← 返回 Skills 市场
ivangdavila

Kubernetes

作者 Iván · GitHub ↗ · v1.0.0
linuxdarwinwin32 ✓ 安全检测通过
2441
总下载
4
收藏
11
当前安装
1
版本数
在 OpenClaw 中安装
/install k8s
功能描述
Avoid common Kubernetes mistakes — resource limits, probe configuration, selector mismatches, and RBAC pitfalls.
使用说明 (SKILL.md)

Resource Management

  • requests = guaranteed minimum — scheduler uses this for placement
  • limits = maximum allowed — exceeding memory = OOMKilled, CPU = throttled
  • No limits = can consume entire node — always set production limits
  • requests without limits = burstable — can use more if available

Probes

  • readinessProbe controls traffic — fails = removed from Service endpoints
  • livenessProbe restarts container — fails = container killed and restarted
  • startupProbe for slow starts — disables liveness/readiness until success
  • Don't use same endpoint for liveness and readiness — liveness should be minimal health check

Probe Pitfalls

  • Liveness probe checking dependencies — if DB down, all pods restart indefinitely
  • initialDelaySeconds too short — pod killed before app starts
  • timeoutSeconds too short — slow response = restart loop
  • HTTP probe to HTTPS endpoint — needs scheme: HTTPS

Labels and Selectors

  • Service selector must match Pod labels exactly — typo = no endpoints
  • Deployment selector is immutable — can't change after creation
  • Use consistent labeling scheme — app, version, environment
  • matchExpressions for complex selection — In, NotIn, Exists

ConfigMaps and Secrets

  • ConfigMap changes don't restart pods — mount as volume for auto-update, or restart manually
  • Secrets are base64 encoded, not encrypted — use external secrets manager for sensitive data
  • envFrom imports all keys — env.valueFrom for specific keys
  • Volume mount makes files — subPath for single file without replacing directory

Networking

  • ClusterIP internal only — default, only accessible within cluster
  • NodePort exposes on node IP — 30000-32767 range, not for production
  • LoadBalancer provisions cloud LB — works only in supported environments
  • Ingress needs Ingress Controller — nginx-ingress, traefik, etc. installed separately

Persistent Storage

  • PVC binds to PV — must match capacity and access modes
  • storageClassName must match — or use "" for no dynamic provisioning
  • ReadWriteOnce = single node — ReadWriteMany needed for multi-pod
  • Pod deletion doesn't delete PVC — persistentVolumeReclaimPolicy controls PV fate

Common Mistakes

  • kubectl apply vs create — apply for declarative (can update), create for imperative (fails if exists)
  • Forgetting namespace — -n namespace or set context default
  • Image tag latest in production — no version pinning, unpredictable updates
  • Not setting imagePullPolicyAlways for latest tag, IfNotPresent for versioned
  • Service port vs targetPort — port is Service's, targetPort is container's

Debugging

  • kubectl describe pod for events — shows scheduling failures, probe failures
  • kubectl logs -f pod for logs — -p for previous container (after crash)
  • kubectl exec -it pod -- sh for shell — debug inside container
  • kubectl get events --sort-by=.lastTimestamp — cluster-wide events timeline

RBAC

  • ServiceAccount per workload — not default, for least privilege
  • Role is namespaced — ClusterRole is cluster-wide
  • RoleBinding binds Role to user/SA — ClusterRoleBinding for cluster-wide
  • Check permissions: kubectl auth can-i verb resource --as=system:serviceaccount:ns:sa
安全使用建议
This skill is essentially documentation and example kubectl commands — it doesn't install code. If you install it, be aware that an agent executing its advice will run kubectl against whatever kubeconfig or cluster context is available on the host. Only enable or allow the agent to use kubectl in environments where you trust the agent and its permissions. Prefer using a non-admin kubeconfig or a dedicated least-privilege service account and test in a non-production cluster first. If you want explicit guarantees, ask the skill author to declare any config paths (e.g., ~/.kube/config) or required credentials and to add usage limits for sensitive operations.
功能分析
Type: OpenClaw Skill Name: k8s Version: 1.0.0 The skill bundle contains standard metadata and a markdown file (`SKILL.md`) providing informational content about Kubernetes best practices and common pitfalls. It lists `kubectl` as a required binary, which is expected for a Kubernetes-related skill. There are no instructions for the AI agent to perform malicious actions, exfiltrate data, establish persistence, or engage in prompt injection to subvert its operation. The content is purely educational and aligns with its stated purpose.
能力评估
Purpose & Capability
Name/description and the SKILL.md content align: guidance about resource limits, probes, networking, storage, RBAC, and kubectl debugging commands. Requesting the kubectl binary is appropriate for a Kubernetes helper.
Instruction Scope
SKILL.md contains only educational guidance and example kubectl commands (describe, logs, exec, get events, auth can-i). It does not instruct the agent to read unrelated files or to transmit data to external endpoints. Note: following its kubectl examples will cause the agent to interact with whatever kubeconfig/cluster context is available on the host — this is expected for the skill's purpose.
Install Mechanism
No install spec and no code files — the lowest-risk pattern. Nothing is downloaded or written to disk by the skill itself.
Credentials
The skill declares no environment variables or config paths, which is reasonable. However, because it requires kubectl, runtime use will implicitly rely on the user's kubeconfig (or cluster in-cluster credentials). That implicit access to cluster credentials is proportional to the stated purpose but is worth being aware of.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or modify other skills. Autonomous invocation is allowed by default but not exceptional here.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install k8s
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /k8s 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug k8s
版本 1.0.0
许可证
累计安装 11
当前安装数 11
历史版本数 1
常见问题

Kubernetes 是什么?

Avoid common Kubernetes mistakes — resource limits, probe configuration, selector mismatches, and RBAC pitfalls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2441 次。

如何安装 Kubernetes?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install k8s」即可一键安装,无需额外配置。

Kubernetes 是免费的吗?

是的,Kubernetes 完全免费(开源免费),可自由下载、安装和使用。

Kubernetes 支持哪些平台?

Kubernetes 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(linux, darwin, win32)。

谁开发了 Kubernetes?

由 Iván(@ivangdavila)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论