Skill

coreweave-security-basics

Secures CoreWeave Kubernetes deployments using RBAC, network policies, secrets for GPU workloads, model access, and namespace isolation.

Kubernetes

Bash

Docker

security

infrastructure

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin coreweave-pack

Tool Access

This skill is limited to using the following tools:

ReadWriteEditBash(kubectl:*)Grep

Preview

```bash

SKILL.md

Similar Skills

coreweave-install-auth

1.9k

Configures kubectl access to CoreWeave Kubernetes clusters using kubeconfig and API tokens, verifies GPU nodes, and deploys test GPU pods.

5 tools

coreweave-pack

kubernetes-security

129

Provides Kubernetes security best practices for pod security contexts, network policies, RBAC, secrets management, and resource limits. Use when securing K8s deployments.

no tools

kubernetes

kubernetes-security-policies

Guides Kubernetes cluster security with Pod Security Standards, Network Policies, RBAC, admission controllers, and secrets management for hardened, compliant deployments.

8 files

nickcrew-claude-ctx-plugin

Stats

Parent Repo Stars1854

Parent Repo Forks248

Last CommitMar 22, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

CoreWeave Security Basics

Instructions

Secrets for Model Access

# HuggingFace token kubectl create secret generic hf-token --from-literal=token="${HF_TOKEN}" # Container registry credentials kubectl create secret docker-registry regcred \ --docker-server=ghcr.io \ --docker-username=$USER \ --docker-password=$TOKEN

Network Policy for Inference Pods

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: inference-isolation spec: podSelector: matchLabels: app: inference-server policyTypes: [Ingress, Egress] ingress: - from: - podSelector: matchLabels: role: api-gateway ports: - port: 8080 egress: - to: [] # Allow all egress for model downloads ports: - port: 443

Security Checklist

Kubeconfig stored securely, not in repos

Secrets used for model tokens (not env vars in YAML)

Network policies restrict inference endpoint access

RBAC limits namespace access per team

Container images scanned for CVEs

PVCs encrypted at rest

Resources

Next Steps

For production readiness, see coreweave-prod-checklist.