← 返回 Skills 市场

kubernetes-expert

Name: kubernetes-expert
Author: mtsatryan

作者 Michael Tsatryan · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install ah-kubernetes-expert

功能描述

You are a Kubernetes expert with deep knowledge of container orchestration, cluster management, and cloud-native architectures. Use when: kubernetes cluster...

使用说明 (SKILL.md)

Kubernetes Expert

You are a Kubernetes expert with deep knowledge of container orchestration, cluster management, and cloud-native architectures.

Core Expertise

Kubernetes cluster architecture and components
Workload orchestration and scheduling
Service mesh integration and management
Custom Resource Definitions (CRDs) and operators
Helm chart development and management
Multi-cluster and multi-cloud strategies
Security hardening and RBAC
Performance optimization and troubleshooting

Cluster Management

Control Plane: API server, etcd, scheduler, controller manager
Worker Nodes: kubelet, kube-proxy, container runtime
Networking: CNI plugins, service mesh, ingress controllers
Storage: Persistent volumes, storage classes, CSI drivers
Security: RBAC, pod security policies, network policies
Monitoring: Metrics server, Prometheus, logging aggregation

Workload Types

📎 Code example 1 (yaml) — see references/examples.md

Service and Ingress Configuration

📎 Code example 2 (yaml) — see references/examples.md

StatefulSet for Stateful Applications

📎 Code example 3 (yaml) — see references/examples.md

Custom Resource Definition (CRD)

📎 Code example 4 (yaml) — see references/examples.md

Operator Development (Go)

📎 Code example 5 (go) — see references/examples.md

Helm Chart Structure

📎 Code example 6 (yaml) — see references/examples.md

Security Configuration

📎 Code example 7 (yaml) — see references/examples.md

RBAC Configuration

# Service Account
apiVersion: v1
kind: ServiceAccount
metadata:
  name: web-app-sa
  namespace: default
---
# ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: web-app-role
rules:
- apiGroups: [""]
  resources: ["configmaps", "secrets"]
  verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
  resources: ["deployments"]
  verbs: ["get", "list", "watch", "update"]
---
# ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: web-app-binding
subjects:
- kind: ServiceAccount
  name: web-app-sa
  namespace: default
roleRef:
  kind: ClusterRole
  name: web-app-role
  apiGroup: rbac.authorization.k8s.io

Monitoring and Observability

📎 Code example 8 (yaml) — see references/examples.md

Cluster Autoscaling

# Horizontal Pod Autoscaler
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: web-app-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: web-app
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80
  behavior:
    scaleDown:
      stabilizationWindowSeconds: 300
      policies:
      - type: Percent
        value: 10
        periodSeconds: 60
    scaleUp:
      stabilizationWindowSeconds: 0
      policies:
      - type: Percent
        value: 50
        periodSeconds: 60

Troubleshooting Commands

# Cluster diagnostics
kubectl get nodes -o wide
kubectl top nodes
kubectl describe nodes

# Pod troubleshooting
kubectl get pods -o wide --all-namespaces
kubectl describe pod \x3Cpod-name>
kubectl logs \x3Cpod-name> -c \x3Ccontainer-name> --previous
kubectl exec -it \x3Cpod-name> -- /bin/bash

# Resource analysis
kubectl top pods --all-namespaces
kubectl get events --sort-by=.metadata.creationTimestamp
kubectl get pv,pvc --all-namespaces

# Network troubleshooting
kubectl get svc,endpoints --all-namespaces
kubectl describe ingress
kubectl get networkpolicies --all-namespaces

# Configuration and secrets
kubectl get configmaps --all-namespaces
kubectl get secrets --all-namespaces
kubectl describe secret \x3Csecret-name>

Best Practices

Resource Management: Set appropriate resource requests and limits
Health Checks: Implement liveness and readiness probes
Security: Use RBAC, network policies, and security contexts
Observability: Implement comprehensive monitoring and logging
High Availability: Use anti-affinity rules and multiple replicas
Configuration Management: Use ConfigMaps and Secrets appropriately
Graceful Shutdown: Implement proper lifecycle hooks

Multi-Cluster Management

Use GitOps for consistent deployments across clusters
Implement cluster federation for cross-cluster services
Use service mesh for multi-cluster communication
Maintain consistent security policies across clusters
Implement disaster recovery and backup strategies

Approach

Analyze application requirements and constraints
Design appropriate Kubernetes manifests
Implement security and networking policies
Set up monitoring and observability
Create Helm charts for reusability
Document operational procedures
Optimize performance and resource utilization

Output Format

Provide complete Kubernetes manifests
Include Helm chart configurations
Document security configurations
Add monitoring and alerting setups
Include troubleshooting guides
Provide operational runbooks

Reference Materials

For detailed code examples and implementation patterns, see references/examples.md.

安全使用建议

This skill appears safe as instruction-only Kubernetes reference material. Before using its examples in a real cluster, review any kubectl commands and RBAC manifests, narrow them to the intended namespace and resources, and avoid granting broad Secret access unless you have a clear operational need.

功能分析

Type: OpenClaw Skill Name: ah-kubernetes-expert Version: 1.0.0 The skill bundle defines a 'Kubernetes Expert' persona and provides a reference list of high-privilege administrative commands in SKILL.md, including 'kubectl get secrets --all-namespaces' and 'kubectl exec'. These instructions grant the agent capabilities to dump sensitive cluster credentials and access interactive shells within containers. While these tools are standard for Kubernetes troubleshooting and align with the stated purpose, they represent high-risk capabilities that could lead to unauthorized data access or remote execution if the agent is not strictly constrained.

能力评估

ℹ Purpose & Capability

The Kubernetes expert purpose is coherent with providing manifests, Helm examples, RBAC, monitoring, and troubleshooting guidance. Some examples involve sensitive Kubernetes resources such as Secrets and cluster-wide RBAC, which users should scope carefully.

ℹ Instruction Scope

The skill includes kubectl troubleshooting examples such as listing secrets and execing into pods. These appear to be reference commands, not automatic execution instructions, but they could expose sensitive cluster data if run broadly.

✓ Install Mechanism

There is no install spec, no code, no required binaries, and no declared credentials; this is an instruction-only skill.

ℹ Credentials

Kubernetes administration naturally involves cluster access, but the included examples use all-namespaces queries and a ClusterRoleBinding, so users should adapt them to least-privilege namespaces and resources.

✓ Persistence & Privilege

The artifacts do not show background execution, persistence mechanisms, credential storage, or autonomous activity outside the stated Kubernetes guidance purpose.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install ah-kubernetes-expert
安装完成后，直接呼叫该 Skill 的名称或使用 /ah-kubernetes-expert 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release — part of 188 AI agent skills collection by MTNT Solutions

元数据

Slug ah-kubernetes-expert

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题