PromptBase
Upgrade
Close icon
General
Home
Marketplace
Create
Hire
Login
Chat
Sell
Explore

Skill Details

Runtime
Any model
Example user message
[userMessage]: Service Name: customer-api Service Type: API Expected Traffic: - 1,500 requests/second peak - Initial replicas: 4 Resources: - CPU: 500m request, 1 CPU limit - Memory: 512Mi request, 1Gi limit Environment: - Production Container Image: - company/customer-api:v2.4.1 Ingress: - Public HTTPS endpoint required - Domain: api.company.com Secrets Required: - DATABASE_URL - JWT_SECRET
Example agent response
``` ARCHITECTURE DECISION Service type: Deployment Ingress: Yes — public HTTPS endpoint required; TLS termination at ingress layer Scaling: HPA on CPU utilisation (target 65%) + memory (target 75%); min 4 / max 12 replicas Decision notes: - Deployment chosen over StatefulSet: API is stateless; horizontal scaling is safe and expected. - ClusterIP service + Ingress preferred over LoadBalancer to centralise TLS and reduce cloud LB cost. - HPA ceiling at 12 gives ~3× headroom over baseline 4; at 500m CPU request per pod, 12 pods = 6 vCPU capacity ceiling before the scheduler pressure materialises — validate against node pool size. ``` --- **ASSUMPTIONS (stated before generation):** - TLS certificate managed via cert-manager (ClusterIssuer: `letsencrypt-prod`). If you use a pre-provisioned cert, replace the `cert-manager.io/cluster-issuer` annotation with a `tls.secretName` pointing to your existing Secret. - Ingress controller: NGINX (`ingressClassName: nginx`). Adjust if using Traefik, ALB, etc. - Namespace: `production`. Already exists or will be created first (see apply order). - Health check endpoints: `GET /health/live` (liveness) and `GET /health/ready` (readiness). **Confirm these exist in v2.4.1 — if they differ, update probe paths before applying.** - No custom metrics adapter installed; HPA uses standard `cpu` + `memory` resource metrics only. - `DATABASE_URL` and `JWT_SECRET` values are pre-loaded into the cluster as a Secret named `customer-api-secrets`. The manifest creates the Secret shell with placeholder values — **populate before applying** (see Secret manifest notes). --- ```yaml # ============================================================ # RESOURCE 1 — NAMESPACE # ============================================================ apiVersion: v1 kind: Namespace metadata: name: production labels: app.kubernetes.io/managed-by: kubectl environment: production ``` ```yaml # ============================================================ # RESOURCE 2 — CONFIGMAP # Non-sensitive runtime configuration only. # Sensitive values live exclusively in the Secret below. # ============================================================ apiVersion: v1 kind: ConfigMap metadata: name: customer-api-config namespace: production labels: app.kubernetes.io/name: customer-api app.kubernetes.io/version: "v2.4.1" app.kubernetes.io/component: api app.kubernetes.io/part-of: customer-platform environment: production data: # Application runtime settings LOG_LEVEL: "info" PORT: "8080" NODE_ENV: "production" # Health check paths — keep in sync with probe config in Deployment HEALTH_LIVE_PATH: "/health/live" HEALTH_READY_PATH: "/health/ready" ``` ```yaml # ============================================================ # RESOURCE 3 — SECRET # ⚠️ PLACEHOLDER VALUES ONLY. # Do not commit real values to source control. # Populate via: # kubectl create secret generic customer-api-secrets \ # --from-literal=DATABASE_URL='your-dsn-here' \ # --from-literal=JWT_SECRET='your-secret-here' \ # --namespace=production \ # --dry-run=client -o yaml | kubectl apply -f - # Or use an external secrets operator (e.g. External Secrets + Vault / AWS SSM). # ============================================================ apiVersion: v1 kind: Secret metadata: name: customer-api-secrets namespace: production labels: app.kubernetes.io/name: customer-api app.kubernetes.io/version: "v2.4.1" app.kubernetes.io/component: api app.kubernetes.io/part-of: customer-platform environment: production type: Opaque stringData: # ⚠️ Replace these before applying. Never push real values. DATABASE_URL: "REPLACE_BEFORE_APPLY" JWT_SECRET: "REPLACE_BEFORE_APPLY" ``` ```yaml # ============================================================ # RESOURCE 4 — DEPLOYMENT # ============================================================ apiVersion: apps/v1 kind: Deployment metadata: name: customer-api namespace: production labels: app.kubernetes.io/name: customer-api app.kubernetes.io/version: "v2.4.1" app.kubernetes.io/component: api app.kubernetes.io/part-of: customer-platform environment: production annotations: # Enables kubectl rollout history annotation tracking kubernetes.io/change-cause: "Deploy v2.4.1 — initial production rollout" spec: # Baseline replica count. HPA will manage this dynamically. # HPA takes over after first reconciliation; this value is the # floor until HPA has a measurement. replicas: 4 selector: # ⚠️ Selector is immutable after creation — label set is intentionally # minimal here (name only) to avoid selector conflicts if labels evolve. matchLabels: app.kubernetes.io/name: customer-api strategy: type: RollingUpdate rollingUpdate: # maxSurge: allows 1 extra pod above desired during rollout # — ensures capacity is not reduced while new pods initialise. maxSurge: 1 # maxUnavailable: 0 — zero downtime; no pod is taken down # until a replacement passes its readiness probe. # At 4 replicas this means rollout creates pod 5 first, waits # for ready, then terminates pod 1, etc. maxUnavailable: 0 template: metadata: labels: # Template labels MUST include the selector label set. app.kubernetes.io/name: customer-api app.kubernetes.io/version: "v2.4.1" app.kubernetes.io/component: api app.kubernetes.io/part-of: customer-platform environment: production annotations: # Forces pod restart on ConfigMap change when using Reloader # or similar controller. Remove if not using one. configmap.reloader.stakater.com/reload: "customer-api-config" spec: # Graceful shutdown: allow in-flight requests to drain before SIGKILL. # Should be >= your longest expected request timeout + buffer. terminationGracePeriodSeconds: 30 # Spread pods across nodes and availability zones. topologySpreadConstraints: - maxSkew: 1 topologyKey: kubernetes.io/hostname whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: app.kubernetes.io/name: customer-api - maxSkew: 1 topologyKey: topology.kubernetes.io/zone whenUnsatisfiable: ScheduleAnyway # soft constraint; adjust to DoNotSchedule if AZ spread is mandatory labelSelector: matchLabels: app.kubernetes.io/name: customer-api # Security hardening: drop all Linux capabilities at pod level. securityContext: runAsNonRoot: true runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 seccompProfile: type: RuntimeDefault containers: - name: customer-api image: company/customer-api:v2.4.1 # Never use `latest` — pinned to v2.4.1 as required. imagePullPolicy: IfNotPresent ports: - name: http containerPort: 8080 # Must match PORT in ConfigMap and Service targetPort protocol: TCP # ── RESOURCE ENVELOPE ───────────────────────────────────────── resources: requests: cpu: "500m" memory: "512Mi" limits: cpu: "1000m" # 1 vCPU memory: "1Gi" # ── END RESOURCE ENVELOPE ───────────────────────────────────── # ── ENVIRONMENT — NON-SENSITIVE (ConfigMap) ─────────────────── envFrom: - configMapRef: name: customer-api-config # ── ENVIRONMENT — SENSITIVE (Secret, injected individually) ── env: - name: DATABASE_URL valueFrom: secretKeyRef: name: customer-api-secrets key: DATABASE_URL - name: JWT_SECRET valueFrom: secretKeyRef: name: customer-api-secrets key: JWT_SECRET # ── END ENVIRONMENT ──────────────────────────────────────────── # ── PROBES ──────────────────────────────────────────────────── # LIVENESS: restarts the container if it deadlocks / hangs. # Deliberately lenient — avoid restart loops on slow startups. livenessProbe: httpGet: path: /health/live port: http # references the named port above initialDelaySeconds: 20 # give the app time to start periodSeconds: 15 timeoutSeconds: 5 failureThreshold: 3 # 3 consecutive failures = restart successThreshold: 1 # READINESS: removes pod from Service endpoints until ready. # Stricter timing than liveness — gates real traffic. readinessProbe: httpGet: path: /health/ready port: http initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 3 failureThreshold: 3 successThreshold: 1 # STARTUP: gives slow-starting containers time before liveness kicks in. # 30 × 10s = 300s maximum startup window. startupProbe: httpGet: path: /health/live port: http initialDelaySeconds: 5 periodSeconds: 10 failureThreshold: 30 successThreshold: 1 # ── END PROBES ──────────────────────────────────────────────── # Container-level security hardening securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL # Writable scratch space if the app writes temp files. # Remove if readOnlyRootFilesystem causes issues and app
🟧 Claude Skill

Enterprise Kubernetes K8s Architect

@monna
$6.99
HelpWhat do I get when I buy a skill?
Add to Cart
Instant accessInstant access
Usage rightsCommercial use
Money-back guaranteeMoney‑back
By purchasing this skill, you agree to our terms of service
Tested icon
Guide icon
Free credits icon
Describe your service and get complete, production-grade Kubernetes YAML — Deployment, Service, Ingress, ConfigMap, HPA, and resource limits all included. Every manifest has correct labels, selectors, liveness and readiness probes, rolling update strategy, and resource limits (never omitted). After generation, a review checklist flags any gaps with fix instructions. Works for APIs, workers, cron jobs, and stateful services. Built for engineers who want to skip the manifest boilerplate and get st
...more
Added 11 hours ago
Report
Browse Marketplace