rio/debugging-k8s-storage
dot_config/opencode/skills/debugging-k8s-storage/SKILL.md
Debugs Kubernetes storage issues including PVC stuck in Pending, PV binding failures, volume mount errors, and StorageClass problems. Use when volumes fail to mount, PVCs not binding, or storage-related pod failures.
$ install --global
skillsauthnpx skillsauth add rio/dotfiles debugging-k8s-storageInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 19, 2026, 3:05 AM17.8s1 file scanned
SKILL.md
- name:
- debugging-k8s-storage
- description:
- Debugs Kubernetes storage issues including PVC stuck in Pending, PV binding failures, volume mount errors, and StorageClass problems. Use when volumes fail to mount, PVCs not binding, or storage-related pod failures.
- allowed-tools:
- Bash
Debugging Kubernetes Storage
Investigates PersistentVolumeClaim, PersistentVolume, and mount issues.
Common Storage Issues
| Symptom | Likely Cause | First Check | |---------|-------------|-------------| | PVC Pending | No matching PV, StorageClass issue | PVC events | | Mount failed | PV not available, node issue | Pod events | | Multi-attach error | RWO volume on multiple nodes | Access mode | | Permission denied | fsGroup/runAsUser mismatch | Security context |
Investigation Workflow
Step 1: Check PVC Status
# List PVCs
kubectl get pvc -n <ns>
# Detailed PVC info
kubectl describe pvc <pvc> -n <ns>
PVC Pending? Check Events section for reason.
Step 2: Check PV Binding
# List PVs
kubectl get pv
# Check PV details
kubectl describe pv <pv-name>
PVC binds to PV when:
- StorageClass matches (or empty for static)
- Access modes compatible
- Capacity sufficient
Step 3: Check StorageClass
# List StorageClasses
kubectl get storageclass
# Check default StorageClass
kubectl get storageclass -o jsonpath='{range .items[?(@.metadata.annotations.storageclass\.kubernetes\.io/is-default-class=="true")]}{.metadata.name}{end}'
# StorageClass details
kubectl describe storageclass <name>
Step 4: Check Pod Mount Events
# Pod events show mount failures
kubectl describe pod <pod> -n <ns> | grep -A10 "Events:"
# Events for PVC
kubectl get events -n <ns> --field-selector involvedObject.name=<pvc>
Specific Issues
PVC Stuck in Pending
Common reasons:
- No matching PV (static provisioning)
- StorageClass can't provision (dynamic provisioning)
- Capacity not available
- Wrong access mode
# Check what the PVC is requesting
kubectl get pvc <pvc> -n <ns> -o yaml | grep -A5 "spec:"
# Check events for provisioning errors
kubectl describe pvc <pvc> -n <ns> | grep -A10 "Events:"
Multi-Attach Error
# Check access mode (RWO = ReadWriteOnce = single node)
kubectl get pvc <pvc> -n <ns> -o jsonpath='{.spec.accessModes}'
# Check which node has the volume
kubectl get pod -n <ns> -o wide
RWO volumes can only attach to one node. If pods are on different nodes, one will fail.
Options:
- Use ReadWriteMany (RWX) if storage supports it
- Ensure pods schedule to same node
Volume Mount Timeout
# Check node where pod is scheduled
kubectl get pod <pod> -n <ns> -o jsonpath='{.spec.nodeName}'
# Check node conditions
kubectl describe node <node> | grep -A5 "Conditions:"
May indicate:
- Cloud provider API issues
- Node can't reach storage backend
- CSI driver problems
Permission Denied on Volume
# Check pod security context
kubectl get pod <pod> -n <ns> -o jsonpath='{.spec.securityContext}'
# Check container security context
kubectl get pod <pod> -n <ns> -o jsonpath='{.spec.containers[*].securityContext}'
Fix with fsGroup or runAsUser in pod spec.
Quick Debug Commands
# Overview of all PVC/PV
kubectl get pvc,pv -A
# Check CSI drivers (if using CSI)
kubectl get csidrivers
# Storage-related events
kubectl get events -A --field-selector reason=FailedMount
kubectl get events -A --field-selector reason=FailedAttachVolume
Access Modes Reference
| Mode | Short | Description | |------|-------|-------------| | ReadWriteOnce | RWO | Single node read-write | | ReadOnlyMany | ROX | Multiple nodes read-only | | ReadWriteMany | RWX | Multiple nodes read-write | | ReadWriteOncePod | RWOP | Single pod read-write |
Notes
- Load
debugging-k8s-podsif pod has other issues besides storage - Load
analyzing-k8s-eventsfor storage event timeline
Related Skills
rio/handoff
documentation
VerifiedTrustedCommunity
Compact the current conversation into a handoff document for another agent to pick up.
40SKILL.mdUpdated May 22, 2026
rio/write-a-skill
development
VerifiedTrustedCommunity
Create new agent skills with proper structure, progressive disclosure, and bundled resources. Use when user wants to create, write, or build a new skill.
40SKILL.mdUpdated May 17, 2026
rio/grill-me
testing
VerifiedTrustedCommunity
Interview the user relentlessly about a plan or design until reaching shared understanding, resolving each branch of the decision tree. Use when user wants to stress-test a plan, get grilled on their design, or mentions "grill me".
40SKILL.mdUpdated May 17, 2026
rio/retrieving-k8s-logs
development
VerifiedTrustedCommunity
Retrieves Kubernetes container logs with various patterns including multi-container pods, previous container logs, init containers, and label-based aggregation. Use when checking application logs, debugging crashes, or analyzing container output.
39SKILL.mdUpdated Apr 19, 2026