network-security | secure | ClaudePluginHub

Skill

Community

network-security

0

Description

Secure GKE networking with VPC-native IP allocation, zero-trust network policies, Private Service Connect endpoints, and Cloud Armor DDoS protection layers.

AI Summary

Configures VPC-native GKE networking with zero-trust policies, Private Service Connect, and Cloud Armor DDoS protection. Use when building secure GKE clusters requiring isolated pod networking and private service connectivity.

Install

1

Add the repository(one-time)

$

/plugin marketplace add adaptive-enforcement-lab/claude-skills

2

Install the plugin

$

/plugin install secure@ael-skills

Tool Access

This skill inherits all available tools. When active, it can use any tool Claude has access to.

Skill Content

Network Security

When to Use This Skill

This section covers network security configurations for GKE clusters:

VPC-Native Networking: Container-native IP allocation with Alias IP ranges
Network Policies: Zero-trust network model with default-deny ingress
Private Service Connect: Private connectivity to GCP services
Cloud Armor: Layer 7 DDoS protection and Web Application Firewall

Prerequisites

GCP project with billing enabled
Terraform 1.0+
kubectl configured for cluster access

Implementation

Cluster Configuration - Private GKE, Workload Identity
IAM Configuration - Least-privilege IAM
Runtime Security - Pod Security Standards

Key Principles

Zero Trust Network

Implement default-deny network policies and explicitly allow traffic between services:

All ingress traffic is blocked by default
Only required pod-to-pod communication is permitted
DNS and essential services are explicitly allowed
Egress traffic is controlled per workload

Private Connectivity

Route traffic through private endpoints for secure, isolated connectivity:

No public IP addresses required
Traffic stays on Google's backbone
Simplified security policy management
Cross-project access supported

Layer 7 Protection

Cloud Armor provides application-level security:

DDoS mitigation at the edge
Geo-blocking and IP filtering
Rate limiting and bot detection
XSS and SQLi protection

Related Patterns

Cluster Configuration
IAM Configuration
Runtime Security

References

Links

GitHub Stats

0 forks

Updated 4 days ago

Similar Skills

gitops-workflow

Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.

kubernetes-operations

24.8k

helm-chart-scaffolding

Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments.

kubernetes-operations

24.8k

k8s-manifest-generator

Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.

kubernetes-operations

24.8k