@jetrabbits/agentic 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +143 -0
- package/README.md +154 -0
- package/agentic +1615 -0
- package/areas/devops/ci-cd/AGENTS.md +48 -0
- package/areas/devops/ci-cd/PROMPTS.md +7 -0
- package/areas/devops/ci-cd/prompts/onboard-repo.md +97 -0
- package/areas/devops/ci-cd/prompts/pipeline-debug.md +103 -0
- package/areas/devops/ci-cd/prompts/release-pipeline.md +115 -0
- package/areas/devops/ci-cd/rules/pipeline-standards.md +33 -0
- package/areas/devops/ci-cd/rules/quality-gates.md +24 -0
- package/areas/devops/ci-cd/rules/supply-chain-security.md +34 -0
- package/areas/devops/ci-cd/skills/artifact-management/SKILL.md +157 -0
- package/areas/devops/ci-cd/skills/build-optimization/SKILL.md +168 -0
- package/areas/devops/ci-cd/skills/github-actions-patterns/SKILL.md +190 -0
- package/areas/devops/ci-cd/skills/gitlab-ci-patterns/SKILL.md +169 -0
- package/areas/devops/ci-cd/skills/pipeline-security/SKILL.md +161 -0
- package/areas/devops/ci-cd/workflows/onboard-repo.md +73 -0
- package/areas/devops/ci-cd/workflows/pipeline-debug.md +66 -0
- package/areas/devops/ci-cd/workflows/release-pipeline.md +115 -0
- package/areas/devops/database-ops/AGENTS.md +47 -0
- package/areas/devops/database-ops/prompts/backup-verify.md +83 -0
- package/areas/devops/database-ops/prompts/db-incident.md +127 -0
- package/areas/devops/database-ops/rules/access-control.md +20 -0
- package/areas/devops/database-ops/rules/backup-policy.md +33 -0
- package/areas/devops/database-ops/rules/migration-runbook.md +32 -0
- package/areas/devops/database-ops/skills/backup-restore/SKILL.md +226 -0
- package/areas/devops/database-ops/skills/db-performance/SKILL.md +205 -0
- package/areas/devops/database-ops/skills/migration-safety/SKILL.md +155 -0
- package/areas/devops/database-ops/skills/postgres-operations/SKILL.md +156 -0
- package/areas/devops/database-ops/skills/redis-operations/SKILL.md +174 -0
- package/areas/devops/database-ops/workflows/backup-verify.md +107 -0
- package/areas/devops/database-ops/workflows/db-incident.md +86 -0
- package/areas/devops/devsecops/AGENTS.md +47 -0
- package/areas/devops/devsecops/prompts/policy-onboard.md +79 -0
- package/areas/devops/devsecops/prompts/security-scan-pipeline.md +131 -0
- package/areas/devops/devsecops/rules/container-security.md +22 -0
- package/areas/devops/devsecops/rules/policy-as-code.md +37 -0
- package/areas/devops/devsecops/rules/shift-left-policy.md +26 -0
- package/areas/devops/devsecops/skills/container-hardening/SKILL.md +146 -0
- package/areas/devops/devsecops/skills/opa-policies/SKILL.md +188 -0
- package/areas/devops/devsecops/skills/sbom-supply-chain/SKILL.md +165 -0
- package/areas/devops/devsecops/skills/secret-detection/SKILL.md +190 -0
- package/areas/devops/devsecops/skills/sigstore-signing/SKILL.md +184 -0
- package/areas/devops/devsecops/workflows/policy-onboard.md +104 -0
- package/areas/devops/devsecops/workflows/security-scan-pipeline.md +155 -0
- package/areas/devops/infrastructure/AGENTS.md +50 -0
- package/areas/devops/infrastructure/prompts/destroy-environment.md +81 -0
- package/areas/devops/infrastructure/prompts/drift-remediation.md +71 -0
- package/areas/devops/infrastructure/prompts/module-development.md +69 -0
- package/areas/devops/infrastructure/prompts/provision-environment.md +121 -0
- package/areas/devops/infrastructure/rules/iac-standards.md +80 -0
- package/areas/devops/infrastructure/rules/immutability.md +28 -0
- package/areas/devops/infrastructure/rules/secret-hygiene.md +53 -0
- package/areas/devops/infrastructure/rules/state-management.md +47 -0
- package/areas/devops/infrastructure/skills/ansible-playbooks/SKILL.md +174 -0
- package/areas/devops/infrastructure/skills/cost-optimization/SKILL.md +177 -0
- package/areas/devops/infrastructure/skills/drift-detection/SKILL.md +178 -0
- package/areas/devops/infrastructure/skills/state-management/SKILL.md +159 -0
- package/areas/devops/infrastructure/skills/terraform-modules/SKILL.md +169 -0
- package/areas/devops/infrastructure/workflows/destroy-environment.md +96 -0
- package/areas/devops/infrastructure/workflows/drift-remediation.md +66 -0
- package/areas/devops/infrastructure/workflows/module-development.md +101 -0
- package/areas/devops/infrastructure/workflows/provision-environment.md +96 -0
- package/areas/devops/kubernetes/AGENTS.md +57 -0
- package/areas/devops/kubernetes/PROMPTS.md +9 -0
