### Setup Local Kubernetes Cluster Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/quickstart.md Instructions for setting up a local Kubernetes environment using either Kind or Minikube. These commands download the necessary binaries and initialize a cluster for development. ```bash # Install kind curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 chmod +x ./kind # Create cluster ./kind create cluster --name my-cluster # Verify kubectl cluster-info kubectl get nodes ``` ```bash # Install minikube curl -LO https://github.com/kubernetes/minikube/releases/latest/download/minikube-linux-amd64 sudo install minikube-linux-amd64 /usr/local/bin/minikube # Start cluster minikube start --cpus=4 --memory=8192 # Verify kubectl get nodes ``` -------------------------------- ### Install Cluster Components and Add-ons Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/cluster-setup.md Commands to install essential cluster infrastructure including container runtimes, local storage provisioners, and the Prometheus monitoring stack via Helm. ```bash # Container Runtime wget https://github.com/containerd/containerd/releases/download/v1.6.0/containerd-1.6.0-linux-amd64.tar.gz sudo tar Czxvf containerd-1.6.0-linux-amd64.tar.gz -C / # Storage Provisioner helm install local-path local-path-provisioner/local-path-provisioner --namespace local-path-storage --create-namespace # Monitoring helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm install prometheus prometheus-community/kube-prometheus-stack -n monitoring --create-namespace ``` -------------------------------- ### Deploy and Expose Application Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/quickstart.md Demonstrates the process of creating a namespace, deploying an Nginx container, and exposing it via a service for external access. ```bash # Create namespace kubectl create namespace tutorial # Deploy nginx kubectl run nginx --image=nginx:latest -n tutorial # Expose service kubectl expose pod nginx --port=80 --type=NodePort -n tutorial # Check service kubectl get svc -n tutorial # Access application # For kind/minikube: kubectl port-forward -n tutorial svc/nginx 8080:80 ``` -------------------------------- ### Essential Kubectl Commands Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/quickstart.md A collection of common kubectl commands for inspecting resources, viewing logs, and executing commands inside running pods. ```bash # Get resources kubectl get pods kubectl get services kubectl get deployments # Describe resources kubectl describe pod pod-name kubectl describe service service-name # View logs kubectl logs pod-name kubectl logs -f pod-name # Execute in pod kubectl exec -it pod-name -- /bin/bash ``` -------------------------------- ### Self-Host Kubernetes with kubeadm Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/cluster-setup.md Step-by-step instructions for setting up a self-managed Kubernetes cluster on Linux nodes, including master initialization, worker joining, and network plugin installation. ```bash sudo apt-get install -y apt-transport-https ca-certificates curl sudo curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list sudo apt-get update sudo apt-get install -y kubelet kubeadm kubectl # Master init sudo kubeadm init --pod-network-cidr=10.244.0.0/16 mkdir -p $HOME/.kube sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml ``` -------------------------------- ### Implement Multi-Stage Docker Builds Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/docker-containers/SKILL.md Demonstrates production-ready multi-stage Dockerfile patterns for Node.js, Go, and Python applications. These examples prioritize minimal image sizes, security by using non-root users, and efficient dependency management. ```dockerfile # Stage 1: Dependencies FROM node:20-alpine AS deps WORKDIR /app COPY package*.json ./ RUN npm ci --only=production && npm cache clean --force # Stage 2: Build FROM node:20-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci COPY . . RUN npm run build # Stage 3: Production FROM gcr.io/distroless/nodejs20-debian12 AS production WORKDIR /app COPY --from=deps /app/node_modules ./node_modules COPY --from=builder /app/dist ./dist COPY --from=builder /app/package.json ./ ENV NODE_ENV=production USER nonroot:nonroot EXPOSE 3000 CMD ["dist/server.js"] ``` ```dockerfile # Stage 1: Build FROM golang:1.22-alpine AS builder RUN apk add --no-cache git ca-certificates tzdata WORKDIR /app # Cache dependencies