolteq/kolteq-best-practices --recursive

Use in namespaces

Label namespaces to activate enforcement for this policy set.

namespace.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: production
  labels:
    security.kolteq.com/enforce: enabled

Policies in this bundle

147 policies across 15 resource types. Browse the full catalog with this bundle pre-selected.

Browse policies in this bundle

KolTEQ Best Practices

Use the bundle

Deploy with kubectl

Use in namespaces

Policies in this bundle

Policy list