๐Ÿ”
12917 skills
โ† All skills
Tencent SkillHub ยท Developer Tools

Kubernetes

WHAT: Kubernetes manifest generation - Deployments, StatefulSets, CronJobs, Services, Ingresses, ConfigMaps, Secrets, and PVCs with production-grade security and health checks. WHEN: User needs to create K8s manifests, deploy containers, configure Services/Ingress, manage ConfigMaps/Secrets, set up persistent storage, or organize multi-environment configs. KEYWORDS: kubernetes, k8s, manifest, deployment, statefulset, cronjob, service, ingress, configmap, secret, pvc, pod, container, yaml, kustomize, helm, namespace, probe, security context

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

WHAT: Kubernetes manifest generation - Deployments, StatefulSets, CronJobs, Services, Ingresses, ConfigMaps, Secrets, and PVCs with production-grade security and health checks. WHEN: User needs to create K8s manifests, deploy containers, configure Services/Ingress, manage ConfigMaps/Secrets, set up persistent storage, or organize multi-environment configs. KEYWORDS: kubernetes, k8s, manifest, deployment, statefulset, cronjob, service, ingress, configmap, secret, pvc, pod, container, yaml, kustomize, helm, namespace, probe, security context

โฌ‡ 0 downloads โ˜… 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
README.md, SKILL.md, assets/configmap-template.yaml, assets/cronjob-template.yaml, assets/service-template.yaml, assets/statefulset-template.yaml

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
1.0.0

Documentation

ClawHub primary doc Primary doc: SKILL.md 23 sections Open source page

Kubernetes

Production-ready Kubernetes manifest generation covering Deployments, StatefulSets, CronJobs, Services, Ingresses, ConfigMaps, Secrets, and PVCs with security contexts, health checks, and resource management.

OpenClaw / Moltbot / Clawbot

npx clawhub@latest install kubernetes

When to Use

ScenarioExampleCreate deployment manifestsNew microservice needing Deployment + ServiceDefine networking resourcesClusterIP, LoadBalancer, Ingress with TLSManage configurationConfigMaps for app config, Secrets for credentialsStateful workloadsDatabases with StatefulSets + PVCsScheduled jobsCronJobs for batch processingMulti-environment setupKustomize overlays for dev/staging/prod

Workload Selection

Workload TypeResourceWhen to UseStateless appDeploymentWeb servers, APIs, microservicesStateful appStatefulSetDatabases, message queues, cachesOne-off taskJobMigrations, data importsScheduled taskCronJobBackups, reports, cleanupPer-node agentDaemonSetLog collectors, monitoring agents

Deployment

apiVersion: apps/v1 kind: Deployment metadata: name: my-app namespace: production labels: app.kubernetes.io/name: my-app app.kubernetes.io/version: "1.0.0" app.kubernetes.io/component: backend spec: replicas: 3 selector: matchLabels: app.kubernetes.io/name: my-app template: metadata: labels: app.kubernetes.io/name: my-app app.kubernetes.io/version: "1.0.0" spec: securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: my-app image: registry.example.com/my-app:1.0.0 ports: - containerPort: 8080 name: http resources: requests: cpu: 250m memory: 256Mi limits: cpu: 500m memory: 512Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: [ALL] livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: http initialDelaySeconds: 5 periodSeconds: 5 env: - name: LOG_LEVEL valueFrom: configMapKeyRef: name: my-app-config key: LOG_LEVEL - name: DB_PASSWORD valueFrom: secretKeyRef: name: my-app-secret key: DATABASE_PASSWORD

ClusterIP (Internal)

apiVersion: v1 kind: Service metadata: name: my-app namespace: production spec: type: ClusterIP selector: app.kubernetes.io/name: my-app ports: - name: http port: 80 targetPort: 8080 protocol: TCP

LoadBalancer (External)

apiVersion: v1 kind: Service metadata: name: my-app-lb namespace: production annotations: service.beta.kubernetes.io/aws-load-balancer-type: nlb spec: type: LoadBalancer selector: app.kubernetes.io/name: my-app ports: - name: http port: 80 targetPort: 8080

Service Type Quick Reference

TypeScopeUse CaseClusterIPCluster-internalInter-service communicationNodePortExternal via node IPDev/testing, on-premLoadBalancerExternal via cloud LBProduction external accessExternalNameDNS aliasMapping to external services

Ingress

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: my-app namespace: production annotations: cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/rate-limit: "100" spec: ingressClassName: nginx tls: - hosts: [app.example.com] secretName: app-tls rules: - host: app.example.com http: paths: - path: / pathType: Prefix backend: service: name: my-app port: number: 80

ConfigMap

apiVersion: v1 kind: ConfigMap metadata: name: my-app-config namespace: production data: LOG_LEVEL: info APP_MODE: production DATABASE_HOST: db.internal.svc.cluster.local app.properties: | server.port=8080 server.host=0.0.0.0

Secret

apiVersion: v1 kind: Secret metadata: name: my-app-secret namespace: production type: Opaque stringData: DATABASE_PASSWORD: "changeme" API_KEY: "secret-api-key" Important: Never commit plaintext Secrets to Git. Use Sealed Secrets, External Secrets Operator, or Vault for production.