COPY go.mod go.sum ./ RUN go mod download && go mod verify # Build COPY . . RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build \ -ldflags="-w -s -X main.version=${VERSION}" \ -o /app/server ./cmd/server # Stage 2: Production (scratch) FROM scratch AS production COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /usr/share/zoneinfo /usr/share/zoneinfo COPY --from=builder /app/server /server USER 65534:65534 EXPOSE 8080 ENTRYPOINT ["/server"] ``` ```dockerfile # Stage 1: Dependencies FROM python:3.12-slim AS builder WORKDIR /app RUN pip install --no-cache-dir poetry && \ poetry config virtualenvs.in-project true COPY pyproject.toml poetry.lock ./ RUN poetry install --only main --no-interaction --no-ansi # Stage 2: Production FROM python:3.12-slim AS production WORKDIR /app # Create non-root user RUN groupadd -r appgroup && useradd -r -g appgroup appuser # Copy virtual environment COPY --from=builder /app/.venv /app/.venv COPY . . ENV PATH="/app/.venv/bin:$PATH" ENV PYTHONDONTWRITEBYTECODE=1 ENV PYTHONUNBUFFERED=1 USER appuser:appgroup EXPOSE 8000 CMD ["gunicorn", "-w", "4", "-b", "0.0.0.0:8000", "app:app"] ``` -------------------------------- ### Manage Cluster Context and Verification Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/cluster-setup.md Utility commands to verify cluster status and configure kubectl contexts for multi-cluster environments. ```bash # Verification kubectl get nodes kubectl get pods --all-namespaces # Context Management kubectl config set-context prod --cluster=production --user=admin kubectl config use-context prod ``` -------------------------------- ### Kubernetes Init Container Pattern for Setup Tasks Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/03-deployment-orchestration.md Illustrates the use of init containers in Kubernetes to perform setup tasks before the main application container starts. This example includes init containers for waiting for a database, running migrations, and fetching configuration. ```yaml spec: initContainers: # Wait for database - name: wait-for-db image: busybox:1.36 command: ['sh', '-c', 'until nc -z postgresql 5432; do sleep 2; done'] # Run migrations - name: run-migrations image: myregistry.azurecr.io/api-server:v2.1.0 command: ['./migrate', 'up'] env: - name: DATABASE_URL valueFrom: secretKeyRef: name: db-secrets key: url # Fetch config - name: fetch-config image: busybox:1.36 command: ['wget', '-O', '/config/app.yaml', 'http://config-server/config'] volumeMounts: - name: config mountPath: /config containers: - name: app image: myregistry.azurecr.io/api-server:v2.1.0 volumeMounts: - name: config mountPath: /app/config ``` -------------------------------- ### Provision Managed Kubernetes Clusters Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/cluster-setup.md Commands to initialize and configure production-grade Kubernetes clusters on major cloud providers including AWS, Google Cloud, and Azure. ```bash # AWS EKS eksctl create cluster --name production --region us-east-1 --nodes=3 eksctl create nodegroup --cluster production --name workers aws eks update-kubeconfig --region us-east-1 --name production ``` ```bash # Google GKE gcloud container clusters create production --zone us-central1-a --num-nodes 3 --machine-type n1-standard-2 gcloud container clusters get-credentials production --zone us-central1-a ``` ```bash # Azure AKS az group create --name myResourceGroup --location eastus az aks create --resource-group myResourceGroup --name production --node-count 3 --vm-set-type VirtualMachineScaleSets az aks get-credentials --resource-group myResourceGroup --name production ``` -------------------------------- ### Apply Security Hardening Policies Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/cluster-setup.md Configuration snippets for securing a cluster through network policies, RBAC service accounts, and pod security standards. ```bash # Network Policy kubectl apply -f - <= 500 # Rate of errors rate({namespace="production"} |= "error" [5m]) ``` -------------------------------- ### Install Istio and Enable Namespace Injection Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/service-mesh/SKILL.md Installs Istio using the 'istioctl' command with production-ready configurations and enables automatic mTLS. It then labels a Kubernetes namespace to enable Istio's sidecar injection for that namespace. ```bash # Install Istio with production profile istioctl install --set profile=default \ --set