DiscordSign up
SKILLS.SH

k8s-manifest-generator

Production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims. Covers eight core resource types with step-by-step guidance: Deployments with health checks and resource limits, Services (ClusterIP, LoadBalancer, NodePort), ConfigMaps, Secrets, PersistentVolumeClaims, security contexts, labels, and multi-resource organization Includes security best practices such as running as non-root, dropping capabilities, read-only filesystems, and Pod Security Standards Provides four common patterns: stateless web applications, stateful databases, background jobs, and multi-container pods with ready-to-use templates Covers validation and testing workflows using kubectl dry-run, kubeval, kube-score, and kube-linter to catch configuration errors before deployment

INSTALLATION
npx skills add https://github.com/wshobson/agents --skill k8s-manifest-generator
Run in your project or agent environment. Adjust flags if your CLI version differs.

SKILL.md

Kubernetes Manifest Generator

Step-by-step guidance for creating production-ready Kubernetes manifests including Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims.

Purpose

This skill provides comprehensive guidance for generating well-structured, secure, and production-ready Kubernetes manifests following cloud-native best practices and Kubernetes conventions.

When to Use This Skill

Use this skill when you need to:

  • Create new Kubernetes Deployment manifests
  • Define Service resources for network connectivity
  • Generate ConfigMap and Secret resources for configuration management
  • Create PersistentVolumeClaim manifests for stateful workloads
  • Follow Kubernetes best practices and naming conventions
  • Implement resource limits, health checks, and security contexts
  • Design manifests for multi-environment deployments

Step-by-Step Workflow

1. Gather Requirements

Understand the workload:

  • Application type (stateless/stateful)
  • Container image and version
  • Environment variables and configuration needs
  • Storage requirements
  • Network exposure requirements (internal/external)
  • Resource requirements (CPU, memory)
  • Scaling requirements
  • Health check endpoints

Questions to ask:

  • What is the application name and purpose?
  • What container image and tag will be used?
  • Does the application need persistent storage?
  • What ports does the application expose?
  • Are there any secrets or configuration files needed?
  • What are the CPU and memory requirements?
  • Does the application need to be exposed externally?

2. Create Deployment Manifest

Follow this structure:

apiVersion: apps/v1

kind: Deployment

metadata:

  name: <app-name>

  namespace: <namespace>

  labels:

    app: <app-name>

    version: <version>

spec:

  replicas: 3

  selector:

    matchLabels:

      app: <app-name>

  template:

    metadata:

      labels:

        app: <app-name>

        version: <version>

    spec:

      containers:

        - name: <container-name>

          image: <image>:<tag>

          ports:

            - containerPort: <port>

              name: http

          resources:

            requests:

              memory: "256Mi"

              cpu: "250m"

            limits:

              memory: "512Mi"

              cpu: "500m"

          livenessProbe:

            httpGet:

              path: /health

              port: http

            initialDelaySeconds: 30

            periodSeconds: 10

          readinessProbe:

            httpGet:

              path: /ready

              port: http

            initialDelaySeconds: 5

            periodSeconds: 5

          env:

            - name: ENV_VAR

              value: "value"

          envFrom:

            - configMapRef:

                name: <app-name>-config

            - secretRef:

                name: <app-name>-secret

Best practices to apply:

  • Always set resource requests and limits
  • Implement both liveness and readiness probes
  • Use specific image tags (never :latest)
  • Apply security context for non-root users
  • Use labels for organization and selection
  • Set appropriate replica count based on availability needs

Reference: See references/deployment-spec.md for detailed deployment options

3. Create Service Manifest

Choose the appropriate Service type:

ClusterIP (internal only):

apiVersion: v1

kind: Service

metadata:

  name: <app-name>

  namespace: <namespace>

  labels:

    app: <app-name>

spec:

  type: ClusterIP

  selector:

    app: <app-name>

  ports:

    - name: http

      port: 80

      targetPort: 8080

      protocol: TCP

LoadBalancer (external access):

apiVersion: v1

kind: Service

metadata:

  name: <app-name>

  namespace: <namespace>

  labels:

    app: <app-name>

  annotations:

    service.beta.kubernetes.io/aws-load-balancer-type: nlb

spec:

  type: LoadBalancer

  selector:

    app: <app-name>

  ports:

    - name: http

      port: 80

      targetPort: 8080

      protocol: TCP

Reference: See references/service-spec.md for service types and networking

4. Create ConfigMap

For application configuration:

apiVersion: v1

kind: ConfigMap

metadata:

  name: <app-name>-config

  namespace: <namespace>

data:

  APP_MODE: production

  LOG_LEVEL: info

  DATABASE_HOST: db.example.com

  # For config files

  app.properties: |

    server.port=8080

    server.host=0.0.0.0

    logging.level=INFO

Best practices:

  • Use ConfigMaps for non-sensitive data only
  • Organize related configuration together
  • Use meaningful names for keys
  • Consider using one ConfigMap per component
  • Version ConfigMaps when making changes

Reference: See assets/configmap-template.yaml for examples

5. Create Secret

For sensitive data:

apiVersion: v1

kind: Secret

metadata:

  name: <app-name>-secret

  namespace: <namespace>

type: Opaque

stringData:

  DATABASE_PASSWORD: "changeme"

  API_KEY: "secret-api-key"

  # For certificate files

  tls.crt: |

    -----BEGIN CERTIFICATE-----

    ...

