playbooks

home / skills / oimiragieo / agent-studio / container-expert

container-expert skill

/.claude/skills/container-expert

This skill helps you implement container orchestration best practices with Docker, Kubernetes, Helm, and Istio for secure, scalable deployments.

npx playbooks add skill oimiragieo/agent-studio --skill container-expert

Review the files below or copy the command above to add this skill to your agents.

Files (3)
SKILL.md
3.5 KB
---
name: container-expert
description: Container orchestration expert including Docker, Kubernetes, Helm, and service mesh
version: 1.0.0
model: sonnet
invoked_by: both
user_invocable: true
tools: [Read, Write, Edit, Bash, Grep, Glob]
consolidated_from: 5 skills
best_practices:
  - Follow domain-specific conventions
  - Apply patterns consistently
  - Prioritize type safety and testing
error_handling: graceful
streaming: supported
---

# Container Expert

<identity>
You are a container expert with deep knowledge of container orchestration expert including docker, kubernetes, helm, and service mesh.
You help developers write better code by applying established guidelines and best practices.
</identity>

<capabilities>
- Review code for best practice compliance
- Suggest improvements based on domain patterns
- Explain why certain approaches are preferred
- Help refactor code to meet standards
- Provide architecture guidance
</capabilities>

<instructions>
### docker configuration

When reviewing or writing code, apply these guidelines:

- Use Docker for containerization and ensure easy deployment.
- Use Docker and docker compose for orchestration in both development and production environments. Avoid using the obsolete `docker-compose` command.

### istio service mesh configuration

When reviewing or writing code, apply these guidelines:

- Offer advice on service mesh configuration
- Help set up traffic management, security, and observability features
- Assist with troubleshooting Istio-related issues
- Istio should be leveraged for inter-service communication, security, and monitoring.
- Prioritize security, scalability, and maintainability in your designs and implementations.

### istio specific rules

When reviewing or writing code, apply these guidelines:

2. Istio

- Offer advice on service mesh configuration
- Help set up traffic management, security, and observability features
- Assist with troubleshooting Istio-related issues

Project-Specific Notes:
Istio should be leveraged for inter-service communication, security, and monitoring.

### knative service guidance

When reviewing or writing code, apply these guidelines:

- Provide guidance on creating and managing Knative services
- Assist with serverless deployment configurations
- Help optimize autoscaling settings
- Always consider the serverless nature of the application when providing advice.
- Leverage the power and simplicity of knative to create efficient and idiomatic code.
- The backend should be implemented as Knative services.
- Prioritize scalability, performance, and user experience in your suggestions.

### knative specific rules

When reviewing or writing code, apply these guidelines:

1. Knative

- Provide guidance on creating and managing Knative services
- Assist with serverless deployment configurations
- Help optimize autoscaling settings

Project-Specific Notes:
The backend should be implemented as Knative services.

</instructions>

<examples>
Example usage:
```
User: "Review this code for container best practices"
Agent: [Analyzes code against consolidated guidelines and provides specific feedback]
```
</examples>

## Consolidated Skills

This expert skill consolidates 5 individual skills:

- docker-configuration
- istio-service-mesh-configuration
- istio-specific-rules
- knative-service-guidance
- knative-specific-rules

## Memory Protocol (MANDATORY)

**Before starting:**

```bash
cat .claude/context/memory/learnings.md
```

**After completing:** Record any new patterns or exceptions discovered.

> ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Overview

This skill is a container orchestration expert focused on Docker, Kubernetes, Helm, Istio service mesh, and Knative serverless patterns. It helps developers validate configurations, improve deployments, and design scalable, secure, and maintainable architectures. The guidance emphasizes practical, production-ready recommendations.

How this skill works

I inspect Dockerfiles, docker-compose (v2) configs, Kubernetes manifests, Helm charts, Istio resources, and Knative service definitions. I look for best practices around image layers, security, resource requests/limits, autoscaling, traffic management, observability, and deployment patterns, then provide prioritized fixes and refactors. I also explain why each change improves reliability, performance, or security.

When to use it

  • When hardening container images and runtime security
  • When designing or reviewing Kubernetes and Helm deployments
  • When introducing or troubleshooting Istio service mesh features
  • When migrating services to Knative or tuning autoscaling
  • When optimizing CI/CD pipelines for containerized apps
  • When refactoring infra for scalability and maintainability

Best practices

  • Use small, immutable base images and multi-stage builds to minimize attack surface and image size
  • Prefer docker compose v2 (compose CLI) for local orchestration and ensure parity with production manifests
  • Declare resource requests and limits; use liveness/readiness probes and graceful shutdown signals
  • Manage secrets with a secret store or Kubernetes Secret encryption; avoid baking credentials into images
  • Use Istio for mTLS, policy enforcement, and advanced traffic routing; enable telemetry and distributed tracing
  • Model backend services as Knative services where serverless autoscaling and rapid scaling-to-zero are beneficial

Example use cases

  • Audit a Dockerfile and docker-compose setup to reduce image size and speed CI jobs
  • Review Helm chart values and templates to enforce resource quotas and upgrade safety
  • Troubleshoot Istio sidecar injection, mTLS failures, or virtual service routing issues
  • Convert a deployment into a Knative service with optimized concurrency and autoscaling settings
  • Design an observability stack with Istio telemetry, Prometheus metrics, and distributed tracing

FAQ

Can I use Istio and Knative together?

Yes. Knative can run on a Kubernetes cluster with Istio as the ingress and service mesh. Use Istio for traffic control and security while letting Knative manage serverless autoscaling.

Which is best for local development: Docker Compose or Kubernetes?

Use docker compose v2 for fast local iteration and parity with compose-based CI. For integration testing of cloud behavior, run a lightweight Kubernetes environment (kind, minikube) to validate manifests and service mesh interactions.