playbooks

home / skills / dasien / claudemultiagenttemplate / container-orchestration

container-orchestration skill

/templates/.claude/skills/container-orchestration

This skill helps you design Kubernetes deployment patterns, configure service meshes, and implement container best practices to simplify scalable, secure

npx playbooks add skill dasien/claudemultiagenttemplate --skill container-orchestration

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
6.1 KB
---
name: "Container Orchestration"
description: "Design Kubernetes deployment patterns, configure service mesh, and implement container best practices"
category: "devops"
required_tools: ["Read", "Write", "Bash"]
---

# Container Orchestration

## Purpose
Design and manage containerized applications using Kubernetes and container orchestration platforms, implementing deployment patterns, scaling strategies, and service management.

## When to Use
- Deploying containerized applications
- Managing microservices architectures
- Implementing auto-scaling
- Configuring service discovery and load balancing
- Managing application secrets and configs
- Setting up multi-environment deployments

## Key Capabilities

1. **Kubernetes Deployment** - Design and implement K8s resources (Deployments, Services, Ingress)
2. **Scaling Strategies** - Implement horizontal pod autoscaling and cluster autoscaling
3. **Service Management** - Configure service discovery, load balancing, and networking

## Approach

1. **Design Container Strategy**
   - Determine container boundaries (one process per container)
   - Define resource limits (CPU, memory)
   - Plan persistent storage needs
   - Design health check endpoints

2. **Create Kubernetes Manifests**
   - Deployments for stateless apps
   - StatefulSets for stateful apps
   - Services for networking
   - ConfigMaps and Secrets for configuration
   - Ingress for external access

3. **Implement Scaling**
   - Horizontal Pod Autoscaler (HPA) based on CPU/memory/custom metrics
   - Vertical Pod Autoscaler (VPA) for resource optimization
   - Cluster Autoscaler for node scaling

4. **Configure Networking**
   - Service types (ClusterIP, NodePort, LoadBalancer)
   - Ingress controllers (nginx, traefik)
   - Network policies for security
   - Service mesh (Istio, Linkerd) for advanced routing

5. **Manage Configuration**
   - ConfigMaps for non-sensitive config
   - Secrets for sensitive data
   - External secrets operators for vault integration
   - Environment-specific configurations

## Example

**Context**: Deploying a web application with database on Kubernetes

**Deployment Manifest**:
```yaml
# web-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  labels:
    app: web
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: web
        image: myapp:v1.2.3
        ports:
        - containerPort: 8080
        env:
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: db-credentials
              key: url
        - name: REDIS_HOST
          valueFrom:
            configMapKeyRef:
              name: app-config
              key: redis-host
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 30
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5
---
# web-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: web-service
spec:
  selector:
    app: web
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
  type: LoadBalancer
---
# web-hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: web-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: web-app
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80
---
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    nginx.ingress.kubernetes.io/rate-limit: "100"
spec:
  tls:
  - hosts:
    - myapp.example.com
    secretName: web-tls
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-service
            port:
              number: 80
```

**ConfigMap**:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  redis-host: "redis.default.svc.cluster.local"
  log-level: "info"
  feature-flag-new-ui: "true"
```

**Secret** (created via kubectl):
```bash
kubectl create secret generic db-credentials \
  --from-literal=url='postgresql://user:pass@db:5432/mydb'
```

**Deploy**:
```bash
# Apply all manifests
kubectl apply -f web-deployment.yaml

# Verify deployment
kubectl get deployments
kubectl get pods
kubectl get services
kubectl get hpa

# Check logs
kubectl logs -f deployment/web-app

# Scale manually if needed
kubectl scale deployment web-app --replicas=5
```

**Expected Result**:
- 3 replicas running initially
- Auto-scales between 3-10 based on CPU/memory
- External access via LoadBalancer or Ingress
- Health checks ensure only healthy pods receive traffic
- Zero-downtime rolling updates
- Configuration managed via ConfigMaps/Secrets

## Best Practices

- ✅ Always set resource requests and limits
- ✅ Implement health checks (liveness and readiness probes)
- ✅ Use namespaces to organize resources
- ✅ Tag images with specific versions, not `:latest`
- ✅ Use ConfigMaps/Secrets for configuration
- ✅ Implement network policies for security
- ✅ Use StatefulSets for stateful applications
- ✅ Enable Pod Security Standards
- ✅ Implement rolling update strategies
- ✅ Monitor resource usage with metrics server
- ✅ Use init containers for setup tasks
- ✅ Implement pod disruption budgets for high availability
- ❌ Avoid: Running containers as root
- ❌ Avoid: Hardcoding configuration in images
- ❌ Avoid: Using `:latest` tag in production
- ❌ Avoid: No resource limits (can starve other pods)
- ❌ Avoid: Storing secrets in ConfigMaps
- ❌ Avoid: Single replica for critical services

Overview

This skill helps design and operate containerized applications using Kubernetes and related orchestration tools. It focuses on deployment patterns, scaling strategies, networking, and configuration management to deliver reliable, observable services. The skill emphasizes production-safe defaults and practical manifests for common web and stateful workloads.

How this skill works

It inspects application requirements and translates them into Kubernetes manifests: Deployments, StatefulSets, Services, Ingress, ConfigMaps, and Secrets. It defines resource requests/limits, health checks, and autoscaling policies (HPA/VPA/Cluster Autoscaler). It also recommends network configuration, service mesh options, and secrets management workflows to support secure multi-environment deployments.

When to use it

  • Deploying containerized web applications or microservices to Kubernetes clusters
  • Designing scaling strategies and autoscaling policies for variable load
  • Configuring service discovery, ingress, and load balancing for external access
  • Managing secrets, config per environment, and persistent storage needs
  • Implementing production deployment patterns like rolling updates and PodDisruptionBudgets

Best practices

  • Always set CPU and memory requests and limits for every container
  • Implement liveness and readiness probes and use rolling update strategies
  • Use ConfigMaps and Secrets (or external secret operators) for configuration and credentials
  • Avoid :latest image tags; pin image versions and use reproducible builds
  • Apply network policies and Pod Security Standards; avoid running containers as root
  • Use StatefulSets for stateful workloads and PodDisruptionBudgets for high availability

Example use cases

  • Deploy a 3-replica web app with LoadBalancer service, Ingress, HPA and resource limits
  • Run a stateful database with StatefulSet and persistent volumes, backed by Secrets for credentials
  • Add Istio or Linkerd for advanced routing, telemetry, and traffic shifting during rollout
  • Set up environment-specific ConfigMaps and an external secrets operator to inject credentials from a vault
  • Automate cluster node scaling with Cluster Autoscaler and tune HPA based on CPU/memory or custom metrics

FAQ

How do I expose an application externally?

Use a Service of type LoadBalancer or create an Ingress resource with an ingress controller (nginx, traefik). Configure TLS via cert-manager and an appropriate cluster issuer.

When should I use StatefulSet instead of Deployment?

Use StatefulSet for workloads that require stable network IDs, ordered startup/termination, or stable persistent storage (databases, clustered services). Deployments are for stateless apps.