{"id":"f3dc1375-93af-4f66-9b5c-35b4824040d6","shortId":"cU2nMx","kind":"skill","title":"k8s-ops","tagline":"Manage Kubernetes cluster resources via kubectl. Use when user needs to view, troubleshoot, or modify K8s workloads across multiple clusters.","description":"# k8s-ops\n\nAssists operations engineers in managing K8s cluster resources via kubectl. Supports viewing, troubleshooting, and change operations.\n\n**Applicable scenarios:**\n\n- View Pod/Deployment/Service/Node and other resource statuses\n- View logs and events for troubleshooting\n- Execute change operations (scale, rollout restart, apply, etc.)\n- Troubleshooting operations (exec, port-forward, describe, etc.)\n\n## Setup\n\nBefore using this skill, configure your cluster contexts in the table below. Replace the example entries with your actual clusters:\n\n| Cluster | Context | Cloud Provider | k8s Repo Directory |\n|---------|---------|---------------|-------------------|\n| prod-1  | `your-eks-context-here` | AWS EKS | `clusters/prod-1/` |\n| staging | `your-gke-context-here` | GCP GKE | `clusters/staging/` |\n| dev     | `your-aks-context-here` | Azure AKS | `clusters/dev/` |\n\n> Add all clusters your team manages. The context value should match the output of `kubectl config get-contexts`.\n\n## Execution Flow\n\n### Step 1: Environment Check\n\nOn first operation, the Agent should automatically check the environment:\n\n1. Run `kubectl version --client` to confirm kubectl is installed\n2. Run `kubectl config get-contexts` to list configured contexts\n\n**If kubectl is not installed**: Guide the user to install it (`brew install kubectl` / `apt install kubectl` / official documentation).\n\n**If the target context is not configured**:\n- AWS EKS clusters: Guide the user to run `aws eks update-kubeconfig --name <cluster-name> --region <region>`\n- GCP GKE clusters: Guide the user to run `gcloud container clusters get-credentials <cluster-name> --region <region> --project <project>`, and ensure `gke-gcloud-auth-plugin` is installed\n- Azure AKS clusters: Guide the user to run `az aks get-credentials --resource-group <rg> --name <cluster-name>`\n- Other clusters: Guide the user to download kubeconfig through the corresponding cloud platform console\n\n**If already configured**: Proceed directly to Step 2.\n\n### Step 2: Confirm Operation Target\n\nConfirm the following information with the user (proactively ask if not provided):\n\n1. **Target cluster**: Match the cluster table above based on the user's description; determine the context\n2. **Target namespace**: Use `default` if not specified, or infer from the service name\n3. **Operation content**: View, change, troubleshoot, etc.\n\n### Step 3: Switch Context\n\nUse the `--context` parameter to specify the cluster — **do not modify the current default context**:\n\n```bash\nkubectl --context <context-name> -n <namespace> <command>\n```\n\n### Step 4: Execute Operation\n\n#### View Operations (execute directly)\n\nView operations carry no risk and can be executed directly:\n\n```bash\n# View Pod status\nkubectl --context <ctx> -n <ns> get pods\n\n# View Deployments\nkubectl --context <ctx> -n <ns> get deployments\n\n# View Pod logs\nkubectl --context <ctx> -n <ns> logs <pod-name> --tail=100\n\n# View events\nkubectl --context <ctx> -n <ns> get events --sort-by='.lastTimestamp'\n\n# View resource details\nkubectl --context <ctx> -n <ns> describe pod <pod-name>\n\n# View Node status\nkubectl --context <ctx> get nodes\n\n# View resource usage\nkubectl --context <ctx> -n <ns> top pods\n```\n\n#### Change Operations (must confirm first)\n\n**All change operations must show the user the command to be executed; execution only after user confirmation.