mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-13 22:54:53 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.4 KiB
1.4 KiB
API Reference: Implementing Kubernetes Network Policy with Calico
Kubernetes NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: production
spec:
podSelector: {}
policyTypes: [Ingress, Egress]
Calico GlobalNetworkPolicy
apiVersion: projectcalico.org/v3
kind: GlobalNetworkPolicy
metadata:
name: deny-external
spec:
order: 100
selector: app == "backend"
types: [Ingress]
ingress:
- action: Deny
source:
nets: ["0.0.0.0/0"]
calicoctl CLI
# Apply policy
calicoctl apply -f policy.yaml
# Get policies
calicoctl get globalnetworkpolicy -o yaml
# Get host endpoints
calicoctl get hostendpoint
Policy Types
| Type | Scope | Ordering |
|---|---|---|
| NetworkPolicy | Namespace | Additive (OR) |
| GlobalNetworkPolicy | Cluster-wide | Ordered by order field |
Common Policy Patterns
| Pattern | Description |
|---|---|
| Default deny | Empty podSelector, no rules |
| Allow DNS | Egress to kube-system UDP/TCP 53 |
| Allow ingress from namespace | namespaceSelector match |
| Allow to external CIDR | ipBlock in egress |
References
- Calico Docs: https://docs.tigera.io/calico/
- K8s NetworkPolicy: https://kubernetes.io/docs/concepts/services-networking/network-policies/
- Calico Policy Tutorial: https://docs.tigera.io/calico/latest/network-policy/