Skip to content

搵技能.../

Agent Skill Search Engine

搜尋

搜尋
分類
職業

About

About
Privacy
Terms

© 2026 Skills Pool. All rights reserved.

Kubernetes | Skills Pool

技能檔案

Kubernetes

Avoid common Kubernetes mistakes — resource limits, probe configuration, selector mismatches, and RBAC pitfalls.

alvordhouse0 星標2026年4月11日

職業: 網絡同電腦系統管理員
分類: 容器

技能內容

Resource Management

requests = guaranteed minimum — scheduler uses this for placement
limits = maximum allowed — exceeding memory = OOMKilled, CPU = throttled
No limits = can consume entire node — always set production limits
requests without limits = burstable — can use more if available

Probes

readinessProbe controls traffic — fails = removed from Service endpoints
livenessProbe restarts container — fails = container killed and restarted
startupProbe for slow starts — disables liveness/readiness until success
Don't use same endpoint for liveness and readiness — liveness should be minimal health check

Probe Pitfalls

Liveness probe checking dependencies — if DB down, all pods restart indefinitely
initialDelaySeconds too short — pod killed before app starts

相關技能

快速安裝

Kubernetes

npx skillvault add alvordhouse/alvordhouse-wake-workspace-skills-k8s-skill-md

下載 Skill 打開源碼倉庫

作者: alvordhouse
星標: 0
更新時間: 2026年4月11日
職業

本頁內容

01Resource Management 02

timeoutSeconds too short — slow response = restart loop

HTTP probe to HTTPS endpoint — needs scheme: HTTPS

Labels and Selectors

Service selector must match Pod labels exactly — typo = no endpoints
Deployment selector is immutable — can't change after creation
Use consistent labeling scheme — app, version, environment
matchExpressions for complex selection — In, NotIn, Exists

ConfigMaps and Secrets

ConfigMap changes don't restart pods — mount as volume for auto-update, or restart manually
Secrets are base64 encoded, not encrypted — use external secrets manager for sensitive data
envFrom imports all keys — env.valueFrom for specific keys
Volume mount makes files — subPath for single file without replacing directory

Networking

ClusterIP internal only — default, only accessible within cluster
NodePort exposes on node IP — 30000-32767 range, not for production
LoadBalancer provisions cloud LB — works only in supported environments
Ingress needs Ingress Controller — nginx-ingress, traefik, etc. installed separately

Persistent Storage

PVC binds to PV — must match capacity and access modes
storageClassName must match — or use "" for no dynamic provisioning
ReadWriteOnce = single node — ReadWriteMany needed for multi-pod
Pod deletion doesn't delete PVC — persistentVolumeReclaimPolicy controls PV fate

Common Mistakes

kubectl apply vs create — apply for declarative (can update), create for imperative (fails if exists)
Forgetting namespace — -n namespace or set context default
Image tag latest in production — no version pinning, unpredictable updates
Not setting imagePullPolicy — Always for latest tag, IfNotPresent for versioned
Service port vs targetPort — port is Service's, targetPort is container's

Debugging

kubectl describe pod for events — shows scheduling failures, probe failures
kubectl logs -f pod for logs — -p for previous container (after crash)
kubectl exec -it pod -- sh for shell — debug inside container
kubectl get events --sort-by=.lastTimestamp — cluster-wide events timeline

RBAC

ServiceAccount per workload — not default, for least privilege
Role is namespaced — ClusterRole is cluster-wide
RoleBinding binds Role to user/SA — ClusterRoleBinding for cluster-wide
Check permissions: kubectl auth can-i verb resource --as=system:serviceaccount:ns:sa

Probes

03Probe Pitfalls

04Labels and Selectors

05ConfigMaps and Secrets

07Persistent Storage

08Common Mistakes

Helm Chart Scaffolding

Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments.

Python Observability

Python observability patterns including structured logging, metrics, and distributed tracing. Use when adding logging, implementing metrics collection, setting up tracing, or debugging production systems.

K8s Manifest Generator

Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.

Istio Traffic Management

Configure Istio traffic management including routing, load balancing, circuit breakers, and canary deployments. Use when implementing service mesh traffic policies, progressive delivery, or resilience patterns.

Secrets Management

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Gitops Workflow

Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.

網絡同電腦系統管理員