Persistent Storage

apiVersion: v1 kind: PersistentVolumeClaim metadata: name: my-app-data namespace: production spec: accessModes: [ReadWriteOnce] storageClassName: gp3 resources: requests: storage: 10Gi Mount in a container: containers: - name: app volumeMounts: - name: data mountPath: /var/lib/app volumes: - name: data persistentVolumeClaim: claimName: my-app-data Access ModeAbbreviationUse CaseReadWriteOnceRWOSingle-pod databasesReadOnlyManyROXShared config/static assetsReadWriteManyRWXMulti-pod shared storage

Pod-Level

spec: securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault

Container-Level

securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: [ALL]

Security Checklist

CheckStatusrunAsNonRoot: trueRequiredallowPrivilegeEscalation: falseRequiredreadOnlyRootFilesystem: trueRecommendedcapabilities.drop: [ALL]RequiredseccompProfile: RuntimeDefaultRecommendedSpecific image tags (never :latest)RequiredResource requests and limits setRequired

Standard Labels

metadata: labels: app.kubernetes.io/name: my-app app.kubernetes.io/instance: my-app-prod app.kubernetes.io/version: "1.0.0" app.kubernetes.io/component: backend app.kubernetes.io/part-of: my-system app.kubernetes.io/managed-by: kubectl

Option 1 โ€” Separate Files

manifests/ โ”œโ”€โ”€ configmap.yaml โ”œโ”€โ”€ secret.yaml โ”œโ”€โ”€ deployment.yaml โ”œโ”€โ”€ service.yaml โ””โ”€โ”€ pvc.yaml

Option 2 โ€” Kustomize

base/ โ”œโ”€โ”€ kustomization.yaml โ”œโ”€โ”€ deployment.yaml โ”œโ”€โ”€ service.yaml โ””โ”€โ”€ configmap.yaml overlays/ โ”œโ”€โ”€ dev/ โ”‚ โ””โ”€โ”€ kustomization.yaml โ””โ”€โ”€ prod/ โ”œโ”€โ”€ kustomization.yaml โ””โ”€โ”€ resource-patch.yaml

Validation

# Client-side dry run kubectl apply -f manifest.yaml --dry-run=client # Server-side validation kubectl apply -f manifest.yaml --dry-run=server # Lint with kube-score kube-score score manifest.yaml # Lint with kube-linter kube-linter lint manifest.yaml

Troubleshooting Quick Reference

ProblemDiagnosisFixPod stuck Pendingkubectl describe pod โ€” check eventsFix resource requests, node capacity, PVC bindingImagePullBackOffWrong image name/tag or missing pull secretVerify image exists, add imagePullSecretsCrashLoopBackOffApp crashes on startCheck logs: kubectl logs <pod> --previousService not reachableSelector mismatchVerify kubectl get endpoints <svc> is non-emptyConfigMap not loadingName mismatch or wrong namespaceCheck names match and namespace is correctReadiness probe failingWrong path or portVerify health endpoint works inside containerOOMKilledMemory limit too lowIncrease resources.limits.memory

NEVER Do

Anti-PatternWhyDo InsteadUse :latest image tagNon-reproducible deploymentsPin exact version: image:1.2.3Skip resource limitsPods can starve the nodeAlways set requests and limitsRun as rootContainer escape = full host accessSet runAsNonRoot: true + USERCommit plaintext SecretsCredentials in Git history foreverUse Sealed Secrets / External Secrets / VaultSkip health checksK8s can't detect unhealthy podsAlways configure liveness + readiness probesOmit labelsCannot filter, select, or organizeUse standard app.kubernetes.io/* labelsSingle replica for productionZero availability during updatesUse replicas: 3 minimum for HAHardcode config in containersRequires rebuild for config changesUse ConfigMaps and Secrets

Assets (Templates)

TemplateDescriptionassets/deployment-template.yamlProduction Deployment with security + probesassets/service-template.yamlClusterIP, LoadBalancer, NodePort examplesassets/configmap-template.yamlConfigMap with data typesassets/statefulset-template.yamlStatefulSet with headless Service + PVCassets/cronjob-template.yamlCronJob with concurrency + historyassets/ingress-template.yamlIngress with TLS, rate limiting, CORS

References

ReferenceDescriptionreferences/deployment-spec.mdDetailed Deployment specificationreferences/service-spec.mdService types and networking details

Category context

Code helpers, APIs, CLIs, browser automation, testing, and developer operations.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
4 Config2 Docs
  • SKILL.md Primary doc
  • README.md Docs
  • assets/configmap-template.yaml Config
  • assets/cronjob-template.yaml Config
  • assets/service-template.yaml Config
  • assets/statefulset-template.yaml Config

Related skills

readyClaw Free
Featured

API Architect

Design contracts before code

Designs contracts before implementation and treats REST, GraphQL, and gRPC as tools rather than dogma.

Developer Tools agent claude
souls.zip $149
Featured

The Dev Team

A four-agent engineering squad for shipping products

Four-agent engineering team spanning CTO, frontend, backend, and design roles, built to mirror the stack behind souls.zip.

Developer Tools team openclaw
readyClaw Free
Featured

Web Platform Engineer

Build for the open web with strong fundamentals

A web engineering agent grounded in HTML semantics, CSS layout systems, and browser-native resilience.

Developer Tools agent claude