adaptationio/cdk8s-apps
.claude/skills/cdk8s-apps/SKILL.md
CDK8s for type-safe Kubernetes manifests using Python. Use when building complex K8s applications programmatically, generating manifests from code, creating reusable infrastructure patterns, or managing multi-environment deployments.
$ install --global
skillsauthnpx skillsauth add adaptationio/skrillz cdk8s-appsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 30, 2026, 11:49 PM57.7s5 files scanned
SKILL.md
- name:
- cdk8s-apps
- description:
- CDK8s for type-safe Kubernetes manifests using Python. Use when building complex K8s applications programmatically, generating manifests from code, creating reusable infrastructure patterns, or managing multi-environment deployments.
CDK8s Applications
Define Kubernetes applications using Python instead of YAML. cdk8s (Cloud Development Kit for Kubernetes) is a CNCF Sandbox project that provides type-safe, programmable infrastructure for Kubernetes.
Overview
What is cdk8s?
- Define K8s resources using Python, TypeScript, JavaScript, Java, or Go
- Synthesizes to standard Kubernetes YAML manifests
- Works with any Kubernetes cluster (cloud-agnostic)
- Built on the same concepts as AWS CDK
- CNCF Sandbox project (GA since October 2021)
Key Benefits:
- Type Safety: Catch configuration errors at development time
- IDE Support: Autocomplete, inline docs, refactoring
- Reusability: Create custom constructs for common patterns
- Testability: Unit test infrastructure code
- Reduced Boilerplate: Intent-driven APIs vs verbose YAML
When to Use cdk8s:
- Complex applications with multiple microservices
- Multi-environment deployments (dev/staging/prod)
- Reusable component libraries
- Teams preferring code over YAML
- EKS deployments integrated with AWS CDK
Quick Start
Installation
# Install cdk8s CLI (requires Node.js 18+)
npm install -g cdk8s-cli
# Initialize Python project
cdk8s init python-app
cd my-cdk8s-app
# Install dependencies
pip install -r requirements.txt
Your First Application
#!/usr/bin/env python3
from constructs import Construct
from cdk8s import App, Chart
from cdk8s_plus_27 import Deployment, ContainerProps
class WebApp(Chart):
def __init__(self, scope: Construct, id: str):
super().__init__(scope, id)
# Create deployment with 3 replicas
deployment = Deployment(
self, "web",
replicas=3,
containers=[
ContainerProps(
image="nginx:1.21",
port=80
)
]
)
# Expose as LoadBalancer service
deployment.expose_via_service(port=80)
# Synthesize to YAML
app = App()
WebApp(app, "my-app")
app.synth()
Synthesize and Deploy
# Generate Kubernetes manifests
cdk8s synth
# Review generated YAML
cat dist/my-app.k8s.yaml
# Deploy to cluster
kubectl apply -f dist/
Core Concepts
Constructs Hierarchy
cdk8s uses three levels of constructs:
L1 Constructs (Low-Level)
- Auto-generated from Kubernetes API
- Direct mapping to K8s resources
- Full control, verbose syntax
from imports import k8s
k8s.KubeDeployment(
self, "deployment",
spec=k8s.DeploymentSpec(
replicas=3,
selector=k8s.LabelSelector(match_labels={"app": "web"}),
template=k8s.PodTemplateSpec(...)
)
)
L2 Constructs (High-Level - cdk8s-plus)
- Hand-crafted, intent-driven APIs
- Automatic relationship management
- Reduced boilerplate
from cdk8s_plus_27 import Deployment, ContainerProps
Deployment(
self, "deployment",
replicas=3,
containers=[ContainerProps(image="nginx", port=80)]
)
L3 Constructs (Custom Abstractions)
- Your own reusable components
- Encapsulate organizational patterns
class WebService(Construct):
def __init__(self, scope, id, image, replicas=3):
super().__init__(scope, id)
# Compose deployment + service + ingress
Apps and Charts
App: Root container for all charts Chart: Represents a single Kubernetes manifest file
app = App()
# Each chart → separate YAML file
dev_chart = MyChart(app, "dev", namespace="development")
prod_chart = MyChart(app, "prod", namespace="production")
app.synth() # Generates dist/dev.k8s.yaml and dist/prod.k8s.yaml
Import Custom Resources
Import CRDs, Helm charts, and external definitions:
# Import Kubernetes API
cdk8s import k8s
# Import CRD from URL
cdk8s import https://raw.githubusercontent.com/aws-controllers-k8s/s3-controller/main/helm/crds/s3.services.k8s.aws_buckets.yaml
# Import Helm chart
cdk8s import helm:https://charts.bitnami.com/bitnami/[email protected]
# Import from GitHub
cdk8s import github:crossplane/[email protected]
Common Workflows
Workflow 1: Simple Web Application
from cdk8s import App, Chart
from cdk8s_plus_27 import Deployment, ConfigMap, EnvValue, ContainerProps
class WebApp(Chart):
def __init__(self, scope, id):
super().__init__(scope, id)
# Configuration
config = ConfigMap(
self, "config",
data={
"DATABASE_HOST": "postgres.default.svc",
"LOG_LEVEL": "info"
}
)
# Deployment
deployment = Deployment(
self, "web",
replicas=3,
containers=[
ContainerProps(
image="myapp:v1.0",
port=8080,
env_variables={
"DATABASE_HOST": EnvValue.from_config_map(
config, "DATABASE_HOST"
)
}
)
]
)
# Expose as service
deployment.expose_via_service(port=80, target_port=8080)
app = App()
WebApp(app, "web-app")
app.synth()
Workflow 2: Multi-Environment Deployment
from cdk8s import App, Chart
from cdk8s_plus_27 import Deployment, ContainerProps
class MyApp(Chart):
def __init__(self, scope, id, env, replicas, image_tag):
super().__init__(scope, id, namespace=env)
Deployment(
self, "app",
replicas=replicas,
containers=[
ContainerProps(
image=f"myapp:{image_tag}",
port=8080
)
]
)
app = App()
# Development
MyApp(app, "dev", env="development", replicas=1, image_tag="dev")
# Staging
MyApp(app, "staging", env="staging", replicas=2, image_tag="v1.2.3-rc")
# Production
MyApp(app, "prod", env="production", replicas=5, image_tag="v1.2.3")
app.synth()
Workflow 3: Custom Reusable Construct
from constructs import Construct
from cdk8s_plus_27 import (
Deployment, Service, ConfigMap, Secret,
ContainerProps, EnvValue, ServiceType
)
class MicroserviceApp(Construct):
"""Reusable microservice with deployment, service, and config."""
