Does it support Ingress security standards?

Yes, it mandates TLS configurations for all Ingress resources, ensuring that plaintext HTTP exposure is eliminated for external-facing services.

Does this skill require a specific CNI?

Yes, NetworkPolicy enforcement requires a CNI plugin that supports them, such as Calico, Cilium, or Weave Net, to be active in your cluster.

What is the benefit of namespace isolation templates?

They ensure that every namespace must have an active NetworkPolicy before pods can be created, preventing pods from communicating across namespace boundaries by default.

How does it prevent unauthorized external exposure?

The skill includes templates that block the creation of LoadBalancer services except within specifically approved namespaces, like an ingress-nginx namespace.

Can I use different policies for production and development?

Yes, the templates are designed to support different enforcement levels, allowing for strict production rules and more relaxed configurations for development testing.

Kyverno Network Security Templates

Name: Kyverno Network Security Templates
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

セキュリティとテスト

Enforces robust Kubernetes network security policies including namespace isolation, Ingress TLS requirements, and service exposure restrictions.

概要

This skill provides a suite of Kyverno templates designed to implement zero-trust networking and defense-in-depth strategies within Kubernetes clusters. It enables developers and platform engineers to automate the enforcement of NetworkPolicy requirements, mandate TLS for public-facing Ingress resources, and restrict the creation of LoadBalancer services to authorized namespaces. By integrating these patterns, teams can ensure consistent security posture across production and development environments while preventing accidental exposure of internal services and unauthorized lateral communication.

主な機能

Environment-specific enforcement levels for production and development
Restriction of LoadBalancer service creation to approved namespaces
Zero-trust networking templates for default-deny communication isolation
Automated enforcement of NetworkPolicy resources across all namespaces
Mandatory TLS configuration for all Kubernetes Ingress objects
0 GitHub stars

ユースケース

Standardizing HTTPS enforcement by requiring valid TLS secrets for all external-facing Ingress resources
Preventing accidental internet exposure of internal services by restricting LoadBalancer usage
Implementing a default-deny network posture across multi-tenant clusters to block lateral movement

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills kyverno-network-security-templates

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要