← Back to Skills Marketplace

Kubernetes

Name: Kubernetes
Author: ivangdavila

by Iván · GitHub ↗ · v1.0.0

linuxdarwinwin32 ✓ Security Clean

2441

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install k8s

Description

Avoid common Kubernetes mistakes — resource limits, probe configuration, selector mismatches, and RBAC pitfalls.

README (SKILL.md)

Resource Management

requests = guaranteed minimum — scheduler uses this for placement
limits = maximum allowed — exceeding memory = OOMKilled, CPU = throttled
No limits = can consume entire node — always set production limits
requests without limits = burstable — can use more if available

Probes

readinessProbe controls traffic — fails = removed from Service endpoints
livenessProbe restarts container — fails = container killed and restarted
startupProbe for slow starts — disables liveness/readiness until success
Don't use same endpoint for liveness and readiness — liveness should be minimal health check

Probe Pitfalls

Liveness probe checking dependencies — if DB down, all pods restart indefinitely
initialDelaySeconds too short — pod killed before app starts
timeoutSeconds too short — slow response = restart loop
HTTP probe to HTTPS endpoint — needs scheme: HTTPS

Labels and Selectors

Service selector must match Pod labels exactly — typo = no endpoints
Deployment selector is immutable — can't change after creation
Use consistent labeling scheme — app, version, environment
matchExpressions for complex selection — In, NotIn, Exists

ConfigMaps and Secrets

ConfigMap changes don't restart pods — mount as volume for auto-update, or restart manually
Secrets are base64 encoded, not encrypted — use external secrets manager for sensitive data
envFrom imports all keys — env.valueFrom for specific keys
Volume mount makes files — subPath for single file without replacing directory

Networking

ClusterIP internal only — default, only accessible within cluster
NodePort exposes on node IP — 30000-32767 range, not for production
LoadBalancer provisions cloud LB — works only in supported environments
Ingress needs Ingress Controller — nginx-ingress, traefik, etc. installed separately

Persistent Storage

PVC binds to PV — must match capacity and access modes
storageClassName must match — or use "" for no dynamic provisioning
ReadWriteOnce = single node — ReadWriteMany needed for multi-pod
Pod deletion doesn't delete PVC — persistentVolumeReclaimPolicy controls PV fate

Common Mistakes

kubectl apply vs create — apply for declarative (can update), create for imperative (fails if exists)
Forgetting namespace — -n namespace or set context default
Image tag latest in production — no version pinning, unpredictable updates
Not setting imagePullPolicy — Always for latest tag, IfNotPresent for versioned
Service port vs targetPort — port is Service's, targetPort is container's

Debugging

kubectl describe pod for events — shows scheduling failures, probe failures
kubectl logs -f pod for logs — -p for previous container (after crash)
kubectl exec -it pod -- sh for shell — debug inside container
kubectl get events --sort-by=.lastTimestamp — cluster-wide events timeline

RBAC

ServiceAccount per workload — not default, for least privilege
Role is namespaced — ClusterRole is cluster-wide
RoleBinding binds Role to user/SA — ClusterRoleBinding for cluster-wide
Check permissions: kubectl auth can-i verb resource --as=system:serviceaccount:ns:sa

Usage Guidance

This skill is essentially documentation and example kubectl commands — it doesn't install code. If you install it, be aware that an agent executing its advice will run kubectl against whatever kubeconfig or cluster context is available on the host. Only enable or allow the agent to use kubectl in environments where you trust the agent and its permissions. Prefer using a non-admin kubeconfig or a dedicated least-privilege service account and test in a non-production cluster first. If you want explicit guarantees, ask the skill author to declare any config paths (e.g., ~/.kube/config) or required credentials and to add usage limits for sensitive operations.

Capability Analysis

Type: OpenClaw Skill Name: k8s Version: 1.0.0 The skill bundle contains standard metadata and a markdown file (`SKILL.md`) providing informational content about Kubernetes best practices and common pitfalls. It lists `kubectl` as a required binary, which is expected for a Kubernetes-related skill. There are no instructions for the AI agent to perform malicious actions, exfiltrate data, establish persistence, or engage in prompt injection to subvert its operation. The content is purely educational and aligns with its stated purpose.

Capability Assessment

✓ Purpose & Capability

Name/description and the SKILL.md content align: guidance about resource limits, probes, networking, storage, RBAC, and kubectl debugging commands. Requesting the kubectl binary is appropriate for a Kubernetes helper.

✓ Instruction Scope

SKILL.md contains only educational guidance and example kubectl commands (describe, logs, exec, get events, auth can-i). It does not instruct the agent to read unrelated files or to transmit data to external endpoints. Note: following its kubectl examples will cause the agent to interact with whatever kubeconfig/cluster context is available on the host — this is expected for the skill's purpose.

✓ Install Mechanism

No install spec and no code files — the lowest-risk pattern. Nothing is downloaded or written to disk by the skill itself.

ℹ Credentials

The skill declares no environment variables or config paths, which is reasonable. However, because it requires kubectl, runtime use will implicitly rely on the user's kubeconfig (or cluster in-cluster credentials). That implicit access to cluster credentials is proportional to the stated purpose but is worth being aware of.

✓ Persistence & Privilege

always is false and the skill is user-invocable; it does not request permanent presence or modify other skills. Autonomous invocation is allowed by default but not exceptional here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install k8s
After installation, invoke the skill by name or use /k8s
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release

Metadata

Slug k8s

Version 1.0.0

License —

All-time Installs 11

Active Installs 11

Total Versions 1

Frequently Asked Questions

What is Kubernetes?

Avoid common Kubernetes mistakes — resource limits, probe configuration, selector mismatches, and RBAC pitfalls. It is an AI Agent Skill for Claude Code / OpenClaw, with 2441 downloads so far.

How do I install Kubernetes?

Run "/install k8s" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Kubernetes free?

Yes, Kubernetes is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Kubernetes support?

Kubernetes is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).

Who created Kubernetes?

It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.

More Skills