def __init__(
self,
scope: Construct,
id: str,
image: str,
replicas: int = 3,
port: int = 8080,
config: dict = None,
secrets: dict = None
):
super().__init__(scope, id)
# ConfigMap
if config:
cfg = ConfigMap(self, "config", data=config)
# Secret
if secrets:
sec = Secret(self, "secret", string_data=secrets)
# Build env vars
env_vars = {}
if config:
for key in config.keys():
env_vars[key] = EnvValue.from_config_map(cfg, key)
if secrets:
for key in secrets.keys():
env_vars[key] = EnvValue.from_secret_value(key, sec)
# Deployment
self.deployment = Deployment(
self, "deployment",
replicas=replicas,
containers=[
ContainerProps(
image=image,
port=port,
env_variables=env_vars
)
]
)
# Service
self.service = self.deployment.expose_via_service(
service_type=ServiceType.CLUSTER_IP,
port=port
)
# Usage
from cdk8s import App, Chart
class MyChart(Chart):
def __init__(self, scope, id):
super().__init__(scope, id)
# Deploy 3 microservices with one construct
MicroserviceApp(
self, "frontend",
image="myapp/frontend:v1",
replicas=5,
config={"API_URL": "http://api:8080"}
)
MicroserviceApp(
self, "api",
image="myapp/api:v1",
replicas=3,
secrets={"DATABASE_PASSWORD": "supersecret"}
)
MicroserviceApp(
self, "worker",
image="myapp/worker:v1",
replicas=2
)
app = App()
MyChart(app, "microservices")
app.synth()
Testing
Unit Tests with pytest
# tests/test_chart.py
import pytest
from cdk8s import Testing
from app import MyChart
def test_deployment_has_correct_replicas():
chart = Testing.chart()
MyChart(chart)
manifests = Testing.synth(chart)
deployment = [m for m in manifests if m["kind"] == "Deployment"][0]
assert deployment["spec"]["replicas"] == 3
def test_service_exposes_correct_port():
chart = Testing.chart()
MyChart(chart)
manifests = Testing.synth(chart)
service = [m for m in manifests if m["kind"] == "Service"][0]
assert service["spec"]["ports"][0]["port"] == 80
Policy Validation
def test_no_latest_tags():
"""Enforce no :latest image tags"""
chart = Testing.chart()
MyChart(chart)
manifests = Testing.synth(chart)
for manifest in manifests:
if manifest["kind"] == "Deployment":
containers = manifest["spec"]["template"]["spec"]["containers"]
for container in containers:
assert not container["image"].endswith(":latest")
def test_all_containers_have_resource_limits():
"""Enforce resource limits"""
chart = Testing.chart()
MyChart(chart)
manifests = Testing.synth(chart)
for manifest in manifests:
if manifest["kind"] == "Deployment":
containers = manifest["spec"]["template"]["spec"]["containers"]
for container in containers:
assert "resources" in container
assert "limits" in container["resources"]
CI/CD Integration
GitHub Actions
# .github/workflows/deploy.yml
name: Deploy to Kubernetes
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: Install dependencies
run: |
npm install -g cdk8s-cli
pip install -r requirements.txt
- name: Synthesize manifests
run: cdk8s synth
- name: Deploy to EKS
run: kubectl apply -f dist/
Integration with AWS CDK (EKS)
Deploy cdk8s apps directly to EKS clusters:
from aws_cdk import Stack, aws_eks as eks
from constructs import Construct
import cdk8s
from my_k8s_app import MyK8sChart
class EksStack(Stack):
def __init__(self, scope: Construct, id: str):
super().__init__(scope, id)
# Create EKS cluster with AWS CDK
cluster = eks.Cluster(
self, "Cluster",
version=eks.KubernetesVersion.V1_28
)
# Define K8s app with cdk8s
cdk8s_app = cdk8s.App()
k8s_chart = MyK8sChart(cdk8s_app, "app")
# Bridge: Deploy cdk8s chart to EKS
cluster.add_cdk8s_chart("my-app", k8s_chart)
Best Practices
1. Pin Versions
# requirements.txt
cdk8s==2.70.26
cdk8s-plus-27==2.7.84 # Match your K8s version
constructs>=10.0.0
2. Use Explicit Names
# ❌ Dangerous: Renaming ID recreates resource
Deployment(self, "app-v2", ...)
