Agent skill
network-security
Secure GKE networking with VPC-native IP allocation, zero-trust network policies, Private Service Connect endpoints, and Cloud Armor DDoS protection layers.
Install this agent skill to your Project
npx add-skill https://github.com/adaptive-enforcement-lab/claude-skills/tree/main/plugins/secure/skills/network-security
SKILL.md
Network Security
When to Use This Skill
This section covers network security configurations for GKE clusters:
- VPC-Native Networking: Container-native IP allocation with Alias IP ranges
- Network Policies: Zero-trust network model with default-deny ingress
- Private Service Connect: Private connectivity to GCP services
- Cloud Armor: Layer 7 DDoS protection and Web Application Firewall
Prerequisites
- GCP project with billing enabled
- Terraform 1.0+
- kubectl configured for cluster access
Implementation
- Cluster Configuration - Private GKE, Workload Identity
- IAM Configuration - Least-privilege IAM
- Runtime Security - Pod Security Standards
Key Principles
Zero Trust Network
Implement default-deny network policies and explicitly allow traffic between services:
- All ingress traffic is blocked by default
- Only required pod-to-pod communication is permitted
- DNS and essential services are explicitly allowed
- Egress traffic is controlled per workload
Private Connectivity
Route traffic through private endpoints for secure, isolated connectivity:
- No public IP addresses required
- Traffic stays on Google's backbone
- Simplified security policy management
- Cross-project access supported
Layer 7 Protection
Cloud Armor provides application-level security:
- DDoS mitigation at the edge
- Geo-blocking and IP filtering
- Rate limiting and bot detection
- XSS and SQLi protection
Related Patterns
- Cluster Configuration
- IAM Configuration
- Runtime Security
References
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
github-token-permissions-overview
Understanding GITHUB_TOKEN scope, default permissions, and implementing least-privilege principle for GitHub Actions workflows.
secure
Find and fix security issues before they become incidents. Vulnerability scanning, SBOM generation, supply chain security, and secure authentication workflows.
complete-workflow-examples
Copy-paste hardened CI/CD workflows with SHA-pinned actions, minimal GITHUB_TOKEN permissions, OIDC authentication, and comprehensive security scanning for GitHub Actions.
ephemeral-runner-patterns
Disposable runner patterns for GitHub Actions. Container-based, VM-based, and ARC deployment strategies with complete state isolation between jobs.
action-pinning-overview
Why pinning GitHub Actions to SHA-256 commits matters for supply chain security. Attack vectors from unpinned actions and comparison of tag vs SHA pinning.
github-actions-security-patterns-hub
Complete security patterns for GitHub Actions covering action pinning, GITHUB_TOKEN permissions, third-party action risks, secret management, and runner security.
Didn't find tool you were looking for?