faysilalshareef/kubernetes
skills/devops/kubernetes/SKILL.md
Use when writing Kubernetes manifests for .NET microservice deployment.
$ install --global
skillsauthnpx skillsauth add faysilalshareef/dotnet-ai-kit kubernetesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 3:08 AM212.6s1 file scanned
SKILL.md
- name:
- kubernetes
- description:
- Use when writing Kubernetes manifests for .NET microservice deployment.
- category:
- devops
- agent:
- devops-engineer
- when_to_use:
- When creating or modifying Kubernetes deployment manifests or service configurations
Kubernetes — Deployment Manifests
Core Principles
- Per-environment manifests:
dev-manifest.yaml,staging-manifest.yaml,prod-manifest.yaml - Token placeholders (
#{TOKEN}#) replaced during CI/CD deployment - Health check probes:
/health/ready(readiness),/health/live(liveness) - RollingUpdate strategy with
maxUnavailable: 0, maxSurge: 1 - Environment variables from Secrets and ConfigMaps
- Service Bus topics/subscriptions configured via environment
Key Patterns
Deployment Manifest
apiVersion: apps/v1
kind: Deployment
metadata:
name: {domain}-command
namespace: {company}-{env}
spec:
replicas: #{REPLICAS}#
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
selector:
matchLabels:
app: {domain}-command
template:
metadata:
labels:
app: {domain}-command
spec:
containers:
- name: {domain}-command
image: #{ACR_NAME}#.azurecr.io/{domain}-command:#{IMAGE_TAG}#
ports:
- containerPort: 8080
- containerPort: 8081
env:
- name: ASPNETCORE_ENVIRONMENT
value: "#{ENVIRONMENT}#"
- name: ConnectionStrings__DefaultConnection
valueFrom:
secretKeyRef:
name: {domain}-secrets
key: db-connection-string
- name: ServiceBus__ConnectionString
valueFrom:
secretKeyRef:
name: {domain}-secrets
key: servicebus-connection
- name: ExternalServices__QueryServiceUrl
value: "http://{domain}-query:8081"
readinessProbe:
httpGet:
path: /health/ready
port: 8080
initialDelaySeconds: 10
periodSeconds: 15
livenessProbe:
httpGet:
path: /health/live
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
Service
apiVersion: v1
kind: Service
metadata:
name: {domain}-command
namespace: {company}-{env}
spec:
selector:
app: {domain}-command
ports:
- name: http
port: 8080
targetPort: 8080
- name: grpc
port: 8081
targetPort: 8081
type: ClusterIP
Secret (Template)
apiVersion: v1
kind: Secret
metadata:
name: {domain}-secrets
namespace: {company}-{env}
type: Opaque
stringData:
db-connection-string: "#{DB_CONNECTION_STRING}#"
servicebus-connection: "#{SERVICEBUS_CONNECTION}#"
ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: {domain}-config
namespace: {company}-{env}
data:
Serilog__SeqUrl: "http://seq:5341"
Serilog__WriteToConsole: "true"
Anti-Patterns
| Anti-Pattern | Correct Approach | |---|---| | Secrets in ConfigMap | Use Secret for sensitive data | | No resource limits | Set requests and limits for stability | | Missing health probes | Add readiness and liveness probes | | Hardcoded image tags | Use token placeholders for CI/CD | | maxUnavailable > 0 | Zero downtime: maxUnavailable=0, maxSurge=1 |
Detect Existing Patterns
# Find K8s manifests
find . -name "*-manifest.yaml" -o -name "*.k8s.yaml" | head -10
# Find token placeholders
grep -r "#{.*}#" --include="*.yaml" .
# Find health check endpoints
grep -r "/health" --include="*.cs" src/
Adding to Existing Project
- Follow existing manifest naming —
{env}-manifest.yaml - Match namespace convention —
{company}-{env} - Use existing secret names for shared resources
- Add inter-service URLs via environment variables
- Configure health probes matching the application health endpoints
Related Skills
faysilalshareef/verification-gate
data-ai
VerifiedTrustedCommunity
Use when about to claim work is complete, fixed, passing, or ready — before committing, creating PRs, or moving to the next task. Requires running verification commands and confirming output before making any success claims.
2SKILL.mdUpdated Jun 1, 2026
faysilalshareef/systematic-debugging
development
VerifiedTrustedCommunity
Use when encountering any bug, test failure, build error, or unexpected behavior — before proposing fixes or making changes.
2SKILL.mdUpdated Jun 1, 2026
faysilalshareef/session-management
development
VerifiedTrustedCommunity
Use when checkpointing, wrapping up, or handing off an AI-assisted development session.
2SKILL.mdUpdated Jun 1, 2026
faysilalshareef/sdd-lifecycle
development
VerifiedTrustedCommunity
Use when following the Specification-Driven Development lifecycle from plan through ship.
2SKILL.mdUpdated Jun 1, 2026