**\n\n```bash\n# Scale\nkubectl --context <ctx> -n <ns> scale deployment <name> --replicas=<N>\n\n# Rolling restart\nkubectl --context <ctx> -n <ns> rollout restart deployment <name>\n\n# Apply configuration\nkubectl --context <ctx> -n <ns> apply -f <file>\n\n# Edit ConfigMap\nkubectl --context <ctx> -n <ns> edit configmap <name>\n\n# Delete resource (high risk)\nkubectl --context <ctx> -n <ns> delete <resource> <name>\n```\n\n#### Troubleshooting Operations\n\n```bash\n# Enter a container\nkubectl --context <ctx> -n <ns> exec -it <pod-name> -- /bin/sh\n\n# Port forwarding\nkubectl --context <ctx> -n <ns> port-forward <pod-name> <local>:<remote>\n\n# View all containers in a Pod\nkubectl --context <ctx> -n <ns> get pod <pod-name> -o jsonpath='{.spec.containers[*].name}'\n```\n\n### Step 5: Confirm Results\n\n- **View operations**: Display output directly; format or summarize as needed\n- **Change operations**: Verify results after execution (e.g., check Pod count after scale, check rollout status after restart)\n- **On failure**: Display error information, analyze the cause, and suggest a fix\n\n## Security Rules\n\n1. **Prohibit executing `delete namespace` on prod clusters**\n2. **Prohibit executing `kubectl drain` unless the user explicitly requests and confirms**\n3. **All change operations must show the complete command before execution and wait for user confirmation**\n4. **Batch operations (e.g., scaling multiple deployments simultaneously) must list each one and confirm**\n5. **Prefer using `--context` parameter to specify the cluster; avoid `kubectl config use-context` which modifies global state**\n\n## Examples\n\n### Bad\n\n#### 1. Executing changes without confirmation\n\n```\nUser: Help me restart payment-service on Production\nAI: Rolling restart executed.\n```\n\n**Problem**: Change operation executed without user confirmation.\n\n#### 2. Modifying global context\n\n```bash\nkubectl config use-context my-prod-context\nkubectl -n prod get pods\n```\n\n**Problem**: Modified the global context, potentially affecting the user's other terminal sessions. Should use the `--context` parameter.\n\n#### 3. Executing high-risk operations on prod without confirmation\n\n```bash\nkubectl --context my-prod-context delete namespace monitoring\n```\n\n**Problem**: Deleting an entire namespace on a production cluster without confirmation.\n\n### Good\n\n#### 1. Confirming before changes\n\n```\nUser: Help me restart payment-service on Prod\n\nAI: I will execute the following on the Prod cluster:\n    - Cluster: prod-1 (my-prod-context)\n    - Namespace: prod\n    - Command: kubectl --context my-prod-context -n prod rollout restart deployment payment-service\n\n    Confirm execution?\n\nUser: Confirmed\n\nAI: Executed. Checking rollout status...\n    deployment \"payment-service\" successfully rolled out\n```\n\n#### 2. Guiding configuration after environment check\n\n```\nUser: Help me check the Pod status on Staging\n\nAI: Let me check the kubectl environment...\n    kubectl is installed (v1.28.2)\n    But the Staging context was not found. Please run the following command to configure it:\n\n    aws eks update-kubeconfig --name staging-cluster --region <your-region>\n\n    Let me know when configuration is complete, and I will continue.\n```\n\n#### 3. Troubleshooting flow\n\n```\nUser: The api-gateway on Staging keeps CrashLoopBackOff\n\nAI: Let me investigate:\n\n    1. Checking Pod status...\n       NAME                          READY   STATUS             RESTARTS   AGE\n       api-gateway-5d4f6c7b8-x2k9z  0/1     CrashLoopBackOff   5          10m\n\n    2. Checking recent logs...\n       Error: failed to connect to database at <ip>:5432\n\n    3. Checking events...\n       Back-off restarting failed container\n\n    Analysis: Pod cannot connect to database at <ip>:5432. Recommended checks:\n    - Is the database service running normally\n    - Is a NetworkPolicy blocking the connection\n    - Is the database address correct in the ConfigMap/Secret\n```\n\n## Exemptions\n\n| Scenario | Condition |\n|------|------|\n| Emergency incident recovery | User explicitly states an emergency — confirmation steps may be skipped |\n| Non-managed clusters | User provides a context not in the Setup list above |\n\nExemption method: `/override skill=k8s-ops reason=\"emergency incident recovery\"`","tags":["k8s","ops","enterprise","harness","engineering","addxai","agent-skills","ai-agent","ai-engineering","claude-code","code-review","cursor"],"capabilities":["skill","source-addxai","skill-k8s-ops","topic-agent-skills","topic-ai-agent","topic-ai-engineering","topic-claude-code","topic-code-review","topic-cursor","topic-devops","topic-enterprise","topic-sre","topic-windsurf"],"categories":["enterprise-harness-engineering"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/addxai/enterprise-harness-engineering/k8s-ops","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add