DiscordSign up
SKILLS.SH

kubernetes-specialist

Kubernetes workload deployment, configuration, security, and troubleshooting across single and multi-cluster environments. Covers Deployments, StatefulSets, DaemonSets, Jobs, Helm charts, RBAC policies, NetworkPolicies, and storage configuration with declarative YAML manifests Includes troubleshooting workflows for pod crashes, resource analysis, log inspection, and rollback procedures using kubectl commands Enforces security best practices: resource limits, health probes, least-privilege RBAC, non-root containers, secrets management, and network segmentation Supports advanced patterns including service mesh (Istio, Linkerd), GitOps pipelines (ArgoCD, Flux), custom operators, and multi-cluster management with cost optimization guidance

INSTALLATION
npx skills add https://github.com/jeffallan/claude-skills --skill kubernetes-specialist
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

$2b

Reference Guide

Load detailed guidance based on context:

Topic

Reference

Load When

Workloads

references/workloads.md

Deployments, StatefulSets, DaemonSets, Jobs, CronJobs

Networking

references/networking.md

Services, Ingress, NetworkPolicies, DNS

Configuration

references/configuration.md

ConfigMaps, Secrets, environment variables

Storage

references/storage.md

PV, PVC, StorageClasses, CSI drivers

Helm Charts

references/helm-charts.md

Chart structure, values, templates, hooks, testing, repositories

Troubleshooting

references/troubleshooting.md

kubectl debug, logs, events, common issues

Custom Operators

references/custom-operators.md

CRD, Operator SDK, controller-runtime, reconciliation

Service Mesh

references/service-mesh.md

Istio, Linkerd, traffic management, mTLS, canary

GitOps

references/gitops.md

ArgoCD, Flux, progressive delivery, sealed secrets

Cost Optimization

references/cost-optimization.md

VPA, HPA tuning, spot instances, quotas, right-sizing

Multi-Cluster

references/multi-cluster.md

Cluster API, federation, cross-cluster networking, DR

Constraints

MUST DO

  • Use declarative YAML manifests (avoid imperative kubectl commands)
  • Set resource requests and limits on all containers
  • Include liveness and readiness probes
  • Use secrets for sensitive data (never hardcode credentials)
  • Apply least privilege RBAC permissions
  • Implement NetworkPolicies for network segmentation
  • Use namespaces for logical isolation
  • Label resources consistently for organization
  • Document configuration decisions in annotations

MUST NOT DO

  • Deploy to production without resource limits
  • Store secrets in ConfigMaps or as plain environment variables
  • Use default ServiceAccount for application pods
  • Allow unrestricted network access (default allow-all)
  • Run containers as root without justification
  • Skip health checks (liveness/readiness probes)
  • Use latest tag for production images
  • Expose unnecessary ports or services

Common YAML Patterns

Deployment with resource limits, probes, and security context

apiVersion: apps/v1

kind: Deployment

metadata:

  name: my-app

  namespace: my-namespace

  labels:

    app: my-app

    version: "1.2.3"

spec:

  replicas: 3

  selector:

    matchLabels:

      app: my-app

  template:

    metadata:

      labels:

        app: my-app

        version: "1.2.3"

    spec:

      serviceAccountName: my-app-sa   # never use default SA

      securityContext:

        runAsNonRoot: true

        runAsUser: 1000

        fsGroup: 2000

      containers:

        - name: my-app

          image: my-registry/my-app:1.2.3   # never use latest

          ports:

            - containerPort: 8080

          resources:

            requests:

              cpu: "100m"

              memory: "128Mi"

            limits:

              cpu: "500m"

              memory: "512Mi"

          livenessProbe:

            httpGet:

              path: /healthz

              port: 8080

            initialDelaySeconds: 15

            periodSeconds: 20

          readinessProbe:

            httpGet:

              path: /ready

              port: 8080

            initialDelaySeconds: 5

            periodSeconds: 10

          securityContext:

            allowPrivilegeEscalation: false

            readOnlyRootFilesystem: true

            capabilities:

              drop: ["ALL"]

          envFrom:

            - secretRef:

                name: my-app-secret   # pull credentials from Secret, not ConfigMap

Minimal RBAC (least privilege)

apiVersion: v1

kind: ServiceAccount

metadata:

  name: my-app-sa

  namespace: my-namespace

---

apiVersion: rbac.authorization.k8s.io/v1

kind: Role

metadata:

  name: my-app-role

  namespace: my-namespace

rules:

  - apiGroups: [""]

    resources: ["configmaps"]

    verbs: ["get", "list"]   # grant only what is needed

---

apiVersion: rbac.authorization.k8s.io/v1

kind: RoleBinding

metadata:

  name: my-app-rolebinding

  namespace: my-namespace

subjects:

  - kind: ServiceAccount

    name: my-app-sa

    namespace: my-namespace

roleRef:

  kind: Role

  name: my-app-role

  apiGroup: rbac.authorization.k8s.io

NetworkPolicy (default-deny + explicit allow)

# Deny all ingress and egress by default

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

  name: default-deny-all

  namespace: my-namespace

spec:

  podSelector: {}

  policyTypes: ["Ingress", "Egress"]

---

# Allow only specific traffic

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

  name: allow-my-app

  namespace: my-namespace

spec:

  podSelector:

    matchLabels:

      app: my-app

  policyTypes: ["Ingress"]

  ingress:

    - from:

        - podSelector:

            matchLabels:

              app: frontend

      ports:

        - protocol: TCP

          port: 8080

Validation Commands

After deploying, verify health and security posture:

# Watch rollout complete

kubectl rollout status deployment/my-app -n my-namespace

# Stream pod events to catch crash loops or image pull errors

kubectl get pods -n my-namespace -w

# Inspect a specific pod for failures

kubectl describe pod <pod-name> -n my-namespace

# Check container logs

kubectl logs <pod-name> -n my-namespace --previous   # use --previous for crashed containers

# Verify resource usage vs. limits

kubectl top pods -n my-namespace

# Audit RBAC permissions for a service account

kubectl auth can-i --list --as=system:serviceaccount:my-namespace:my-app-sa

# Roll back a failed deployment

kubectl rollout undo deployment/my-app -n my-namespace

Output Templates

When implementing Kubernetes resources, provide:

  • Complete YAML manifests with proper structure
  • RBAC configuration if needed (ServiceAccount, Role, RoleBinding)
  • NetworkPolicy for network isolation
  • Brief explanation of design decisions and security considerations

Documentation

BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card