meshConfig.enableAutoMtls=true \ --set meshConfig.accessLogFile=/dev/stdout # Enable namespace injection kubectl label namespace production istio-injection=enabled ``` -------------------------------- ### Enforce Policies with Kyverno and OPA Gatekeeper Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/security/SKILL.md Provides examples of policy enforcement using Kyverno for validation and OPA Gatekeeper for custom constraint templates. These tools help maintain cluster compliance and governance. ```yaml apiVersion: kyverno.io/v1 kind: ClusterPolicy metadata: name: require-run-as-nonroot spec: validationFailureAction: Enforce rules: - name: run-as-non-root match: any: - resources: kinds: - Pod validate: message: "Containers must run as non-root" pattern: spec: containers: - securityContext: runAsNonRoot: true --- apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: name: k8srequiredlabels spec: crd: spec: names: kind: K8sRequiredLabels targets: - target: admission.k8s.gatekeeper.sh rego: | package k8srequiredlabels violation[{"msg": msg}] { provided := {l | input.review.object.metadata.labels[l]} required := {l | l := input.parameters.labels[_]} missing := required - provided count(missing) > 0 msg := sprintf("Missing labels: %v", [missing]) } ``` -------------------------------- ### Debug Networking and DNS Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/troubleshoot.md Commands to troubleshoot service accessibility, DNS resolution, and NetworkPolicy restrictions using netshoot containers. ```bash # Check service and endpoints kubectl get svc kubectl describe svc service-name kubectl get endpoints service-name # Test connectivity kubectl run debug --image=nicolaka/netshoot -it --rm -- /bin/bash ``` ```bash # Test DNS kubectl run debug --image=nicolaka/netshoot -it --rm -- nslookup service-name # Check CoreDNS kubectl get pods -n kube-system | grep coredns kubectl logs -n kube-system -l k8s-app=kube-dns ``` ```bash # Check policies kubectl get networkpolicies kubectl describe networkpolicy policy-name # Test connectivity kubectl run debug --image=nicolaka/netshoot -it --rm -- /bin/bash # Inside: nc -zv service-name 80 ``` -------------------------------- ### Manage Storage Issues Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/troubleshoot.md Troubleshooting steps for PVC pending states and volume mount failures, including inspection of StorageClasses and PersistentVolumes. ```bash # Check PVC and StorageClass kubectl get pvc kubectl describe pvc pvc-name kubectl get storageclass kubectl describe storageclass storage-class-name # Check PV kubectl get pv kubectl describe pv pv-name ``` ```bash # Check pod events kubectl describe pod pod-name # Check volume kubectl get pv kubectl logs pod-name ``` -------------------------------- ### Invoke Troubleshooting Skill via CLI Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/troubleshooting/references/GUIDE.md Demonstrates how to trigger the troubleshooting skill using the command line interface. This requires the plugin to be installed and configured in the environment. ```bash # Invoke the skill claude "troubleshooting - [your task description]" # Example claude "troubleshooting - analyze the current implementation" ``` -------------------------------- ### Optimize Resource Usage Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/troubleshoot.md Commands to diagnose and resolve OOMKilled errors and CPU throttling by adjusting resource requests and limits. ```bash # Check memory usage kubectl top pod pod-name # Increase memory limit kubectl set resources deployment deployment-name \ --limits=memory=1Gi \ --requests=memory=512Mi ``` ```bash # Check CPU usage kubectl top pod pod-name --containers # Check requests/limits kubectl get pod pod-name -o json | jq '.spec.containers[].resources' # Increase CPU limits kubectl set resources deployment deployment-name \ --limits=cpu=1000m \ --requests=cpu=500m ``` -------------------------------- ### Implement Cost Optimization Logic in Python Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/cost-optimization/references/GUIDE.md Provides a standard Python function template for implementing cost-optimization logic, including input validation and processing steps. ```python def implement_cost_optimization(input_data): """ Implement cost-optimization functionality. Args: input_data: Input to process Returns: Processed result """ # Validate input if not input_data: raise ValueError("Input