home / skills / doanchienthangdev / omgkit / kubernetes

kubernetes skill

safe

This skill helps you deploy and manage applications on Kubernetes, including deployments, services, Helm, autoscaling, and secure configuration.

npx playbooks add skill doanchienthangdev/omgkit --skill kubernetes

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

3.4 KB

---
name: Orchestrating with Kubernetes
description: The agent implements Kubernetes container orchestration with deployments, services, Helm charts, and production patterns. Use when deploying containerized applications, configuring autoscaling, managing secrets, or setting up ingress routing.
---

# Orchestrating with Kubernetes

## Quick Start

```yaml
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api-server
spec:
  replicas: 3
  selector:
    matchLabels:
      app: api-server
  template:
    metadata:
      labels:
        app: api-server
    spec:
      containers:
        - name: api
          image: ghcr.io/org/api:v1.0.0
          ports:
            - containerPort: 3000
          resources:
            requests: { cpu: "100m", memory: "256Mi" }
            limits: { cpu: "500m", memory: "512Mi" }
```

```bash
kubectl apply -f deployment.yaml
```

## Features

| Feature | Description | Guide |
|---------|-------------|-------|
| Deployments | Declarative pod management with rollbacks | Define replicas, update strategy, pod template |
| Services | Internal/external load balancing | ClusterIP for internal, LoadBalancer for external |
| ConfigMaps/Secrets | Configuration and sensitive data | Mount as volumes or environment variables |
| Ingress | HTTP routing with TLS termination | Use nginx-ingress or cloud provider ingress |
| HPA | Horizontal Pod Autoscaler | Scale based on CPU, memory, or custom metrics |
| Helm | Package manager for K8s applications | Template and version deployments |

## Common Patterns

### Production Deployment with Probes

```yaml
spec:
  containers:
    - name: api
      image: ghcr.io/org/api:v1.0.0
      livenessProbe:
        httpGet: { path: /health/live, port: 3000 }
        initialDelaySeconds: 15
        periodSeconds: 20
      readinessProbe:
        httpGet: { path: /health/ready, port: 3000 }
        initialDelaySeconds: 5
        periodSeconds: 10
      env:
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef: { name: app-secrets, key: database-url }
```

### Horizontal Pod Autoscaler

```yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: api-server
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: api-server
  minReplicas: 3
  maxReplicas: 20
  metrics:
    - type: Resource
      resource: { name: cpu, target: { type: Utilization, averageUtilization: 70 } }
```

### Ingress with TLS

```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls:
    - hosts: [api.example.com]
      secretName: api-tls
  rules:
    - host: api.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service: { name: api-server, port: { number: 80 } }
```

## Best Practices

| Do | Avoid |
|----|-------|
| Set resource requests and limits | Running containers as root |
| Implement liveness and readiness probes | Using `latest` tag in production |
| Use namespaces for environment isolation | Hardcoding config in container images |
| Configure Pod Disruption Budgets | Skipping network policies |
| Use Secrets for sensitive data | Exposing unnecessary ports |
| Implement pod anti-affinity rules | Using NodePort in production |
| Set up HPA for autoscaling | Ignoring pod security standards |

Overview

This skill implements Kubernetes container orchestration patterns for deploying and running production-grade applications. It provides ready-to-use deployments, services, Helm chart guidance, autoscaling, ingress routing, and secrets management. The focus is on repeatable, secure, and observable deployments suitable for cloud or on-prem clusters.

How this skill works

The skill supplies Kubernetes manifests and patterns you can apply or templatize with Helm: Deployment objects with resource requests/limits, probes, and anti-affinity; Services and Ingress resources for internal and external routing; HPA configuration for horizontal autoscaling; and ConfigMaps/Secrets integration. Apply the YAML directly with kubectl or wrap with Helm charts to manage versions, values, and rollbacks. It promotes production conventions like TLS via cert-manager, PodDisruptionBudgets, and non-root containers.

When to use it

Deploying containerized web APIs, background workers, or microservices to Kubernetes
Configuring autoscaling based on CPU, memory, or custom metrics
Exposing services externally with TLS and path-based routing via Ingress
Managing sensitive configuration with Secrets and mounting environment variables
Packaging and releasing applications using Helm chart templates

Best practices

Set explicit resource requests and limits to enable reliable scheduling and autoscaling
Implement liveness and readiness probes to improve rollout safety and traffic routing
Avoid using the latest image tag; pin versions and use image registries with CI/CD promotion
Store sensitive values in Secrets and avoid hardcoding configuration into images
Use namespaces, PodDisruptionBudgets, and network policies for isolation and availability

Example use cases

Deploy a Node.js API with a Deployment, ClusterIP Service, and Ingress with TLS termination
Add an HPA to scale replicas between min and max based on CPU utilization
Package a multi-component stack (API, worker, DB proxy) as a Helm chart with configurable values
Mount Secrets for DATABASE_URL and API keys and expose config via ConfigMaps as environment variables
Apply pod anti-affinity and PDBs to maintain availability during node upgrades

FAQ

Can I use these manifests directly in production?

Yes—manifests include production patterns, but you should adapt resource values, probes, and security contexts to your environment and CI/CD flow.

How do I enable TLS for my Ingress?

Use cert-manager with a ClusterIssuer (e.g., Let's Encrypt), annotate the Ingress accordingly, and reference a TLS secret for your host.