    -----END CERTIFICATE-----

  tls.key: |

    -----BEGIN PRIVATE KEY-----

    ...

    -----END PRIVATE KEY-----

Security considerations:

  • Never commit secrets to Git in plain text
  • Use Sealed Secrets, External Secrets Operator, or Vault
  • Rotate secrets regularly
  • Use RBAC to limit secret access
  • Consider using Secret type: kubernetes.io/tls for TLS secrets

6. Create PersistentVolumeClaim (if needed)

For stateful applications:

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

  name: <app-name>-data

  namespace: <namespace>

spec:

  accessModes:

    - ReadWriteOnce

  storageClassName: gp3

  resources:

    requests:

      storage: 10Gi

Mount in Deployment:

spec:

  template:

    spec:

      containers:

        - name: app

          volumeMounts:

            - name: data

              mountPath: /var/lib/app

      volumes:

        - name: data

          persistentVolumeClaim:

            claimName: <app-name>-data

Storage considerations:

  • Choose appropriate StorageClass for performance needs
  • Use ReadWriteOnce for single-pod access
  • Use ReadWriteMany for multi-pod shared storage
  • Consider backup strategies
  • Set appropriate retention policies

7. Apply Security Best Practices

Add security context to Deployment:

spec:

  template:

    spec:

      securityContext:

        runAsNonRoot: true

        runAsUser: 1000

        fsGroup: 1000

        seccompProfile:

          type: RuntimeDefault

      containers:

        - name: app

          securityContext:

            allowPrivilegeEscalation: false

            readOnlyRootFilesystem: true

            capabilities:

              drop:

                - ALL

Security checklist:

  • Run as non-root user
  • Drop all capabilities
  • Use read-only root filesystem
  • Disable privilege escalation
  • Set seccomp profile
  • Use Pod Security Standards

8. Add Labels and Annotations

Standard labels (recommended):

metadata:

  labels:

    app.kubernetes.io/name: <app-name>

    app.kubernetes.io/instance: <instance-name>

    app.kubernetes.io/version: "1.0.0"

    app.kubernetes.io/component: backend

    app.kubernetes.io/part-of: <system-name>

    app.kubernetes.io/managed-by: kubectl

Useful annotations:

metadata:

  annotations:

    description: "Application description"

    contact: "team@example.com"

    prometheus.io/scrape: "true"

    prometheus.io/port: "9090"

    prometheus.io/path: "/metrics"

9. Organize Multi-Resource Manifests

File organization options:

**Option 1: Single file with --- separator**

# app-name.yaml

---

apiVersion: v1

kind: ConfigMap

...

---

apiVersion: v1

kind: Secret

...

---

apiVersion: apps/v1

kind: Deployment

...

---

apiVersion: v1

kind: Service

...

Option 2: Separate files

manifests/

├── configmap.yaml

├── secret.yaml

├── deployment.yaml

├── service.yaml

└── pvc.yaml

Option 3: Kustomize structure

base/

├── kustomization.yaml

├── deployment.yaml

├── service.yaml

└── configmap.yaml

overlays/

├── dev/

│   └── kustomization.yaml

└── prod/

    └── kustomization.yaml

10. Validate and Test

Validation steps:

# Dry-run validation

kubectl apply -f manifest.yaml --dry-run=client

# Server-side validation

kubectl apply -f manifest.yaml --dry-run=server

# Validate with kubeval

kubeval manifest.yaml

# Validate with kube-score

kube-score score manifest.yaml

# Check with kube-linter

kube-linter lint manifest.yaml

Testing checklist:

  • Manifest passes dry-run validation
  • All required fields are present
  • Resource limits are reasonable
  • Health checks are configured
  • Security context is set
  • Labels follow conventions
  • Namespace exists or is created

Common Patterns

Pattern 1: Simple Stateless Web Application

Use case: Standard web API or microservice

Components needed:

  • Deployment (3 replicas for HA)
  • ClusterIP Service
  • ConfigMap for configuration
  • Secret for API keys
  • HorizontalPodAutoscaler (optional)

Reference: See assets/deployment-template.yaml

Pattern 2: Stateful Database Application

Use case: Database or persistent storage application

Components needed:

  • StatefulSet (not Deployment)
  • Headless Service
  • PersistentVolumeClaim template
  • ConfigMap for DB configuration
  • Secret for credentials

Pattern 3: Background Job or Cron

Use case: Scheduled tasks or batch processing

Components needed:

  • CronJob or Job
  • ConfigMap for job parameters
  • Secret for credentials
  • ServiceAccount with RBAC

Pattern 4: Multi-Container Pod

Use case: Application with sidecar containers

Components needed:

  • Deployment with multiple containers
  • Shared volumes between containers
  • Init containers for setup
  • Service (if needed)

Templates

The following templates are available in the assets/ directory:

  • deployment-template.yaml - Standard deployment with best practices
  • service-template.yaml - Service configurations (ClusterIP, LoadBalancer, NodePort)
  • configmap-template.yaml - ConfigMap examples with different data types
  • secret-template.yaml - Secret examples (to be generated, not committed)
  • pvc-template.yaml - PersistentVolumeClaim templates

Reference Documentation

  • references/deployment-spec.md - Detailed Deployment specification
  • references/service-spec.md - Service types and networking details

Best Practices Summary

  • Always set resource requests and limits - Prevents resource starvation
  • Implement health checks - Ensures Kubernetes can manage your application
  • Use specific image tags - Avoid unpredictable deployments
  • Apply security contexts - Run as non-root, drop capabilities
  • Use ConfigMaps and Secrets - Separate config from code
  • Label everything - Enables filtering and organization
  • Follow naming conventions - Use standard Kubernetes labels
  • Validate before applying - Use dry-run and validation tools
  • Version your manifests - Keep in Git with version control
  • Document with annotations - Add context for other developers

Troubleshooting

Pods not starting:

  • Check image pull errors: kubectl describe pod <pod-name>
  • Verify resource availability: kubectl get nodes
  • Check events: kubectl get events --sort-by='.lastTimestamp'

Service not accessible:

  • Verify selector matches pod labels: kubectl get endpoints <service-name>
  • Check service type and port configuration
  • Test from within cluster: kubectl run debug --rm -it --image=busybox -- sh

ConfigMap/Secret not loading:

  • Verify names match in Deployment
  • Check namespace
  • Ensure resources exist: kubectl get configmap,secret

Next Steps

After creating manifests:

  • Store in Git repository
  • Set up CI/CD pipeline for deployment
  • Consider using Helm or Kustomize for templating
  • Implement GitOps with ArgoCD or Flux
  • Add monitoring and observability

Related Skills

  • helm-chart-scaffolding - For templating and packaging
  • gitops-workflow - For automated deployments
  • k8s-security-policies - For advanced security configurations
BrowserAct

Let your agent run on any real-world website

Bypass CAPTCHA & anti-bot for free. Start local, scale to cloud.

Explore BrowserAct Skills →

Related skills

find-skills
2/3

Discover and install specialized agent skills from the open ecosystem when users need extended capabilities. Helps identify relevant skills by domain and task when users ask "how do I do X" or "find a skill for X" Integrates with the Skills CLI ( npx skills find , npx skills add ) to search, verify, and install packages from the skills.sh directory Recommends skills based on install count, source reputation, and GitHub stars to ensure quality before suggesting installation Presents skill options with install commands and links to skills.sh for user review and one-click installation

Verified authorvercel-labs
SKILLS.SH
1.5M19.6K
2026-05-22
vercel-react-best-practices
3/3

React and Next.js performance optimization guide with 64 prioritized rules across 8 categories. Organized by impact level, from critical waterfalls and bundle optimization down to advanced patterns, each rule includes incorrect/correct code examples and explanations Covers eight domains: async patterns, bundle size, server-side caching, client-side data fetching, re-render optimization, rendering performance, JavaScript efficiency, and advanced patterns Designed for use during component writing, code review, refactoring, and performance audits on React and Next.js applications Each rule has a prefix code (e.g., async-parallel , bundle-barrel-imports ) for easy reference in automated tooling and documentation

Verified authorvercel-labs
SKILLS.SH
389K26.9K
2026-05-22
azure-validate
2/3

Pre-deployment validation for Azure infrastructure, configuration, and permissions before deployment. Requires .azure/plan.md from a prior azure-prepare run; stops immediately if the plan is missing Executes recipe-specific validation commands (azd provision, bicep build, terraform validate) and records proof in the plan document Performs build verification, configuration checks, and permission validation; blocks deployment if any check fails Only authorized method to set plan status to Validated ; must be followed by azure-deploy skill to execute the actual deployment

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22
appinsights-instrumentation
3/3

Guidance and reference material for instrumenting webapps with Azure Application Insights. Covers SDK setup, telemetry patterns, and configuration for ASP.NET Core and Node.js applications hosted in Azure Distinguishes between this skill (reference and guidance) and azure-prepare (actual implementation); invoke azure-prepare when the user wants to add instrumentation to their project Provides auto-instrumentation guidance for C# ASP.NET Core apps in Azure App Service, plus manual instrumentation paths for creating App Insights resources via Bicep templates or Azure CLI Includes language-specific code modification guides for ASP.NET Core, Node.js, and Python, plus quick references for OpenTelemetry SDKs and exporters

Verified authormicrosoft
SKILLS.SH
324K1.1K
2026-05-22

Stop writing automation&scrapers

Install the CLI. Run your first Skill in 30 seconds. Scale when you're ready.

Start free
free · no credit card