required") # Process result = process(input_data) # Return return result ``` -------------------------------- ### Optimize Dockerfile Structure Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/02-container-runtime.md Demonstrates the transition from monolithic, single-layer Dockerfiles to optimized multi-stage builds using distroless images to reduce final image size and improve security. ```dockerfile # ❌ ANTI-PATTERN: Many layers, large intermediate FROM ubuntu:20.04 RUN apt-get update && apt-get install -y nodejs npm git curl wget RUN useradd appuser RUN npm install -g yarn COPY . /app WORKDIR /app RUN npm install RUN npm build # ✅ PATTERN: Minimal layers, efficient FROM node:18-alpine as builder WORKDIR /build COPY package*.json ./ RUN npm ci --only=production FROM gcr.io/distroless/nodejs18-debian11:nonroot COPY --from=builder /build/node_modules /app/node_modules COPY --chown=nonroot:nonroot . /app WORKDIR /app EXPOSE 3000 CMD ["server.js"] ``` -------------------------------- ### Configure Kubernetes Load Balancing Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/04-storage-networking.md Examples for setting up internal load balancers using cloud-provider annotations and configuring session affinity for stateful applications. ```yaml apiVersion: v1 kind: Service metadata: name: internal-api annotations: service.beta.kubernetes.io/aws-load-balancer-internal: "true" service.beta.kubernetes.io/aws-load-balancer-type: "nlb" spec: type: LoadBalancer selector: app: api-server ports: - port: 80 targetPort: 8080 ``` ```yaml apiVersion: v1 kind: Service metadata: name: stateful-app spec: type: ClusterIP selector: app: stateful-app sessionAffinity: ClientIP sessionAffinityConfig: clientIP: timeoutSeconds: 3600 ports: - port: 80 targetPort: 8080 ``` -------------------------------- ### Install Prometheus Stack via Helm Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/monitoring/SKILL.md Deploys the kube-prometheus-stack using Helm, including Grafana and Prometheus configuration. Requires Helm 3+ and an active Kubernetes cluster. ```bash helm repo add prometheus-community https://prometheus-community.github.io/helm-charts helm install prometheus prometheus-community/kube-prometheus-stack \ -n monitoring --create-namespace \ --set grafana.adminPassword=secure-password \ --set prometheus.prometheusSpec.retention=30d ``` -------------------------------- ### Implement Kustomize Base and Production Overlay Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/07-development-gitops.md Demonstrates the Kustomize pattern using a base configuration and a production overlay. The base defines shared resources, while the overlay applies environment-specific patches, image overrides, and secret generation. ```yaml # base/kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - deployment.yaml - service.yaml - serviceaccount.yaml - hpa.yaml - pdb.yaml commonLabels: app.kubernetes.io/name: api-server app.kubernetes.io/managed-by: kustomize configMapGenerator: - name: api-config literals: - LOG_LEVEL=info ``` ```yaml # overlays/production/kustomization.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: production resources: - ../../base - ingress.yaml - networkpolicy.yaml patches: - path: deployment-patch.yaml - path: hpa-patch.yaml images: - name: api-server newName: myregistry.azurecr.io/api-server newTag: v2.1.0 replicas: - name: api-server count: 5 configMapGenerator: - name: api-config behavior: merge literals: - LOG_LEVEL=warn - ENVIRONMENT=production secretGenerator: - name: api-secrets type: Opaque files: - secrets/db-password labels: - pairs: environment: production tier: critical includeSelectors: false ``` -------------------------------- ### Analyze Resource Recommendations Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/cost-optimization/SKILL.md Commands to inspect VPA recommendations and deploy Goldilocks for automated resource analysis across namespaces. ```bash # Get VPA recommendations kubectl describe vpa api-server-vpa # Check current vs recommended kubectl get vpa api-server-vpa -o jsonpath='{.status.recommendation}' # Goldilocks for all deployments kubectl apply -f https://github.com/FairwindsOps/goldilocks/releases/latest/download/goldilocks.yaml kubectl label namespace production goldilocks.fairwinds.com/enabled=true ``` -------------------------------- ### Kubernetes Assistant Commands Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/README.md This section details the