Agent skill

runtime-security

Pod Security Standards and admission controllers for GKE. Runtime monitoring with Falco and behavioral analysis to detect anomalous workload activity.

Stars 1
Forks 2

Install this agent skill to your Project

npx add-skill https://github.com/adaptive-enforcement-lab/claude-skills/tree/main/plugins/secure/skills/runtime-security

SKILL.md

Runtime Security

When to Use This Skill

This section covers runtime security for GKE clusters:

  • Pod Security Standards: Namespace-level security policies (baseline, restricted)
  • Admission Controllers: Pre-deployment validation and policy enforcement
  • Runtime Monitoring: Behavioral detection with Falco or GKE Cloud Logging

Prerequisites

  • GCP project with billing enabled
  • Terraform 1.0+
  • kubectl configured for cluster access

Implementation

  • Cluster Configuration - Private GKE, Workload Identity
  • Network Security - VPC networking, Network Policies
  • IAM Configuration - Least-privilege IAM

Key Principles

Defense in Depth

Multiple layers of runtime security controls:

  • Pod Security Standards enforce secure defaults
  • Admission controllers block invalid configurations
  • Runtime monitoring detects anomalous behavior
  • Audit logging captures all activity

Secure by Default

Production workloads must meet strict security requirements:

  • Run as non-root user
  • Read-only root filesystem
  • Drop all Linux capabilities
  • No privilege escalation
  • Resource limits defined

Continuous Monitoring

Runtime monitoring provides visibility into pod behavior:

  • Process execution tracking
  • File access monitoring
  • Network connection detection
  • System call auditing

Related Patterns

  • Cluster Configuration
  • Network Security
  • IAM Configuration

References

Expand your agent's capabilities with these related and highly-rated skills.

Didn't find tool you were looking for?

Be as detailed as possible for better results