Source from repo

Kubernetes Security Policies

Kubernetes security policy expertise from a comprehensive 146-skill, 112-agent multi-agent orchestration system.

wshobsonGitHub wshobsonSource repo Original GitHub link Publisher page

Files

Skill

n/a

Size

14.2 KB

Entrypoint

SKILL.md

Format

git-repo

Open file

assets/network-policy-template.yaml

Syntax-highlighted preview of this file as included in the skill package.

Rendered Source

code178 linesFree

assets/network-policy-template.yaml

1# Network Policy Templates
2 
3---
4# Template 1: Default Deny All (Start Here)
5apiVersion: networking.k8s.io/v1
6kind: NetworkPolicy
7metadata:
8  name: default-deny-all
9  namespace: <namespace>
10spec:
11  podSelector: {}
12  policyTypes:
13  - Ingress
14  - Egress
15 
16---
17# Template 2: Allow DNS (Essential)
18apiVersion: networking.k8s.io/v1
19kind: NetworkPolicy
20metadata:
21  name: allow-dns
22  namespace: <namespace>
23spec:
24  podSelector: {}
25  policyTypes:
26  - Egress
27  egress:
28  - to:
29    - namespaceSelector:
30        matchLabels:
31          name: kube-system
32    ports:
33    - protocol: UDP
34      port: 53
35 
36---
37# Template 3: Frontend to Backend
38apiVersion: networking.k8s.io/v1
39kind: NetworkPolicy
40metadata:
41  name: allow-frontend-to-backend
42  namespace: <namespace>
43spec:
44  podSelector:
45    matchLabels:
46      app: backend
47      tier: backend
48  policyTypes:
49  - Ingress
50  ingress:
51  - from:
52    - podSelector:
53        matchLabels:
54          app: frontend
55          tier: frontend
56    ports:
57    - protocol: TCP
58      port: 8080
59    - protocol: TCP
60      port: 9090
61 
62---
63# Template 4: Allow Ingress Controller
64apiVersion: networking.k8s.io/v1
65kind: NetworkPolicy
66metadata:
67  name: allow-ingress-controller
68  namespace: <namespace>
69spec:
70  podSelector:
71    matchLabels:
72      app: web
73  policyTypes:
74  - Ingress
75  ingress:
76  - from:
77    - namespaceSelector:
78        matchLabels:
79          name: ingress-nginx
80    ports:
81    - protocol: TCP
82      port: 80
83    - protocol: TCP
84      port: 443
85 
86---
87# Template 5: Allow Monitoring (Prometheus)
88apiVersion: networking.k8s.io/v1
89kind: NetworkPolicy
90metadata:
91  name: allow-prometheus-scraping
92  namespace: <namespace>
93spec:
94  podSelector:
95    matchLabels:
96      prometheus.io/scrape: "true"
97  policyTypes:
98  - Ingress
99  ingress:
100  - from:
101    - namespaceSelector:
102        matchLabels:
103          name: monitoring
104    ports:
105    - protocol: TCP
106      port: 9090
107 
108---
109# Template 6: Allow External HTTPS
110apiVersion: networking.k8s.io/v1
111kind: NetworkPolicy
112metadata:
113  name: allow-external-https
114  namespace: <namespace>
115spec:
116  podSelector:
117    matchLabels:
118      app: api-client
119  policyTypes:
120  - Egress
121  egress:
122  - to:
123    - ipBlock:
124        cidr: 0.0.0.0/0
125        except:
126        - 169.254.169.254/32  # Block metadata service
127    ports:
128    - protocol: TCP
129      port: 443
130 
131---
132# Template 7: Database Access
133apiVersion: networking.k8s.io/v1
134kind: NetworkPolicy
135metadata:
136  name: allow-app-to-database
137  namespace: <namespace>
138spec:
139  podSelector:
140    matchLabels:
141      app: postgres
142      tier: database
143  policyTypes:
144  - Ingress
145  ingress:
146  - from:
147    - podSelector:
148        matchLabels:
149          tier: backend
150    ports:
151    - protocol: TCP
152      port: 5432
153 
154---
155# Template 8: Cross-Namespace Communication
156apiVersion: networking.k8s.io/v1
157kind: NetworkPolicy
158metadata:
159  name: allow-from-prod-namespace
160  namespace: <namespace>
161spec:
162  podSelector:
163    matchLabels:
164      app: api
165  policyTypes:
166  - Ingress
167  ingress:
168  - from:
169    - namespaceSelector:
170        matchLabels:
171          environment: production
172      podSelector:
173        matchLabels:
174          app: frontend
175    ports:
176    - protocol: TCP
177      port: 8080
178

Preparing the source view

Kubernetes Security Policies

assets/network-policy-template.yaml