Can this skill help with regulatory compliance?

Yes, it implements defense-in-depth patterns like Binary Authorization, audit logging, and private endpoints which are foundational for frameworks like PCI-DSS and SOC2.

What infrastructure-as-code tool does this skill use?

This skill primarily uses Pulumi to define and deploy hardened GKE configurations, ensuring repeatable and auditable infrastructure.

What is the recommended deployment workflow?

The skill enforces a strict environment promotion order: QAC to DEV, then STG, and finally PRD to ensure security changes are validated before reaching production.

Does it support workload identity federation?

Absolutely. It automates the setup of GKE Workload Identity to replace static service account keys with short-lived, least-privileged credentials.

GKE Security Hardening Guide

Name: GKE Security Hardening Guide
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

0•

보안 및 테스팅

Implements production-grade security controls for Google Kubernetes Engine using Pulumi and defense-in-depth patterns.

This skill provides comprehensive guidance and automation for securing GKE clusters through infrastructure-as-code. It streamlines the implementation of critical security features like private clusters, Workload Identity Federation, and network policies while enforcing strict IAM configurations and runtime enforcement. By following established defense-in-depth patterns, it helps developers significantly reduce the attack surface of their containerized workloads and maintain a repeatable, auditable security posture across all deployment environments from development to production.

주요 기능

01Workload Identity Federation and least-privilege IAM configuration

020 GitHub stars

03Automated private cluster and control plane hardening via Pulumi

04Network policy enforcement and VPC-native networking setup

05Built-in verification checklists and anti-pattern detection for audit readiness

06Runtime security controls including Binary Authorization and Pod Security Standards

사용 사례

01Provisioning highly secure GKE environments for regulated production workloads

02Migrating legacy GKE clusters to a hardened, defense-in-depth architecture

03Standardizing security configurations across multi-environment promotion pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills gke-security-hardening-guide

For use in Claude.ai and ChatGPT

Download Skill