Skip to content

feat(k8s/cluster): add security best practices documentation#16

Open
rafeegnash wants to merge 1 commit intok8-gcp-supportfrom
issue-76-security-best-practices
Open

feat(k8s/cluster): add security best practices documentation#16
rafeegnash wants to merge 1 commit intok8-gcp-supportfrom
issue-76-security-best-practices

Conversation

@rafeegnash
Copy link
Copy Markdown

@rafeegnash rafeegnash commented Feb 14, 2026

Summary

  • Adds security warnings and recommendations for plan generation
  • Provides helper functions to check security configurations
  • Enables consistent security guidance across all cluster providers

Security Warnings

Key Description
public-endpoint Warns about public cluster endpoints
public-service Warns about LoadBalancer services
no-network-policy Suggests adding network policies
secrets-plain Warns about plain Kubernetes secrets
root-container Warns about running as root
privileged Warns about privileged containers
host-network Warns about host network usage
no-resource-limits Suggests adding resource limits

Security Recommendations

Recommendations available for scenarios:

  • new-cluster
  • new-deployment
  • new-service
  • secrets

Helper Functions

Function Description
GetSecurityWarning Returns warning for a given key
GetSecurityRecommendations Returns recommendations for a scenario
IsPublicEndpoint Checks if cluster has public-only endpoint
ShouldWarnPublicAccess Checks if public access warning should be shown

Test Plan

  • Build passes
  • All cluster tests pass
  • Security function tests pass (30 test cases)

Closes bgdnvk#76

@claude
feat(k8s/cluster): add security best practices documentation
83d146a 
Add security warnings and recommendations that can be included in plan
generation to guide users toward secure configurations.

Security warnings for:
- Public endpoint exposure
- Public service exposure
- Missing network policies
- Plain Kubernetes secrets
- Root containers
- Privileged containers
- Host network usage
- Missing resource limits

Security recommendations for:
- New cluster creation
- New deployment creation
- New service creation
- Secrets management

Helper functions:
- GetSecurityWarning: Returns warning for a given key
- GetSecurityRecommendations: Returns recommendations for a scenario
- IsPublicEndpoint: Checks if cluster has public-only endpoint
- ShouldWarnPublicAccess: Checks if public access warning should be shown

Includes comprehensive tests for all security functions.

Refs bgdnvk#76

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rafeegnash