addxai/enterprise-harness-engineering","source_repo":"https://github.com/addxai/enterprise-harness-engineering","install_from":"skills.sh"}},"qualityScore":"0.458","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 16 github stars · SKILL.md body (7,600 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T01:02:12.010Z","embedding":null,"createdAt":"2026-04-21T19:04:01.563Z","updatedAt":"2026-04-22T01:02:12.010Z","lastSeenAt":"2026-04-22T01:02:12.010Z","tsv":"'-1':102,775 '/bin/sh':516 '/override':992 '0/1':905 '1':151,164,307,585,656,750,891 '100':410 '10m':908 '2':174,289,291,324,593,681,813,909 '3':338,346,605,718,875,921 '4':369,621 '5':541,635,907 '5432':920,937 '5d4f6c7b8':903 'across':21 'actual':92 'add':129 'address':955 'affect':706 'age':899 'agent':158 'ai':670,763,801,828,887 'ak':123,127,252,260 'alreadi':283 'analysi':930 'analyz':576 'api':881,901 'api-gateway':880 'api-gateway-5d4f6c7b8-x2k9z':900 'appli':63,483,488 'applic':43 'apt':199 'ask':303 'assist':27 'auth':247 'automat':160 'avoid':644 'aw':108,211,219,854 'az':259 'azur':126,251 'back':925 'back-off':924 'bad':655 'base':315 'bash':364,386,467,507,685,728 'batch':622 'block':949 'brew':196 'cannot':932 'carri':378 'caus':578 'chang':41,58,342,445,451,554,607,658,675,753 'check':153,161,561,566,803,818,822,831,892,910,922,939 'client':168 'cloud':96,279 'cluster':6,23,33,80,93,94,131,213,228,236,253,269,309,312,356,592,643,746,772,773,862,979 'clusters/dev':128 'clusters/prod-1':110 'clusters/staging':119 'command':458,613,782,850 'complet':612,870 'condit':962 'config':144,177,646,687 'configmap':491,496 'configmap/secret':959 'configur':78,183,210,284,484,815,852,868 'confirm':170,292,295,448,466,542,604,620,634,660,680,727,748,751,797,800,971 'connect':916,933,951 'consol':281 'contain':235,510,527,929 'content':340 'context':81,95,106,115,124,136,147,180,184,207,323,348,351,363,366,391,398,406,414,426,434,441,470,478,486,493,502,512,520,532,638,649,684,690,694,704,716,730,734,779,784,788,842,983 'continu':874 'correct':956 'correspond':278 'count':563 'crashloopbackoff':886,906 'credenti':239,263 'current':361 'databas':918,935,942,954 'default':328,362 'delet':497,504,588,735,739 'deploy':396,401,473,482,627,793,806 'describ':71,428 'descript':320 'detail':424 'determin':321 'dev':120 'direct':286,375,385,548 'directori':100 'display':546,573 'document':203 'download':274 'drain':597 'e.g':560,624 'edit':490,495 'ek':105,109,212,220,855 'emerg':963,970,998 'engin':29 'ensur':243 'enter':508 'entir':741 'entri':89 'environ':152,163,817,834 'error':574,913 'etc':64,72,344 'event':54,412,417,923 'exampl':88,654 'exec':67,514 'execut':57,148,370,374,384,461,462,559,587,595,615,657,673,677,719,766,798,802 'exempt':960,990 'explicit':601,967 'f':489 'fail':914,928 'failur':572 'first':155,449 'fix':582 'flow':149,877 'follow':297,768,849 'format':549 'forward':70,518,524 'found':845 'gateway':882,902 'gcloud':234,246 'gcp':117,226 'get':146,179,238,262,393,400,416,435,534,698 'get-context':145,178 'get-credenti':237,261 'gke':114,118,227,245 'gke-gcloud-auth-plugin':244 'global':652,683,703 'good':749 'group':266 'guid':190,214,229,254,270,814 'help':662,755,820 'high':499,721 'high-risk':720 'incid':964,999 'infer':333 'inform':298,575 'instal':173,189,194,197,200,250,837 'investig':890 'jsonpath':537 'k8s':2,19,25,32,98,995 'k8s-ops':1,24,994 'keep':885 'know':866 'kubeconfig':223,275,858 'kubectl':9,36,143,166,171,176,186,198,201,365,390,397,405,413,425,433,440,469,477,485,492,501,511,519,531,596,645,686,695,729,783,833,835 'kubernet':5 'lasttimestamp':421 'let':829,864,888 'list':182,630,988 'log':52,404,408,912 'manag':4,31,134,978 'match':139,310 'may':973 'method':991 'modifi':18,359,651,682,701 'monitor':737 'multipl':22,626 'must':447,453,609,629 'my-prod-context':691,731,776,785 'n':367,392,399,407,415,427,442,471,479,487,494,503,513,521,533,696,789 'name':224,267,337,539,859,895 'namespac':326,589,736,742,780 'need':13,553 