implementing-network-policies-for-kubernetes

mukul975/Anthropic-Cybersecurity-Skills|Updated May 25, 2026

Works with

Claude CodeCursorClineWindsurfCodex

Installation Guide

Select your AI agent

How to use implementing-network-policies-for-kubernetes on Cursor

AI-first code editor with Composer

Prerequisites

Before installing skills in Cursor, ensure your development environment meets these requirements:

›Cursor installed and configured on your machine
›Node.js 16+ with npm — verify with node --version
›Active project directory where you want to add implementing-network-policies-for-kubernetes

Run the install command

Execute the skills CLI command in your project's root directory to begin installation:

$npx skills install mukul975/Anthropic-Cybersecurity-Skills/implementing-network-policies-for-kubernetes

Fetches implementing-network-policies-for-kubernetes from mukul975/Anthropic-Cybersecurity-Skills and configures it for Cursor.

Select Cursor when prompted

The CLI shows a list of agents. Use arrow keys and space to select Cursor:

◆ Which agents do you want to install to?

│

│ ── Universal (.agents/skills) ────────────────

│ · Cline · Codex · Goose · Windsurf

│ ●Cursor(selected)

│ · Cursor · Aider · Continue

Verify installation

Confirm successful installation by checking the skill directory location:

.cursor/skills/implementing-network-policies-for-kubernetes

Restart Cursor to activate implementing-network-policies-for-kubernetes. Access via /implementing-network-policies-for-kubernetes in your agent's command palette.

⚠

Security Notice

We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.

Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.

›View source on GitHub ›Skills CLI docs ›About Cursor ›What are agent skills?

Documentation

List & Monetize Your Skill

Submit your Claude Code skill and start earning

Get started →

Use Cases

Task Automation & Efficiency

Automate repetitive workflows and reduce manual effort

Example

Generate reports, summarize documents, draft communications

✓

Save 3-5 hours per week on routine tasks

Knowledge Enhancement

Learn new skills, understand complex topics, get expert guidance

Example

Explain concepts, provide examples, suggest learning resources

✓

Accelerate learning and skill development by 2x

Quality Improvement

Enhance output quality through reviews, suggestions, and refinements

Example

Review drafts, suggest improvements, catch errors

✓

Improve work quality by 30-40% with less effort

Overview

Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control traffic flow between pods, namespaces, and external endpoints. Combined with CNI plugins like Calico or Cilium, network policies enforce zero-trust microsegmentation to prevent lateral movement within the cluster.

When to Use

When deploying or configuring implementing network policies for kubernetes capabilities in your environment

When establishing security controls aligned to compliance requirements

When building or improving security architecture for this domain

When conducting security assessments that require this implementation

Workflow

Step 1: Default Deny All Traffic

# default-deny-all.yaml - Apply to every namespace apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny-all namespace: production spec: podSelector: {} # Applies to all pods policyTypes: - Ingress - Egress

Step 2: Allow DNS Egress (Required for Service Discovery)

apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-dns namespace: production spec: podSelector: {} policyTypes: - Egress egress: - to: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system ports: - protocol: UDP port: 53 - protocol: TCP port: 53

Step 3: Application-Specific Policies

# Allow frontend to reach backend only apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: backend-allow-frontend namespace: production spec: podSelector: matchLabels: app: backend policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: app: frontend ports: - protocol: TCP port: 8080 --- # Allow backend to reach database only apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: database-allow-backend namespace: production spec: podSelector: matchLabels: app: database policyTypes: - Ingress ingress: - from: - podSelector: matchLabels: app: backend ports: - protocol: TCP port: 5432

Step 4: Cross-Namespace Policies

# Allow monitoring namespace to scrape metrics apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-monitoring-scrape namespace: production spec: podSelector: {} policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: purpose: monitoring ports: - protocol: TCP port: 9090 # Prometheus metrics port

Step 5: Egress Restrictions

# Restrict egress to specific external services apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: restrict-egress namespace: production spec: podSelector: matchLabels: app: backend policyTypes: - Egress egress: - to: - podSelector: matchLabels: app: database ports: - protocol: TCP port: 5432 - to: # Allow external API - ipBlock: cidr: 203.0.113.0/24 ports: - protocol: TCP port: 443 - to: # DNS - namespaceSelector: matchLabels: kubernetes.io/metadata.name: kube-system ports: - protocol: UDP port: 53

Step 6: Block Cloud Metadata Access

# Prevent SSRF to cloud metadata service apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: block-metadata namespace: production spec: podSelector: {} policyTypes: - Egress egress: - to: - ipBlock: cidr: 0.0.0.0/0 except: - 169.254.169.254/32 # AWS/GCP metadata - 100.100.100.200/32 # Azure metadata

Validation Commands

# Verify policies are applied kubectl get networkpolicies -n production # Test connectivity (should be blocked) kubectl run test-pod --image=busybox --restart=Never -n production -- wget -qO- --timeout=2 http://database-service:5432 # Expected: timeout (blocked by policy) # Test allowed traffic kubectl run frontend-test --image=busybox --labels=app=frontend --restart=Never -n production -- wget -qO- --timeout=2 http://backend-service:8080 # Expected: connection succeeds

name	implementing-network-policies-for-kubernetes
description	Kubernetes NetworkPolicies provide pod-level network segmentation by defining ingress and egress rules that control traffic flow between pods, namespaces, and external endpoints. Combined with CNI plu
domain	cybersecurity
subdomain	container-security
tags	- containers - kubernetes - security - network-policies - microsegmentation
version	'1.0'
author	mahipal
license	Apache-2.0
nist_csf	- PR.PS-01 - PR.IR-01 - ID.AM-08 - DE.CM-01

implementing-network-policies-for-kubernetes

Installation Guide

How to use implementing-network-policies-for-kubernetes on Cursor

Prerequisites

Run the install command

Select Cursor when prompted

Verify installation

Security Notice

Documentation

List & Monetize Your Skill

Use Cases

Task Automation & Efficiency

Knowledge Enhancement

Quality Improvement

Install Skill

Implementing Network Policies for Kubernetes

Overview

When to Use

Prerequisites

Workflow

Step 1: Default Deny All Traffic

Step 2: Allow DNS Egress (Required for Service Discovery)

Step 3: Application-Specific Policies

Step 4: Cross-Namespace Policies

Step 5: Egress Restrictions

Step 6: Block Cloud Metadata Access

Validation Commands

References

Implementation Guide

Best Practices

When to Use This

Learning Path

Related Skills

scanning-docker-images-with-trivy

performing-cryptographic-audit-of-application

implementing-soar-playbook-with-palo-alto-xsoar

exploiting-deeplink-vulnerabilities

analyzing-network-traffic-with-wireshark

generating-threat-intelligence-reports

Reviews

Discussion