managing-network-policies

# Network Policy Manager

This skill provides automated assistance for network policy manager tasks.

## Overview

Creates Kubernetes NetworkPolicy manifests to enforce least-privilege ingress/egress between pods and namespaces, and helps validate connectivity after changes.

## Prerequisites

Before using this skill, ensure:
- Kubernetes cluster has network policy support enabled
- Network plugin supports policies (Calico, Cilium, Weave)
- Pod labels are properly defined for policy selectors
- Understanding of application communication patterns
- Namespace isolation strategy is defined

## Instructions

1. **Identify Requirements**: Determine which pods need to communicate
2. **Define Selectors**: Use pod/namespace labels for policy targeting
3. **Configure Ingress**: Specify allowed incoming traffic sources and ports
4. **Configure Egress**: Define allowed outgoing traffic destinations
5. **Test Policies**: Verify connectivity works as expected
6. **Monitor Denials**: Check for blocked traffic in network plugin logs
7. **Iterate**: Refine policies based on application behavior

## Output

**Network Policy Examples:**
```yaml
# {baseDir}/network-policies/allow-frontend-to-backend.yaml


## Overview

This skill provides automated assistance for the described functionality.

## Examples

Example usage patterns will be demonstrated in context.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend-to-backend
  namespace: production
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
    - Ingress
  ingress:
    - from:
      - podSelector:
          matchLabels:
            app: frontend
      ports:
      - protocol: TCP
        port: 8080
---
# Deny all ingress by default
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: production
spec:
  podSelector: {}
  policyTypes:
    - Ingress
```

**Egress Policy:**
```yaml
apiVersion: networking.k8s.io/v1
kind: NetworkP