jeremylongshore

managing-network-policies

@jeremylongshore/managing-network-policies
jeremylongshore
1,004
123 forks
Updated 1/18/2026
View on GitHub

Execute use when managing Kubernetes network policies and firewall rules. Trigger with phrases like "create network policy", "configure firewall rules", "restrict pod communication", or "setup ingress/egress rules". Generates Kubernetes NetworkPolicy manifests following least privilege and zero-trust principles.

Installation

$skills install @jeremylongshore/managing-network-policies
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositoryjeremylongshore/claude-code-plugins-plus-skills
Pathplugins/devops/network-policy-manager/skills/managing-network-policies/SKILL.md
Branchmain
Scoped Name@jeremylongshore/managing-network-policies

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: managing-network-policies description: | Execute use when managing Kubernetes network policies and firewall rules. Trigger with phrases like "create network policy", "configure firewall rules", "restrict pod communication", or "setup ingress/egress rules". Generates Kubernetes NetworkPolicy manifests following least privilege and zero-trust principles. allowed-tools: Read, Write, Edit, Grep, Glob, Bash(kubectl:*) version: 1.0.0 author: Jeremy Longshore jeremy@intentsolutions.io license: MIT

Network Policy Manager

This skill provides automated assistance for network policy manager tasks.

Overview

Creates Kubernetes NetworkPolicy manifests to enforce least-privilege ingress/egress between pods and namespaces, and helps validate connectivity after changes.

Prerequisites

Before using this skill, ensure:

  • Kubernetes cluster has network policy support enabled
  • Network plugin supports policies (Calico, Cilium, Weave)
  • Pod labels are properly defined for policy selectors
  • Understanding of application communication patterns
  • Namespace isolation strategy is defined

Instructions

  1. Identify Requirements: Determine which pods need to communicate
  2. Define Selectors: Use pod/namespace labels for policy targeting
  3. Configure Ingress: Specify allowed incoming traffic sources and ports
  4. Configure Egress: Define allowed outgoing traffic destinations
  5. Test Policies: Verify connectivity works as expected
  6. Monitor Denials: Check for blocked traffic in network plugin logs
  7. Iterate: Refine policies based on application behavior

Output

Network Policy Examples:

# {baseDir}/network-policies/allow-frontend-to-backend.yaml


## Overview

This skill provides automated assistance for the described functionality.

## Examples

Example usage patterns will be demonstrated in context.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: production
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
    - Ingress
  ingress:
    - from:
      - podSelector:
          matchLabels:
            app: frontend
      ports:
      - protocol: TCP
        port: 8080
---
# Deny all ingress by default
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: production
spec:
  podSelector: {}
  policyTypes:
    - Ingress

Egress Policy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-external-api
spec:
  podSelector:
    matchLabels:
      app: api-client
  policyTypes:
    - Egress
  egress:
    - to:
      - namespaceSelector:
          matchLabels:
            name: external-services
      ports:
      - protocol: TCP
        port: 443

Error Handling

Policy Not Applied

  • Error: Traffic still blocked/allowed contrary to policy
  • Solution: Verify network plugin supports policies and policy is applied to correct namespace

DNS Resolution Fails

  • Error: Pods cannot resolve DNS after applying policy
  • Solution: Add egress rule allowing DNS traffic to kube-dns/coredns

No Communication After Policy

  • Error: All traffic blocked unexpectedly
  • Solution: Check for default-deny policies and ensure explicit allow rules exist

Label Mismatch

  • Error: Policy not targeting intended pods
  • Solution: Verify pod labels match policy selectors using kubectl get pods --show-labels

Examples

  • "Restrict namespace prod so only the ingress controller can reach the web pods on 443."
  • "Create egress rules that allow the API to talk only to Postgres and Redis."

Resources

More by jeremylongshore

View all
rabbitmq-queue-setup
1,004

Rabbitmq Queue Setup - Auto-activating skill for Backend Development. Triggers on: rabbitmq queue setup, rabbitmq queue setup Part of the Backend Development skill category.

model-evaluation-suite
1,004

evaluating-machine-learning-models: This skill allows Claude to evaluate machine learning models using a comprehensive suite of metrics. It should be used when the user requests model performance analysis, validation, or testing. Claude can use this skill to assess model accuracy, precision, recall, F1-score, and other relevant metrics. Trigger this skill when the user mentions "evaluate model", "model performance", "testing metrics", "validation results", or requests a comprehensive "model evaluation".

neural-network-builder
1,004

building-neural-networks: This skill allows Claude to construct and configure neural network architectures using the neural-network-builder plugin. It should be used when the user requests the creation of a new neural network, modification of an existing one, or assistance with defining the layers, parameters, and training process. The skill is triggered by requests involving terms like "build a neural network," "define network architecture," "configure layers," or specific mentions of neural network types (e.g., "CNN," "RNN," "transformer").

oauth-callback-handler
1,004

Oauth Callback Handler - Auto-activating skill for API Integration. Triggers on: oauth callback handler, oauth callback handler Part of the API Integration skill category.