AgentSkillsCN

kubernetes-yaml-best-practices

遵循最佳实践,生成适用于生产环境的Kubernetes YAML资源清单。在创建或审查:Deployment、Service、ConfigMap、Secrets、Ingress、PersistentVolumeClaim,或任何K8s资源的YAML文件时使用。触发指令包括:“Kubernetes资源清单”“Deployment YAML”“Service YAML”“编写K8s资源”“创建Kubernetes”“K8s YAML”“Pod规范”“容器规范”。不适用于Helm图表、Kustomize叠加层,或kubectl命令。

SKILL.md
--- frontmatter
name: kubernetes-yaml-best-practices
description: |
  Generate production-ready Kubernetes YAML manifests following best practices. Use when creating or reviewing: Deployments, Services, ConfigMaps, Secrets, Ingress, PersistentVolumeClaims, or any k8s resource YAML. Triggers: "kubernetes manifest", "deployment yaml", "service yaml", "write k8s resource", "create kubernetes", "k8s yaml", "pod spec", "container spec". NOT for Helm charts, Kustomize overlays, or kubectl commands.

Kubernetes YAML Best Practices

Generate valid, production-ready Kubernetes manifests.

API Versions

Use stable APIs:

  • v1: Pod, Service, ConfigMap, Secret, PersistentVolumeClaim, Namespace
  • apps/v1: Deployment, StatefulSet, DaemonSet, ReplicaSet
  • networking.k8s.io/v1: Ingress, NetworkPolicy
  • batch/v1: Job, CronJob

Required Labels

Always include standard labels:

yaml
metadata:
  labels:
    app.kubernetes.io/name: <app-name>
    app.kubernetes.io/instance: <instance-id>
    app.kubernetes.io/component: <component>  # frontend, backend, database

Deployment Pattern (Prefer Over Pod)

yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: <app>-deployment
  labels:
    app.kubernetes.io/name: <app>
spec:
  replicas: 2
  selector:
    matchLabels:
      app.kubernetes.io/name: <app>
  template:
    metadata:
      labels:
        app.kubernetes.io/name: <app>
    spec:
      containers:
        - name: <app>
          image: <image>:<tag>  # Always specify tag, never :latest in prod
          ports:
            - containerPort: 8080
          resources:
            requests:
              memory: "128Mi"
              cpu: "100m"
            limits:
              memory: "256Mi"
              cpu: "500m"
          readinessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /healthz
              port: 8080
            initialDelaySeconds: 15
            periodSeconds: 20
      restartPolicy: Always  # Default for Deployments

Service Pattern

yaml
apiVersion: v1
kind: Service
metadata:
  name: <app>-service
  labels:
    app.kubernetes.io/name: <app>
spec:
  type: ClusterIP  # Or LoadBalancer, NodePort
  selector:
    app.kubernetes.io/name: <app>  # Must match pod labels
  ports:
    - port: 80
      targetPort: 8080
      protocol: TCP

Resource Requirements

Always specify for production:

yaml
resources:
  requests:   # Scheduling guarantee
    memory: "128Mi"
    cpu: "100m"
  limits:     # Hard cap
    memory: "256Mi"
    cpu: "500m"

Health Probes

Add probes for any long-running container:

ProbePurposeWhen
readinessProbeTraffic routingAlways for services
livenessProbeContainer restartDetect deadlocks
startupProbeSlow startup appsLong init times

Probe types: httpGet, tcpSocket, exec

Security Context

yaml
securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false

ConfigMap/Secret References

yaml
env:
  - name: DB_HOST
    valueFrom:
      configMapKeyRef:
        name: app-config
        key: database_host
  - name: DB_PASSWORD
    valueFrom:
      secretKeyRef:
        name: app-secrets
        key: db_password

Output Format

  • Use --- separator between multiple resources
  • Add brief comments for non-obvious configurations
  • Order: Namespace > ConfigMap/Secret > PVC > Deployment > Service > Ingress