{ "schemaVersion": "1.0", "item": { "slug": "k8s", "name": "Kubernetes", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/ivangdavila/k8s", "canonicalUrl": "https://clawhub.ai/ivangdavila/k8s", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/k8s", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=k8s", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/k8s" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/k8s", "agentPageUrl": "https://openagent3.xyz/skills/k8s/agent", "manifestUrl": "https://openagent3.xyz/skills/k8s/agent.json", "briefUrl": "https://openagent3.xyz/skills/k8s/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Resource Management", "body": "requests = guaranteed minimum — scheduler uses this for placement\nlimits = maximum allowed — exceeding memory = OOMKilled, CPU = throttled\nNo limits = can consume entire node — always set production limits\nrequests without limits = burstable — can use more if available" }, { "title": "Probes", "body": "readinessProbe controls traffic — fails = removed from Service endpoints\nlivenessProbe restarts container — fails = container killed and restarted\nstartupProbe for slow starts — disables liveness/readiness until success\nDon't use same endpoint for liveness and readiness — liveness should be minimal health check" }, { "title": "Probe Pitfalls", "body": "Liveness probe checking dependencies — if DB down, all pods restart indefinitely\ninitialDelaySeconds too short — pod killed before app starts\ntimeoutSeconds too short — slow response = restart loop\nHTTP probe to HTTPS endpoint — needs scheme: HTTPS" }, { "title": "Labels and Selectors", "body": "Service selector must match Pod labels exactly — typo = no endpoints\nDeployment selector is immutable — can't change after creation\nUse consistent labeling scheme — app, version, environment\nmatchExpressions for complex selection — In, NotIn, Exists" }, { "title": "ConfigMaps and Secrets", "body": "ConfigMap changes don't restart pods — mount as volume for auto-update, or restart manually\nSecrets are base64 encoded, not encrypted — use external secrets manager for sensitive data\nenvFrom imports all keys — env.valueFrom for specific keys\nVolume mount makes files — subPath for single file without replacing directory" }, { "title": "Networking", "body": "ClusterIP internal only — default, only accessible within cluster\nNodePort exposes on node IP — 30000-32767 range, not for production\nLoadBalancer provisions cloud LB — works only in supported environments\nIngress needs Ingress Controller — nginx-ingress, traefik, etc. installed separately" }, { "title": "Persistent Storage", "body": "PVC binds to PV — must match capacity and access modes\nstorageClassName must match — or use \"\" for no dynamic provisioning\nReadWriteOnce = single node — ReadWriteMany needed for multi-pod\nPod deletion doesn't delete PVC — persistentVolumeReclaimPolicy controls PV fate" }, { "title": "Common Mistakes", "body": "kubectl apply vs create — apply for declarative (can update), create for imperative (fails if exists)\nForgetting namespace — -n namespace or set context default\nImage tag latest in production — no version pinning, unpredictable updates\nNot setting imagePullPolicy — Always for latest tag, IfNotPresent for versioned\nService port vs targetPort — port is Service's, targetPort is container's" }, { "title": "Debugging", "body": "kubectl describe pod for events — shows scheduling failures, probe failures\nkubectl logs -f pod for logs — -p for previous container (after crash)\nkubectl exec -it pod -- sh for shell — debug inside container\nkubectl get events --sort-by=.lastTimestamp — cluster-wide events timeline" }, { "title": "RBAC", "body": "ServiceAccount per workload — not default, for least privilege\nRole is namespaced — ClusterRole is cluster-wide\nRoleBinding binds Role to user/SA — ClusterRoleBinding for cluster-wide\nCheck permissions: kubectl auth can-i verb resource --as=system:serviceaccount:ns:sa" } ], "body": "Resource Management\nrequests = guaranteed minimum — scheduler uses this for placement\nlimits = maximum allowed — exceeding memory = OOMKilled, CPU = throttled\nNo limits = can consume entire node — always set production limits\nrequests without limits = burstable — can use more if available\nProbes\nreadinessProbe controls traffic — fails = removed from Service endpoints\nlivenessProbe restarts container — fails = container killed and restarted\nstartupProbe for slow starts — disables liveness/readiness until success\nDon't use same endpoint for liveness and readiness — liveness should be minimal health check\nProbe Pitfalls\nLiveness probe checking dependencies — if DB down, all pods restart indefinitely\ninitialDelaySeconds too short — pod killed before app starts\ntimeoutSeconds too short — slow response = restart loop\nHTTP probe to HTTPS endpoint — needs scheme: HTTPS\nLabels and Selectors\nService selector must match Pod labels exactly — typo = no endpoints\nDeployment selector is immutable — can't change after creation\nUse consistent labeling scheme — app, version, environment\nmatchExpressions for complex selection — In, NotIn, Exists\nConfigMaps and Secrets\nConfigMap changes don't restart pods — mount as volume for auto-update, or restart manually\nSecrets are base64 encoded, not encrypted — use external secrets manager for sensitive data\nenvFrom imports all keys — env.valueFrom for specific keys\nVolume mount makes files — subPath for single file without replacing directory\nNetworking\nClusterIP internal only — default, only accessible within cluster\nNodePort exposes on node IP — 30000-32767 range, not for production\nLoadBalancer provisions cloud LB — works only in supported environments\nIngress needs Ingress Controller — nginx-ingress, traefik, etc. installed separately\nPersistent Storage\nPVC binds to PV — must match capacity and access modes\nstorageClassName must match — or use \"\" for no dynamic provisioning\nReadWriteOnce = single node — ReadWriteMany needed for multi-pod\nPod deletion doesn't delete PVC — persistentVolumeReclaimPolicy controls PV fate\nCommon Mistakes\nkubectl apply vs create — apply for declarative (can update), create for imperative (fails if exists)\nForgetting namespace — -n namespace or set context default\nImage tag latest in production — no version pinning, unpredictable updates\nNot setting imagePullPolicy — Always for latest tag, IfNotPresent for versioned\nService port vs targetPort — port is Service's, targetPort is container's\nDebugging\nkubectl describe pod for events — shows scheduling failures, probe failures\nkubectl logs -f pod for logs — -p for previous container (after crash)\nkubectl exec -it pod -- sh for shell — debug inside container\nkubectl get events --sort-by=.lastTimestamp — cluster-wide events timeline\nRBAC\nServiceAccount per workload — not default, for least privilege\nRole is namespaced — ClusterRole is cluster-wide\nRoleBinding binds Role to user/SA — ClusterRoleBinding for cluster-wide\nCheck permissions: kubectl auth can-i verb resource --as=system:serviceaccount:ns:sa" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ivangdavila/k8s", "publisherUrl": "https://clawhub.ai/ivangdavila/k8s", "owner": "ivangdavila", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/k8s", "downloadUrl": "https://openagent3.xyz/downloads/k8s", "agentUrl": "https://openagent3.xyz/skills/k8s/agent", "manifestUrl": "https://openagent3.xyz/skills/k8s/agent.json", "briefUrl": "https://openagent3.xyz/skills/k8s/agent.md" } }