commands available for interacting with the Kubernetes assistant. These commands provide quick access to guides and setup procedures for Kubernetes. ```text /troubleshoot: Kubernetes Troubleshooting Guide /best-practices: practices - Kubernetes Best Practices /quickstart: Get Started with Kubernetes /cluster-setup: setup - Production Cluster Setup ``` -------------------------------- ### Sign Images with Cosign Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/docker-containers/SKILL.md Demonstrates how to generate keys, sign container images, and verify signatures to ensure supply chain integrity. Includes support for keyless signing via OIDC issuers. ```bash cosign generate-key-pair cosign sign --key cosign.key myregistry.io/myapp:v1.0.0 cosign verify --key cosign.pub myregistry.io/myapp:v1.0.0 cosign sign --yes \ --oidc-issuer=https://token.actions.githubusercontent.com \ myregistry.io/myapp:${{ github.sha }} ``` -------------------------------- ### Install Linkerd and Enable Namespace Injection Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/service-mesh/SKILL.md Installs Linkerd by applying its Custom Resource Definitions (CRDs) and then installing the core components. It also annotates a Kubernetes namespace to enable Linkerd's automatic proxy injection for that namespace. ```bash # Install Linkerd linkerd install --crds | kubectl apply -f - linkerd install | kubectl apply -f - # Enable namespace kubectl annotate namespace production linkerd.io/inject=enabled ``` -------------------------------- ### Install and Configure Linkerd Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/08-service-mesh-expert.md Provides CLI commands for installing Linkerd and YAML definitions for creating ServiceProfiles to manage retries and timeouts. ```bash curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh linkerd install --crds | kubectl apply -f - linkerd install | kubectl apply -f - linkerd check ``` ```yaml apiVersion: linkerd.io/v1alpha2 kind: ServiceProfile metadata: name: api-server.production.svc.cluster.local namespace: production spec: routes: - name: GET /api/users condition: method: GET pathRegex: /api/users/[^/]+ responseClasses: - condition: status: min: 500 max: 599 isFailure: true timeout: 5s isRetryable: true ``` -------------------------------- ### POST /diagnose Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/troubleshooting/SKILL.md Initiates a diagnostic or debugging action on a specific Kubernetes resource based on provided symptoms. ```APIDOC ## POST /diagnose ### Description Performs automated troubleshooting, debugging, or analysis on a specified Kubernetes resource (pod, node, service, etc.) given a list of observed symptoms. ### Method POST ### Endpoint /diagnose ### Parameters #### Request Body - **action** (string) - Required - The diagnostic action to perform: "diagnose", "debug", "analyze", "fix", or "investigate". - **target** (string) - Required - The resource type to target: "pod", "node", "service", "network", "storage", or "cluster". - **symptoms** (array) - Required - A list of observed issues or error messages to analyze. ### Request Example { "action": "diagnose", "target": "pod", "symptoms": ["CrashLoopBackOff", "OOMKilled"] } ### Response #### Success Response (200) - **diagnosis** (string) - The identified state of the resource. - **root_cause** (string) - The underlying cause of the issue. - **resolution** (array) - A list of recommended steps to resolve the issue. #### Response Example { "diagnosis": "Memory limit exceeded", "root_cause": "Application memory usage spiked beyond container limits", "resolution": ["Increase memory limits in deployment spec", "Optimize application memory footprint"] } ``` -------------------------------- ### Implement Image Tagging Strategy Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/02-container-runtime.md Outlines standard naming conventions and tagging strategies for production container images, including semantic versioning, Git SHA immutability, and environment-specific tagging. ```bash # Semantic Versioning (recommended) registry.example.com/company/api:v1.2.3 registry.example.com/company/api:v1.2 registry.example.com/company/api:v1 # Git SHA (immutable reference) registry.example.com/company/api:sha-abc123def456 # Environment tags (development) registry.example.com/company/api:dev registry.example.com/company/api:staging registry.example.com/company/api:prod ``` -------------------------------- ### Cluster