$ loading_
帮助用户掌握 Kubernetes 生产部署模式、权限配置与排障方法。
复制安装指令,让 AI 自动完成配置 · 推荐新手
请帮我安装 askskill 上的 "kubernetes-patterns" 技能: 1. 下载 https://raw.githubusercontent.com/affaan-m/ECC/main/skills/kubernetes-patterns/SKILL.md 2. 保存为 ~/.claude/skills/kubernetes-patterns/SKILL.md 3. 装好后重载技能,告诉我可以用了
请为一个 Node.js Web 服务设计一套 Kubernetes 部署方案,包含 Deployment、Service、ConfigMap、Secret、liveness/readiness probes、资源 requests/limits,并说明每项配置的作用。
输出一套可参考的 Kubernetes YAML 清单,并附带关键配置项的用途说明。
我需要给 CI/CD 机器人账号最小权限访问指定命名空间中的 Deployment 和 Pod,请生成 Kubernetes RBAC 配置,并解释为什么这样设计更安全。
输出 ServiceAccount、Role、RoleBinding 配置,并说明最小权限设计原则。
一个 Kubernetes Pod 持续 CrashLoopBackOff,请给我一套基于 kubectl 的排查步骤,涵盖日志、事件、探针、资源限制和配置错误的检查顺序。
输出结构化排障流程与常用 kubectl 命令,帮助快速定位重启原因。
Production-grade Kubernetes patterns for deploying, managing, and debugging workloads reliably.
Same as When to Activate above. This alias satisfies repo skill-format conventions. Use this skill any time you are writing, reviewing, or debugging Kubernetes YAML and workloads.
This skill provides copy-pasteable, production-grade YAML patterns and kubectl debugging commands organized by task:
Deployment with security context, rolling update strategy, all three probe types, resource limits, and environment injection from ConfigMap/Secret.failureThreshold × periodSeconds math.envFrom, file-mount, and external secrets guidance.restartPolicy.See the sections below for complete, runnable examples. Quick references:
| Task | Jump to |
|---|---|
| Full production Deployment YAML | Core Workload Patterns |
| Probe configuration | Probes |
| RBAC least-privilege setup | RBAC |
| Debug a CrashLoopBackOff | kubectl Debugging Cheatsheet |
| Autoscaling | HPA |
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
namespace: my-namespace
labels:
app: my-app
version: "1.0.0"
spec:
replicas: 3
selector:
matchLabels:
app: my-app
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1 # Allow 1 extra pod during update
maxUnavailable: 0 # Never reduce below desired count
template:
metadata:
labels:
app: my-app
version: "1.0.0"
spec:
# Security context at pod level
securityContext:
runAsNonRoot: true
runAsUser: 1001
fsGroup: 1001
# Graceful shutdown
terminationGracePeriodSeconds: 30
containers:
- name: my-app
image: ghcr.io/org/my-app:1.0.0 # Never use :latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
protocol: TCP
# Resource requests AND limits are both required
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "256Mi"
# Container security context
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
# Probes (see Probes section below)
…
通过双评审智能体对结果进行对抗式校验,提升输出发布前的可靠性
将 Kubernetes 微服务 API 自动暴露为 MCP 服务,简化集成与运维。