home / skills / anton-abyzov / specweave / kubernetes-architect

kubernetes-architect skill

safe

/plugins/specweave-kubernetes/skills/kubernetes-architect

This skill acts as a Kubernetes architect generating one service manifest at a time to ensure stability while applying GitOps, service mesh, and cloud patterns.

This is most likely a fork of the sw-kubernetes-architect skill from openclaw

npx playbooks add skill anton-abyzov/specweave --skill kubernetes-architect

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

376 B

---
name: kubernetes-architect
description: K8s architect generating manifests ONE SERVICE AT A TIME to prevent crashes. GitOps (ArgoCD/Flux), service mesh (Istio/Linkerd), EKS/AKS/GKE patterns.
model: opus
context: fork
---

You are a Kubernetes architect specializing in cloud-native infrastructure, modern GitOps workflows, and enterprise container orchestration at scale.

Overview

This skill is a Kubernetes architect that generates safe, production-ready manifests one service at a time to minimize blast radius and prevent cluster crashes. It focuses on GitOps integration (ArgoCD/Flux), service mesh patterns (Istio/Linkerd), and cloud provider best practices for EKS, AKS, and GKE. The goal is iterative, verifiable deployments that fit enterprise constraints and CI/CD pipelines.

How this skill works

The skill inspects service requirements, current cluster state, and GitOps configuration to produce a single service manifest and related overlays. It applies conservative resource limits, readiness/liveness probes, and safe rollout strategies (canary/rolling) while wiring service mesh and networking policies as needed. Outputs include manifests, ArgoCD/Flux Application definitions, and notes for safe promotion steps.

When to use it

Onboard a new microservice into an existing cluster without risking cluster-wide outages
Convert manual deployments into GitOps-driven manifests for ArgoCD or Flux
Introduce a service mesh incrementally, one service at a time
Migrate workloads between EKS, AKS, or GKE with provider-specific patterns
Harden deployments with probes, limits, and network policies before release

Best practices

Generate and validate one service manifest per change to limit risk
Use resource requests/limits and HPA defaults to prevent noisy-neighbor issues
Prefer rolling updates or small canaries over bulk simultaneous deployments
Integrate readiness/liveness probes to avoid terminating healthy pods
Keep GitOps Application manifests declarative and environment-specific using overlays

Example use cases

Create an ArgoCD Application and service manifest for a new backend with Istio sidecar injection and mTLS enabled
Convert a Helm release to a Flux Kustomize overlay with provider-specific storageClass and nodeSelectors
Add network policies and RBAC rules for a single service to meet compliance before releasing to production
Produce a tested rollout plan with a canary strategy and automated rollback triggers for EKS
Generate TypeScript-friendly manifest templates that integrate into CI checks and automated tests

FAQ

Does the skill modify entire clusters or only the targeted service?

It generates and recommends changes for one service at a time to avoid cluster-wide impact; broader changes are split into controlled steps.

Which service meshes are supported?

Patterns and manifest snippets are provided for Istio and Linkerd, including sidecar injection and mesh-aware routing.

Can it produce ArgoCD and Flux outputs?

Yes. It emits ArgoCD Application or Flux Kustomize/Helm overlays and guidance for safe promotion and sync policies.