zero-trust
1
总安装量
1
周安装量
#52171
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill zero-trust
Agent 安装分布
opencode
1
codex
1
claude-code
1
Skill 文档
Zero Trust Architecture
Implement “never trust, always verify” security model.
Core Principles
zero_trust_principles:
- Verify explicitly (authenticate all access)
- Least privilege access
- Assume breach (micro-segmentation)
- Continuous validation
- End-to-end encryption
Identity-Based Access
# Service mesh mTLS
apiVersion: security.istio.io/v1beta1
kind: PeerAuthentication
metadata:
name: default
spec:
mtls:
mode: STRICT
---
apiVersion: security.istio.io/v1beta1
kind: AuthorizationPolicy
metadata:
name: frontend-to-backend
spec:
selector:
matchLabels:
app: backend
rules:
- from:
- source:
principals: ["cluster.local/ns/default/sa/frontend"]
Network Segmentation
# Kubernetes Network Policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
Implementation Steps
- Identify sensitive resources
- Map access patterns
- Implement strong authentication
- Apply micro-segmentation
- Enable logging and monitoring
- Continuous verification
Best Practices
- Identity-aware proxies
- Device trust verification
- Context-based access
- Encrypted communications
- Continuous monitoring
Related Skills
- service-mesh – mTLS implementation
- kubernetes-hardening – K8s security