'networkpolici':948 'node':431,436 'non':977 'non-manag':976 'normal':945 'o':536 'offici':202 'one':632 'op':3,26,996 'oper':28,42,59,66,156,293,339,371,373,377,446,452,506,545,555,608,623,676,723 'output':141,547 'paramet':352,639,717 'payment':666,759,795,808 'payment-servic':665,758,794,807 'platform':280 'pleas':846 'plugin':248 'pod':388,394,403,429,444,530,535,562,699,824,893,931 'pod/deployment/service/node':46 'port':69,517,523 'port-forward':68,522 'potenti':705 'prefer':636 'proactiv':302 'problem':674,700,738 'proceed':285 'prod':101,591,693,697,725,733,762,771,774,778,781,787,790 'product':669,745 'prohibit':586,594 'project':241 'provid':97,306,981 'readi':896 'reason':997 'recent':911 'recommend':938 'recoveri':965,1000 'region':225,240,863 'replac':86 'replica':474 'repo':99 'request':602 'resourc':7,34,49,265,423,438,498 'resource-group':264 'restart':62,476,481,570,664,672,757,792,898,927 'result':543,557 'risk':380,500,722 'roll':475,671,811 'rollout':61,480,567,791,804 'rule':584 'run':165,175,218,233,258,847,944 'scale':60,468,472,565,625 'scenario':44,961 'secur':583 'servic':336,667,760,796,809,943 'session':712 'setup':73,987 'show':454,610 'simultan':628 'skill':77,993 'skill-k8s-ops' 'skip':975 'sort':419 'sort-bi':418 'source-addxai' 'spec.containers':538 'specifi':331,354,641 'stage':111,827,841,861,884 'staging-clust':860 'state':653,968 'status':50,389,432,568,805,825,894,897 'step':150,288,290,345,368,540,972 'success':810 'suggest':580 'summar':551 'support':37 'switch':347 'tabl':84,313 'tail':409 'target':206,294,308,325 'team':133 'termin':711 'top':443 'topic-agent-skills' 'topic-ai-agent' 'topic-ai-engineering' 'topic-claude-code' 'topic-code-review' 'topic-cursor' 'topic-devops' 'topic-enterprise' 'topic-sre' 'topic-windsurf' 'troubleshoot':16,39,56,65,343,505,876 'unless':598 'updat':222,857 'update-kubeconfig':221,856 'usag':439 'use':10,75,327,349,637,648,689,714 'use-context':647,688 'user':12,192,216,231,256,272,301,318,456,465,600,619,661,679,708,754,799,819,878,966,980 'v1.28.2':838 'valu':137 'verifi':556 'version':167 'via':8,35 'view':15,38,45,51,341,372,376,387,395,402,411,422,430,437,525,544 'wait':617 'without':659,678,726,747 'workload':20 'x2k9z':904 'your-aks-context-her':121 'your-eks-context-her':103 'your-gke-context-her':112","prices":[{"id":"6f3a85be-ee5a-4677-9406-c7f64b4d4b05","listingId":"f3dc1375-93af-4f66-9b5c-35b4824040d6","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"addxai","category":"enterprise-harness-engineering","install_from":"skills.sh"},"createdAt":"2026-04-21T19:04:01.563Z"}],"sources":[{"listingId":"f3dc1375-93af-4f66-9b5c-35b4824040d6","source":"github","sourceId":"addxai/enterprise-harness-engineering/k8s-ops","sourceUrl":"https://github.com/addxai/enterprise-harness-engineering/tree/main/skills/k8s-ops","isPrimary":false,"firstSeenAt":"2026-04-21T19:04:01.563Z","lastSeenAt":"2026-04-22T01:02:12.010Z"}],"details":{"listingId":"f3dc1375-93af-4f66-9b5c-35b4824040d6","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"addxai","slug":"k8s-ops","github":{"repo":"addxai/enterprise-harness-engineering","stars":16,"topics":["agent-skills","ai-agent","ai-engineering","claude-code","code-review","cursor","devops","enterprise","sre","windsurf"],"license":"apache-2.0","html_url":"https://github.com/addxai/enterprise-harness-engineering","pushed_at":"2026-04-17T08:57:37Z","description":"Enterprise-grade AI Agent Skills for software development, DevOps, SRE, security, and product teams. Compatible with Claude Code, Cursor, Windsurf, Gemini CLI, GitHub Copilot, and 30+ AI coding agents.","skill_md_sha":"8115fea58559c99de411b22af19a432fe0b02255","skill_md_path":"skills/k8s-ops/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/addxai/enterprise-harness-engineering/tree/main/skills/k8s-ops"},"layout":"multi","source":"github","category":"enterprise-harness-engineering","frontmatter":{"name":"k8s-ops","description":"Manage Kubernetes cluster resources via kubectl. Use when user needs to view, troubleshoot, or modify K8s workloads across multiple clusters."},"skills_sh_url":"https://skills.sh/addxai/enterprise-harness-engineering/k8s-ops"},"updatedAt":"2026-04-22T01:02:12.010Z"}}