Run any Skill in Manus with one click

Get Started

kubernetes-patterns

Kubernetes deployment patterns, resource configuration, and operational best practices

Run Skill in Manus

Overview

Kubernetes deployment patterns, resource configuration, and operational best practices

Install command

npx skills add https://github.com/pan94u/forge --skill kubernetes-patterns

Copy and paste this command into Claude Code to install the skill

Source

pan94u/forge

Stars41

Forks9

UpdatedFebruary 22, 2026 at 23:35

SKILL.md

readonly

name	kubernetes-patterns
version	2.0
scope	platform
category	delivery
profile	deployment
description	Kubernetes deployment patterns, resource configuration, and operational best practices
tags	["kubernetes","deployment","infrastructure","containers"]
required_tools	["forge-knowledge.search_runbooks"]

Purpose

This skill provides the agent with knowledge of Kubernetes deployment patterns, resource configuration best practices, and operational conventions. When the agent needs to create, modify, or review Kubernetes manifests, Helm charts, or deployment configurations, it should apply these patterns to ensure production-ready, reliable deployments.

Instructions

When working on Kubernetes deployment configurations:

Resource Definitions:
- Always set resource requests AND limits for CPU and memory
- Use the project's standard resource tiers: small (256Mi/250m), medium (512Mi/500m), large (1Gi/1000m)
- Include liveness and readiness probes for all application containers
- Set appropriate startup probes for slow-starting applications
Deployment Strategy:
- Use RollingUpdate strategy for stateless services
- Configure maxSurge: 25% and maxUnavailable: 0 for zero-downtime deployments
- Set minReadySeconds: 10 to avoid premature rollout progression
- Use Recreate strategy only for stateful services that cannot run multiple versions
Pod Configuration:
- Run containers as non-root user (securityContext.runAsNonRoot: true)
- Drop all capabilities and add only what is needed
- Set readOnlyRootFilesystem: true where possible
- Use pod disruption budgets for production workloads (minAvailable: 1 or maxUnavailable: 1)
Service and Networking:
- Use ClusterIP services for internal communication
- Use Ingress with TLS for external endpoints
- Configure health check endpoints on the service
- Set appropriate connection and read timeouts on ingress
Configuration Management:
- Use ConfigMaps for non-sensitive configuration
- Use Secrets for sensitive data (never plain text in manifests)
- Reference secrets from the external secrets operator where available
- Use environment-specific overlays (Kustomize) or values files (Helm)
Observability:
- Include Prometheus scrape annotations for metrics endpoints
- Configure structured logging with appropriate log levels
- Set up pod labels for Grafana dashboard selectors

Quality Criteria

All containers have resource requests and limits defined
Liveness and readiness probes are configured with appropriate thresholds
Security context restricts container privileges
Pod disruption budgets protect production availability
No secrets appear in plain text in manifests
Deployment strategy ensures zero-downtime updates

Anti-patterns

Running containers as root without justification
Missing resource limits (risk of noisy neighbor problems)
Using latest image tags in production
Hardcoding configuration values instead of using ConfigMaps
Missing pod disruption budgets for critical services
Using NodePort services in production instead of Ingress

More from this repository

same repository

planning-mode

pan94u/forge

Planning Mode skill for guided execution of large tasks. Provides structured task decomposition, user confirmation, per-task verification, retry logic, and quality summary.

2026-03-0541

git-workflow

pan94u/forge

Git 工作流 — 版本控制、提交规范、分支管理、.gitignore 治理

2026-03-0341

bug-fix-workflow

pan94u/forge

Structured bug diagnosis and repair workflow using the 5-Whys root cause analysis method. Ensures fixes include tests, documentation, and knowledge capture.

2026-02-2341

document-generation

pan94u/forge

Generates structured documents including architecture diagrams (Mermaid), usage manuals, progress reports, and API documentation from code analysis.

2026-02-2341

knowledge-distillation

pan94u/forge

Extracts reusable patterns and lessons from execution history and project experience. Generates structured knowledge entries for the knowledge base.

2026-02-2341

progress-evaluation

pan94u/forge

Evaluates project progress by analyzing workspace structure, code completeness, and comparing against planned milestones. Outputs structured progress reports.

2026-02-2341

Source

pan94u

pan94u/forge

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Network and Computer Systems AdministratorsComputer and Mathematical Occupations15-1244L4

Software DevelopersL4

name	kubernetes-patterns
version	2.0
scope	platform
category	delivery
profile	deployment
description	Kubernetes deployment patterns, resource configuration, and operational best practices
tags	["kubernetes","deployment","infrastructure","containers"]
required_tools	["forge-knowledge.search_runbooks"]

Purpose

Instructions

When working on Kubernetes deployment configurations:

Resource Definitions:
- Always set resource requests AND limits for CPU and memory
- Use the project's standard resource tiers: small (256Mi/250m), medium (512Mi/500m), large (1Gi/1000m)
- Include liveness and readiness probes for all application containers
- Set appropriate startup probes for slow-starting applications
Deployment Strategy:
- Use RollingUpdate strategy for stateless services
- Configure maxSurge: 25% and maxUnavailable: 0 for zero-downtime deployments
- Set minReadySeconds: 10 to avoid premature rollout progression
- Use Recreate strategy only for stateful services that cannot run multiple versions
Pod Configuration:
- Run containers as non-root user (securityContext.runAsNonRoot: true)
- Drop all capabilities and add only what is needed
- Set readOnlyRootFilesystem: true where possible
- Use pod disruption budgets for production workloads (minAvailable: 1 or maxUnavailable: 1)
Service and Networking:
- Use ClusterIP services for internal communication
- Use Ingress with TLS for external endpoints
- Configure health check endpoints on the service
- Set appropriate connection and read timeouts on ingress
Configuration Management:
- Use ConfigMaps for non-sensitive configuration
- Use Secrets for sensitive data (never plain text in manifests)
- Reference secrets from the external secrets operator where available
- Use environment-specific overlays (Kustomize) or values files (Helm)
Observability:
- Include Prometheus scrape annotations for metrics endpoints
- Configure structured logging with appropriate log levels
- Set up pod labels for Grafana dashboard selectors

Quality Criteria

All containers have resource requests and limits defined
Liveness and readiness probes are configured with appropriate thresholds
Security context restricts container privileges
Pod disruption budgets protect production availability
No secrets appear in plain text in manifests
Deployment strategy ensures zero-downtime updates

Anti-patterns

Running containers as root without justification
Missing resource limits (risk of noisy neighbor problems)
Using latest image tags in production
Hardcoding configuration values instead of using ConfigMaps
Missing pod disruption budgets for critical services
Using NodePort services in production instead of Ingress