AgentSkillsCN

infrastructure

基础设施

SKILL.md
--- frontmatter
name: infrastructure
type: guidance
applies_to:
  - Developer
  - Reviewer
mandatory: conditional
triggers:
  - dockerfile
  - kubernetes
  - container
  - deployment
  - health probe
references:
  - templates/dockerfile.md
  - templates/kubernetes.md
summary: Docker and Kubernetes patterns for .NET 10 services including health probes, resource limits, and graceful shutdown.

Infrastructure Skill

Defines containerization and orchestration standards for .NET services.

Roles

  • Developer: Creates and maintains Dockerfile and Kubernetes manifests
  • Reviewer: Verifies infrastructure configuration meets standards

Dockerfile Standards

See templates/dockerfile.md for complete template.

Required Structure

  1. Multi-stage build: base → build → publish → final
  2. .NET 10 base images: mcr.microsoft.com/dotnet/aspnet:10.0 and sdk:10.0
  3. Non-root user: USER app
  4. Standard ports: 8080 (HTTP), 8081 (HTTPS)
  5. Build files: Copy Directory.*.props, global.json for proper restore

Build Arguments

ArgumentPurposeRequired
BUILD_CONFIGURATIONRelease/DebugNo (default: Release)
GITHUB_PATNuGet package authenticationYes
VERSIONAssembly versionNo (default: timestamp)

Security

  • Never embed secrets in image layers
  • Use non-root user
  • Minimize image layers
  • Use specific image tags, not latest

Kubernetes Standards

See templates/kubernetes.md for complete templates.

Required Manifests

FilePurpose
base/deployment.yamlPod specification
base/service.yamlService exposure
base/kustomization.yamlKustomize configuration
overlays/{env}/Environment-specific patches

Kustomize Structure

code
tools/kubernetes/
├── base/
│   ├── kustomization.yaml
│   ├── deployment.yaml
│   └── service.yaml
└── overlays/
    ├── integration/
    ├── testing/
    ├── staging/
    └── production/

Variable Substitution

Use $(VARIABLE_NAME) syntax for Kustomize substitution:

  • $(APPLICATION_NAME) - Service name
  • $(IMAGE) - Container image with tag

Health Probes

Endpoints

ProbePathPurposeTags
Liveness/healthz/liveProcess is alivelive
Readiness/healthz/readyCan accept trafficready
Startup/healthz/startupInitialization completestartup

Probe Configuration

ProbeinitialDelayperiodtimeoutfailureThreshold
Liveness0s60s1s3
Readiness5s180s1s3
Startup0s10s1s30

Implementation

See .github/skills/dotnet-service-generator/references/health-check.md for health check patterns.

csharp
// Registration
services.AddHealthChecks()
    .AddCheck<MyServiceHealthCheck>("MyService", tags: ["ready"]);

// Endpoints
app.MapHealthChecks("/healthz/live", new HealthCheckOptions
{
    Predicate = _ => false // Always healthy if process is running
});

app.MapHealthChecks("/healthz/ready", new HealthCheckOptions
{
    Predicate = check => check.Tags.Contains("ready")
});

Resource Limits

Default Values

EnvironmentCPU RequestCPU LimitMemory RequestMemory Limit
Integration250m500m256Mi512Mi
Testing500m1000m512Mi1024Mi
Staging500m1000m512Mi1024Mi
Production500m2000m512Mi2048Mi

Ephemeral Storage

All environments:

  • Request: 1Gi
  • Limit: 2Gi

Adjustment Guidelines

  • Profile actual usage before adjusting
  • CPU limit should be 2x request for burst capacity
  • Memory limit should be 2x request for safety margin
  • Monitor OOMKilled events to detect memory pressure

Graceful Shutdown

Configuration

yaml
terminationGracePeriodSeconds: 60

Application Requirements

  1. Handle SIGTERM signal
  2. Stop accepting new requests
  3. Complete in-flight requests
  4. Close database connections
  5. Flush telemetry buffers
  6. Release distributed locks

.NET Implementation

csharp
// Program.cs
var builder = WebApplication.CreateBuilder(args);

// Configure graceful shutdown
builder.Host.ConfigureHostOptions(options =>
{
    options.ShutdownTimeout = TimeSpan.FromSeconds(30);
});

var app = builder.Build();

app.Lifetime.ApplicationStopping.Register(() =>
{
    // Cleanup logic here
});

Volumes and Secrets

Standard Mounts

PathSourcePurpose
/app/configuration/secretKubernetes SecretSensitive configuration
/app/configuration/configmapConfigMapNon-sensitive configuration

Configuration Loading

csharp
builder.Configuration
    .AddJsonFile("appsettings.json", optional: false)
    .AddJsonFile($"appsettings.{env}.json", optional: true)
    .AddJsonFile("/app/configuration/configmap/appsettings.json", optional: true)
    .AddJsonFile("/app/configuration/secret/appsettings.json", optional: true)
    .AddEnvironmentVariables();

Deployment Strategy

Default: Rolling Update

yaml
strategy:
  type: RollingUpdate
  rollingUpdate:
    maxSurge: 0%
    maxUnavailable: 100%

This configuration:

  • Terminates all old pods before creating new ones
  • Minimizes resource usage during deployment
  • Suitable for stateless services

Alternative: Zero-Downtime

yaml
strategy:
  type: RollingUpdate
  rollingUpdate:
    maxSurge: 25%
    maxUnavailable: 0%

Use when:

  • Service must maintain availability during deployment
  • Sufficient cluster resources for extra pods

Reviewer Checklist

When reviewing infrastructure changes:

  • Multi-stage Dockerfile with proper layer ordering
  • Non-root user in container
  • Health probes configured with appropriate timing
  • Resource requests and limits defined
  • Graceful shutdown period set
  • Secrets mounted from Kubernetes Secrets (not ConfigMaps)
  • Image pull secrets configured
  • Environment-specific overlays for all environments
  • No hardcoded values (use Kustomize substitution)