# Send Kubernetes to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "k8s",
    "name": "Kubernetes",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/ivangdavila/k8s",
    "canonicalUrl": "https://clawhub.ai/ivangdavila/k8s",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/k8s",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=k8s",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-30T16:55:25.780Z",
      "expiresAt": "2026-05-07T16:55:25.780Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network",
        "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"",
        "redirectLocation": null,
        "bodySnippet": null
      },
      "scope": "source",
      "summary": "Source download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this source.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/k8s"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/k8s",
    "downloadUrl": "https://openagent3.xyz/downloads/k8s",
    "agentUrl": "https://openagent3.xyz/skills/k8s/agent",
    "manifestUrl": "https://openagent3.xyz/skills/k8s/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/k8s/agent.md"
  }
}
```
## Documentation

### Resource Management

requests = guaranteed minimum — scheduler uses this for placement
limits = maximum allowed — exceeding memory = OOMKilled, CPU = throttled
No limits = can consume entire node — always set production limits
requests without limits = burstable — can use more if available

### Probes

readinessProbe controls traffic — fails = removed from Service endpoints
livenessProbe restarts container — fails = container killed and restarted
startupProbe for slow starts — disables liveness/readiness until success
Don't use same endpoint for liveness and readiness — liveness should be minimal health check

### Probe Pitfalls

Liveness probe checking dependencies — if DB down, all pods restart indefinitely
initialDelaySeconds too short — pod killed before app starts
timeoutSeconds too short — slow response = restart loop
HTTP probe to HTTPS endpoint — needs scheme: HTTPS

### Labels and Selectors

Service selector must match Pod labels exactly — typo = no endpoints
Deployment selector is immutable — can't change after creation
Use consistent labeling scheme — app, version, environment
matchExpressions for complex selection — In, NotIn, Exists

### ConfigMaps and Secrets

ConfigMap changes don't restart pods — mount as volume for auto-update, or restart manually
Secrets are base64 encoded, not encrypted — use external secrets manager for sensitive data
envFrom imports all keys — env.valueFrom for specific keys
Volume mount makes files — subPath for single file without replacing directory

### Networking

ClusterIP internal only — default, only accessible within cluster
NodePort exposes on node IP — 30000-32767 range, not for production
LoadBalancer provisions cloud LB — works only in supported environments
Ingress needs Ingress Controller — nginx-ingress, traefik, etc. installed separately

### Persistent Storage

PVC binds to PV — must match capacity and access modes
storageClassName must match — or use "" for no dynamic provisioning
ReadWriteOnce = single node — ReadWriteMany needed for multi-pod
Pod deletion doesn't delete PVC — persistentVolumeReclaimPolicy controls PV fate

### Common Mistakes

kubectl apply vs create — apply for declarative (can update), create for imperative (fails if exists)
Forgetting namespace — -n namespace or set context default
Image tag latest in production — no version pinning, unpredictable updates
Not setting imagePullPolicy — Always for latest tag, IfNotPresent for versioned
Service port vs targetPort — port is Service's, targetPort is container's

### Debugging

kubectl describe pod for events — shows scheduling failures, probe failures
kubectl logs -f pod for logs — -p for previous container (after crash)
kubectl exec -it pod -- sh for shell — debug inside container
kubectl get events --sort-by=.lastTimestamp — cluster-wide events timeline

### RBAC

ServiceAccount per workload — not default, for least privilege
Role is namespaced — ClusterRole is cluster-wide
RoleBinding binds Role to user/SA — ClusterRoleBinding for cluster-wide
Check permissions: kubectl auth can-i verb resource --as=system:serviceaccount:ns:sa
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: ivangdavila
- Version: 1.0.0
## Source health
- Status: healthy
- Source download looks usable.
- Yavira can redirect you to the upstream package for this source.
- Health scope: source
- Reason: direct_download_ok
- Checked at: 2026-04-30T16:55:25.780Z
- Expires at: 2026-05-07T16:55:25.780Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/k8s)
- [Send to Agent page](https://openagent3.xyz/skills/k8s/agent)
- [JSON manifest](https://openagent3.xyz/skills/k8s/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/k8s/agent.md)
- [Download page](https://openagent3.xyz/downloads/k8s)