Diagnostics Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/troubleshoot.md Commands to assess overall cluster health and collect comprehensive diagnostic information for support. ```bash # Check Cluster Health kubectl get nodes kubectl get cs kubectl get pods -n kube-system # Collect Debug Info kubectl cluster-info dump --output-directory=./cluster-info kubectl describe all --all-namespaces ``` -------------------------------- ### Helm Chart Structure Example Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/helm/SKILL.md Illustrates the standard directory layout for a Helm chart, including essential files and directories like Chart.yaml, values.yaml, templates, and tests. This structure promotes organization and maintainability. ```text myapp/ ├── Chart.yaml ├── Chart.lock ├── values.yaml ├── values.schema.json ├── README.md ├── templates/ │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── service.yaml │ ├── ingress.yaml │ ├── hpa.yaml │ ├── pdb.yaml │ ├── serviceaccount.yaml │ ├── servicemonitor.yaml │ └── NOTES.txt ├── charts/ └── tests/ └── test-connection.yaml ``` -------------------------------- ### POST /helm/release Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/helm/SKILL.md Executes Helm lifecycle operations such as install, upgrade, or rollback on a specified Kubernetes chart. ```APIDOC ## POST /helm/release ### Description Performs Helm operations on a target chart. This endpoint handles the full lifecycle management including installation, upgrades, and rollbacks. ### Method POST ### Endpoint /helm/release ### Parameters #### Request Body - **action** (string) - Required - The Helm action to perform: "install", "upgrade", "rollback", "template", "lint", "test". - **release_name** (string) - Required - The unique name for the Helm release. - **chart** (string) - Required - The path or repository reference to the Helm chart. - **values** (object) - Optional - Key-value pairs to override default chart values. ### Request Example { "action": "install", "release_name": "my-app-release", "chart": "./charts/myapp", "values": { "replicaCount": 3 } } ### Response #### Success Response (200) - **release_info** (object) - Metadata regarding the deployed release. - **revision** (integer) - The version number of the release. - **status** (string) - The current state of the release (e.g., "deployed", "failed"). #### Response Example { "release_info": { "name": "my-app-release", "namespace": "default" }, "revision": 1, "status": "deployed" } ``` -------------------------------- ### Execute Essential PromQL Queries Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/06-monitoring-observability.md A collection of PromQL queries for monitoring the RED method (Rate, Errors, Duration) and Kubernetes container resource utilization. ```promql # Request rate sum(rate(http_requests_total{job="api-server"}[5m])) by (service) # Error rate sum(rate(http_requests_total{job="api-server",status=~"5.."}[5m])) / sum(rate(http_requests_total{job="api-server"}[5m])) * 100 # Latency p99 histogram_quantile(0.99, sum(rate(http_request_duration_seconds_bucket[5m])) by (le, service) ) # Container CPU usage sum(rate(container_cpu_usage_seconds_total{namespace="production"}[5m])) by (pod) # Container memory usage percentage sum(container_memory_working_set_bytes{namespace="production"}) by (pod) / sum(container_spec_memory_limit_bytes{namespace="production"}) by (pod) * 100 ``` -------------------------------- ### LogQL Queries for Log Analysis Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/06-monitoring-observability.md Provides examples of LogQL queries for filtering error logs, identifying slow requests based on duration, finding top error messages, and calculating log volume by namespace. ```logql # Error logs from production {namespace="production"} |= "error" | json | level="error" # Slow requests (>1s) {namespace="production", app="api-server"} | json | duration > 1s # Top 10 error messages topk(10, sum by (message) (rate({namespace="production"} |= "error" [5m]))) # Log volume by namespace sum by (namespace) (rate({job="fluent-bit"}[5m])) ``` -------------------------------- ### Execute and Debug Containers Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/troubleshoot.md Tools for executing commands inside running pods, deploying ephemeral debug containers, and analyzing logs. ```bash # Execute in Pod kubectl exec -it pod-name -- /bin/bash kubectl exec pod-name -- env # Debug