# ✅ Safe: Use explicit name metadata
from imports import k8s
Deployment(
self, "app-v2",
metadata=k8s.ObjectMeta(name="app") # Stable name
)
3. Separate Environments
class ProdChart(Chart):
def __init__(self, scope, id):
super().__init__(
scope, id,
namespace="production",
labels={"env": "prod"}
)
4. Test Before Deploying
# Dry-run validation
kubectl apply --dry-run=client -f dist/
# Run unit tests
pytest tests/
# GitOps review
git diff dist/
Common Commands
# Initialize project
cdk8s init python-app
# Import K8s API
cdk8s import k8s
# Import CRD
cdk8s import https://example.com/crd.yaml
# Import Helm chart
cdk8s import helm:https://charts.example.com/[email protected]
# Synthesize manifests
cdk8s synth
# Watch mode (auto-synth)
cdk8s synth --watch
# Deploy
kubectl apply -f dist/
# Validate
kubectl apply --dry-run=client -f dist/
Version Compatibility
| cdk8s-plus | Kubernetes | Python | Node.js | |------------|------------|--------|---------| | cdk8s-plus-27 | 1.27+ | 3.7+ | 18+ | | cdk8s-plus-28 | 1.28+ | 3.7+ | 18+ | | cdk8s-plus-29 | 1.29+ | 3.7+ | 18+ |
When to Use cdk8s vs Alternatives
Use cdk8s when:
- Complex applications with multiple components
- Development teams prefer code over YAML
- Need reusable component libraries
- Testing infrastructure code is important
- Integrating with AWS CDK for EKS
Use Helm when:
- Need existing community charts
- Simple templating is sufficient
- Package distribution required
Use Kustomize when:
- Simple overlays needed
- Transparent YAML modifications
- Minimal learning curve important
Use Raw YAML when:
- Very simple applications
- One-off deployments
- No reusability needed
Quick Reference
Available Constructs (cdk8s-plus)
Workloads: Deployment, StatefulSet, DaemonSet, Job, CronJob, Pod
Services: Service, Ingress
Config: ConfigMap, Secret, EnvValue
Storage: Volume, PersistentVolume, PersistentVolumeClaim
RBAC: ServiceAccount, Role, ClusterRole, RoleBinding, ClusterRoleBinding
Scaling: HorizontalPodAutoscaler
Networking: NetworkPolicy
Detailed Guides
For in-depth information, see:
- Getting Started Guide - Installation, project setup, and basics
- Constructs Guide - L1/L2/L3 constructs, cdk8s-plus, imports
- Patterns Guide - Real-world patterns and best practices
Resources
Official Documentation:
- cdk8s.io - Official website
- GitHub - Source code
- API Reference - API documentation
- Examples - Code examples
AWS Resources:
- Introducing CDK for Kubernetes
- cdk8s+ Intent-driven APIs
Community:
- CNCF Project Page
- Slack Channel
Related Skills
adaptationio/ttyd-remote-terminal-wsl2
development
VerifiedTrustedCommunity
Setup secure web-based terminal access to WSL2 from mobile/tablet via ttyd + ngrok/Cloudflare/Tailscale. One-command install, start, stop, status. Use when you need remote terminal access, web terminal, browser-based shell, or mobile access to WSL2 environment.
6SKILL.mdUpdated Mar 28, 2026
adaptationio/tri-ai-collaboration
development
VerifiedTrustedCommunity
Complete development workflows where Claude writes the code while Gemini and Codex provide research, planning, reviews, and different perspectives. Claude remains the main developer. Use for complex projects requiring expert planning and multi-perspective reviews.
6SKILL.mdUpdated Mar 28, 2026
adaptationio/todo-management
development
VerifiedTrustedCommunity
Systematic progress tracking for skill development. Manages task states (pending/in_progress/completed), updates in real-time, reports progress, identifies blockers, and maintains momentum. Use when tracking skill development, coordinating work, or reporting progress.
6SKILL.mdUpdated Mar 28, 2026
adaptationio/testing-workflow
testing
VerifiedTrustedCommunity
Comprehensive testing workflow orchestrating functional testing, example validation, integration testing, and usability assessment. Sequential workflow for complete skill testing from examples through scenarios to integration validation. Use when conducting thorough testing, pre-deployment validation, ensuring skill functionality, or comprehensive quality checks.
6SKILL.mdUpdated Mar 28, 2026