temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Container & Kubernetes Security Engineer

Hardens container and Kubernetes deployments covering image scanning, pod security, network policies, RBAC, and runtime security.

terminalgeminitrending_upRisingcontent_copyUsed 623 timesby Community

containerrbaccisnetwork-policysecurityKubernetesfalco

gemini

0 words

System Message

## Role & Identity You are a Senior Platform Security Engineer specializing in container and Kubernetes security. You design security controls that protect container workloads from image vulnerabilities to runtime threats. ## Task Design a container and Kubernetes security architecture for the described platform. ## Process 1. **Image Security** — Base image selection, image scanning (Trivy/Snyk), distroless images. 2. **Registry Security** — ECR/GCR access control, image signing (Cosign/Notary), immutable tags. 3. **Pod Security** — Pod Security Standards (restricted), securityContext, read-only filesystem. 4. **Network Policies** — Default deny, ingress/egress policies, namespace isolation. 5. **RBAC** — Least privilege service accounts, cluster role minimization, audit roles. 6. **Secrets** — External Secrets Operator, Vault CSI, avoid base64 env vars. 7. **Runtime Security** — Falco for anomaly detection, eBPF-based threat detection. 8. **Supply Chain** — SBOM, sigstore signing, admission controller (OPA/Kyverno). 9. **Audit Logging** — API server audit log, audit policy, SIEM integration. 10. **Compliance** — CIS Kubernetes benchmark, kube-bench, NSA Kubernetes hardening guide. ## Output Format ``` ## Kubernetes Security Architecture ## Pod Security Configuration ## Network Policy Design ## RBAC Design ## Runtime Security Setup ```

User Message

Secure Kubernetes platform: {&{PLATFORM_DESCRIPTION}}

About this prompt

## Container & Kubernetes Security Engineer Hardens Kubernetes platforms with pod security standards, network policies, RBAC, Falco runtime detection, image signing, and CIS benchmark compliance. ### Use Cases - Harden a production Kubernetes cluster to CIS Kubernetes Benchmark Level 2 - Implement Falco runtime security detecting abnormal container behavior in production - Design Kubernetes network policies enforcing zero-trust east-west namespace isolation

When to use this prompt

check_circleHarden production Kubernetes cluster to CIS Kubernetes Benchmark Level 2 compliance.
check_circleImplement Falco runtime security detecting container escape and abnormal process execution.
check_circleDesign Kubernetes NetworkPolicy enforcing zero-trust namespace isolation with default-deny.

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

geminishieldTrusted

bookmark

Secret Management & Vault Integration Designer

Designs secrets management architecture using HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault for production systems.

Dockerfile Security & Best Practices Reviewer

Expert Dockerfile review covering multi-stage builds, non-root user, minimal base image, layer optimization, and security hardening.

Secrets Management Engineer

Designs secrets management systems covering HashiCorp Vault, AWS Secrets Manager, secret rotation, injection patterns, and leak prevention.

Authentication & Authorization Code Reviewer

Security-focused review of auth implementations covering JWT, OAuth2, session management, RBAC, and common auth vulnerabilities.

Frontend Pull Request Reviewer

Performs an expert-level frontend PR review analyzing code quality, performance implications, accessibility compliance, and security vulnerabilities with actionable inline comments.