Container kubectl debug pod-name -it --image=nicolaka/netshoot ``` ```bash # Log Analysis kubectl logs -f pod-name kubectl logs pod-name --previous kubectl logs pod-name --timestamps=true kubectl logs pod-name | grep ERROR ``` -------------------------------- ### GitHub Actions CI/CD Pipeline for Docker Image Build and Push Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/docker-containers/SKILL.md A GitHub Actions workflow to automate the building and pushing of Docker images to GitHub Container Registry. It includes steps for checking out code, setting up Docker Buildx, logging in, extracting image metadata, building and pushing, vulnerability scanning with Trivy, and signing the image with Cosign. ```yaml name: Build and Push on: push: branches: [main] tags: ['v*'] env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: build: runs-on: ubuntu-latest permissions: contents: read packages: write id-token: write # For keyless signing security-events: write # For SARIF upload steps: - uses: actions/checkout@v4 - name: Set up QEMU uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha,prefix= - name: Build and push uses: docker/build-push-action@v5 with: context: . platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max provenance: true sbom: true - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: '${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}' format: 'sarif' output: 'trivy-results.sarif' severity: 'CRITICAL,HIGH' - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results.sarif' - name: Install Cosign uses: sigstore/cosign-installer@v3 - name: Sign image run: | cosign sign --yes ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}@${{ steps.build.outputs.digest }} ``` -------------------------------- ### Configure Kubernetes Registry Authentication Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/docker-containers/SKILL.md Shows how to create a Kubernetes secret for private registry credentials and reference it in a Deployment to pull images securely. ```yaml apiVersion: v1 kind: Secret metadata: name: regcred namespace: production type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: | eyJhdXRocyI6eyJteXJlZ2lzdHJ5LmF6dXJlY3IuaW8iOnsiYXV0aCI6IlkyeH... --- apiVersion: apps/v1 kind: Deployment metadata: name: myapp spec: template: spec: imagePullSecrets: - name: regcred containers: - name: app image: myregistry.azurecr.io/myapp:v1.0.0@sha256:abc123... ``` -------------------------------- ### Invoke Service Mesh Skill via CLI Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/service-mesh/references/GUIDE.md Demonstrates the command-line interface usage for triggering the service-mesh skill with a specific task description. ```bash claude "service-mesh - [your task description]" # Example claude "service-mesh - analyze the current implementation" ``` -------------------------------- ### Diagnose Node Health Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/commands/troubleshoot.md Procedures for identifying and resolving Node NotReady or Unreachable states. Includes checking kubelet logs and verifying network connectivity. ```bash # Check node status kubectl get nodes kubectl describe node node-name # Check kubelet logs ssh to-node journalctl -u kubelet -n 50 ``` ```bash # Check node connectivity ping node-ip # Check node status kubectl describe node node-name # Restart kubelet systemctl restart kubelet ``` -------------------------------- ### Kustomize Debugging Commands Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/07-development-gitops.md Bash commands for debugging Kustomize configurations. These commands allow building Kustomize overlays and diffing Kubernetes resources against the applied configuration. ```bash # Kustomize debugging kustomize build overlays/production kubectl diff -k overlays/production ``` -------------------------------- ### Application Instrumentation with OpenTelemetry (Python) Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/06-monitoring-observability.md Demonstrates how to instrument a Python Flask application using OpenTelemetry. It covers configuring the tracer provider, adding span processors, auto-instrumenting Flask and Requests, and manual span creation. ```python from opentelemetry import trace from opentelemetry.exporter.otlp.proto.grpc.trace_exporter import OTLPSpanExporter from opentelemetry.sdk.trace import TracerProvider from opentelemetry.sdk.trace.export import BatchSpanProcessor from