Can this skill help with regulatory compliance?

Yes, it implements defense-in-depth patterns like Binary Authorization, audit logging, and private endpoints which are foundational for frameworks like PCI-DSS and SOC2.

What infrastructure-as-code tool does this skill use?

This skill primarily uses Pulumi to define and deploy hardened GKE configurations, ensuring repeatable and auditable infrastructure.

What is the recommended deployment workflow?

The skill enforces a strict environment promotion order: QAC to DEV, then STG, and finally PRD to ensure security changes are validated before reaching production.

Does it support workload identity federation?

Absolutely. It automates the setup of GKE Workload Identity to replace static service account keys with short-lived, least-privileged credentials.

GKE Security Hardening Guide

Name: GKE Security Hardening Guide
Author: adaptive-enforcement-lab

byadaptive-enforcement-lab

보안 및 테스팅

Implements production-grade security controls for Google Kubernetes Engine using Pulumi and defense-in-depth patterns.

소개

This skill provides comprehensive guidance and automation for securing GKE clusters through infrastructure-as-code. It streamlines the implementation of critical security features like private clusters, Workload Identity Federation, and network policies while enforcing strict IAM configurations and runtime enforcement. By following established defense-in-depth patterns, it helps developers significantly reduce the attack surface of their containerized workloads and maintain a repeatable, auditable security posture across all deployment environments from development to production.

주요 기능

Workload Identity Federation and least-privilege IAM configuration
0 GitHub stars
Automated private cluster and control plane hardening via Pulumi
Network policy enforcement and VPC-native networking setup
Built-in verification checklists and anti-pattern detection for audit readiness
Runtime security controls including Binary Authorization and Pod Security Standards

사용 사례

Provisioning highly secure GKE environments for regulated production workloads
Migrating legacy GKE clusters to a hardened, defense-in-depth architecture
Standardizing security configurations across multi-environment promotion pipelines

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add adaptive-enforcement-lab/claude-skills gke-security-hardening-guide

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개