opentelemetry.instrumentation.flask import FlaskInstrumentor from opentelemetry.instrumentation.requests import RequestsInstrumentor # Configure tracer provider = TracerProvider() processor = BatchSpanProcessor( OTLPSpanExporter(endpoint="otel-collector:4317", insecure=True) ) provider.add_span_processor(processor) trace.set_tracer_provider(provider) # Auto-instrument frameworks FlaskInstrumentor().instrument_app(app) RequestsInstrumentor().instrument() # Manual instrumentation tracer = trace.get_tracer(__name__) @app.route('/api/orders') def create_order(): with tracer.start_as_current_span("create_order") as span: span.set_attribute("order.type", "standard") # Business logic return {"status": "created"} ``` -------------------------------- ### Setup Multi-Cluster Service Export/Import Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/04-storage-networking.md Utilizes Submariner resources to export and import services across different Kubernetes clusters within a cluster set. ```yaml apiVersion: multicluster.x-k8s.io/v1alpha1 kind: ServiceExport metadata: name: api-server namespace: production --- apiVersion: multicluster.x-k8s.io/v1alpha1 kind: ServiceImport metadata: name: api-server namespace: production spec: type: ClusterSetIP ports: - port: 80 protocol: TCP ``` -------------------------------- ### ETCD Backup and Restore Commands (Bash) Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/agents/01-cluster-admin.md Provides bash commands for backing up and restoring etcd, essential for disaster recovery. Includes automated backup using Velero and manual snapshot creation. Restoration procedure is mentioned but not detailed. ```bash # Automated backup with velero velero backup create cluster-backup --include-namespaces '*' # Manual etcd snapshot ETCDCTL_API=3 etcdctl snapshot save backup.db # Restore procedure (automated with downtime) ``` -------------------------------- ### Implement Service Mesh Functionality in Python Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/service-mesh/references/GUIDE.md Provides a standard Python template for implementing service-mesh logic, including input validation and error handling. ```python def implement_service_mesh(input_data): """ Implement service-mesh functionality. Args: input_data: Input to process Returns: Processed result """ # Validate input if not input_data: raise ValueError("Input required") # Process result = process(input_data) # Return return result ``` -------------------------------- ### Debug Kubernetes Deployments and ArgoCD Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/gitops/SKILL.md A collection of CLI commands for troubleshooting ArgoCD applications, Helm charts, and Kustomize manifests. These tools assist in identifying sync issues and resource configuration errors. ```bash # ArgoCD CLI argocd app list argocd app sync myapp argocd app diff myapp argocd app logs myapp # Helm debugging helm template . --debug helm get values myapp -n production helm history myapp -n production # Kustomize kustomize build overlays/production kubectl diff -k overlays/production ``` -------------------------------- ### Kubernetes Debugging and Troubleshooting Commands Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/security/SKILL.md A collection of CLI commands for diagnosing RBAC permissions, testing Pod Security Standards (PSS) labels, and inspecting security policy status within a cluster. ```bash # RBAC debugging kubectl auth can-i --list --as=system:serviceaccount:prod:myapp kubectl get rolebindings,clusterrolebindings -A -o wide # PSS testing kubectl label ns test pod-security.kubernetes.io/enforce=restricted --dry-run=server # Policy status kubectl get constraints -A kubectl get clusterpolicies ``` -------------------------------- ### Configure Kustomize Production Overlays Source: https://github.com/pluginagentmarketplace/custom-plugin-kubernetes/blob/main/skills/gitops/SKILL.md Provides a configuration for a production Kustomize overlay. It manages resource patching, image tag updates, and dynamic ConfigMap generation to tailor base configurations for production requirements. ```yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: production resources: - ../../base - hpa.yaml - pdb.yaml patches: - path: replicas-patch.yaml - path: resources-patch.yaml images: - name: api-server newName: myregistry.io/api-server newTag: v2.1.0 configMapGenerator: - name: api-config behavior: merge literals: - LOG_LEVEL=info - ENV=production ```