- package/areas/devops/kubernetes/prompts/cluster-bootstrap.md +67 -0
- package/areas/devops/kubernetes/prompts/debug-workload.md +91 -0
- package/areas/devops/kubernetes/prompts/onboard-service.md +101 -0
- package/areas/devops/kubernetes/prompts/upgrade-cluster.md +63 -0
- package/areas/devops/kubernetes/rules/cluster-standards.md +51 -0
- package/areas/devops/kubernetes/rules/resource-governance.md +80 -0
- package/areas/devops/kubernetes/rules/upgrade-policy.md +52 -0
- package/areas/devops/kubernetes/rules/workload-security.md +64 -0
- package/areas/devops/kubernetes/skills/cluster-operations/SKILL.md +136 -0
- package/areas/devops/kubernetes/skills/helm-charts/SKILL.md +152 -0
- package/areas/devops/kubernetes/skills/network-policies/SKILL.md +169 -0
- package/areas/devops/kubernetes/skills/pod-troubleshooting/SKILL.md +129 -0
- package/areas/devops/kubernetes/skills/rbac-design/SKILL.md +148 -0
- package/areas/devops/kubernetes/skills/resource-tuning/SKILL.md +156 -0
- package/areas/devops/kubernetes/workflows/cluster-bootstrap.md +194 -0
- package/areas/devops/kubernetes/workflows/debug-workload.md +108 -0
- package/areas/devops/kubernetes/workflows/onboard-service.md +124 -0
- package/areas/devops/kubernetes/workflows/upgrade-cluster.md +165 -0
- package/areas/devops/networking/AGENTS.md +47 -0
- package/areas/devops/networking/prompts/onboard-ingress.md +119 -0
- package/areas/devops/networking/prompts/service-mesh-onboard.md +77 -0
- package/areas/devops/networking/rules/ingress-standards.md +17 -0
- package/areas/devops/networking/rules/network-segmentation.md +24 -0
- package/areas/devops/networking/rules/tls-policy.md +32 -0
- package/areas/devops/networking/skills/dns-management/SKILL.md +169 -0
- package/areas/devops/networking/skills/ingress-patterns/SKILL.md +165 -0
- package/areas/devops/networking/skills/service-mesh/SKILL.md +206 -0
- package/areas/devops/networking/skills/tls-termination/SKILL.md +198 -0
- package/areas/devops/networking/skills/vpc-design/SKILL.md +132 -0
- package/areas/devops/networking/workflows/onboard-ingress.md +64 -0
- package/areas/devops/networking/workflows/service-mesh-onboard.md +122 -0
- package/areas/devops/observability/AGENTS.md +48 -0
- package/areas/devops/observability/prompts/alert-investigation.md +117 -0
- package/areas/devops/observability/prompts/observability-stack-setup.md +99 -0
- package/areas/devops/observability/prompts/onboard-service-monitoring.md +79 -0
- package/areas/devops/observability/rules/alerting-standards.md +36 -0
- package/areas/devops/observability/rules/data-retention.md +19 -0
- package/areas/devops/observability/rules/golden-signals.md +28 -0
- package/areas/devops/observability/skills/distributed-tracing/SKILL.md +149 -0
- package/areas/devops/observability/skills/grafana-dashboards/SKILL.md +201 -0
- package/areas/devops/observability/skills/log-aggregation/SKILL.md +159 -0
- package/areas/devops/observability/skills/prometheus-alertmanager/SKILL.md +188 -0
- package/areas/devops/observability/skills/slo-implementation/SKILL.md +189 -0
- package/areas/devops/observability/workflows/alert-investigation.md +98 -0
- package/areas/devops/observability/workflows/observability-stack-setup.md +156 -0
- package/areas/devops/observability/workflows/onboard-service-monitoring.md +83 -0
- package/areas/devops/sre/AGENTS.md +48 -0
- package/areas/devops/sre/prompts/incident-response.md +129 -0
- package/areas/devops/sre/prompts/postmortem.md +101 -0
- package/areas/devops/sre/prompts/slo-review.md +125 -0
- package/areas/devops/sre/rules/error-budget-policy.md +25 -0
- package/areas/devops/sre/rules/on-call-standards.md +25 -0
- package/areas/devops/sre/rules/slo-policy.md +31 -0
- package/areas/devops/sre/skills/capacity-planning/SKILL.md +162 -0
- package/areas/devops/sre/skills/chaos-engineering/SKILL.md +186 -0
- package/areas/devops/sre/skills/incident-command/SKILL.md +119 -0
- package/areas/devops/sre/skills/postmortem-analysis/SKILL.md +104 -0
- package/areas/devops/sre/skills/slo-sli-design/SKILL.md +145 -0
- package/areas/devops/sre/workflows/incident-response.md +66 -0
- package/areas/devops/sre/workflows/postmortem.md +90 -0
- package/areas/devops/sre/workflows/slo-review.md +95 -0
- package/areas/software/backend/AGENTS.md +59 -0
- package/areas/software/backend/PROMPTS.md +50 -0
- package/areas/software/backend/README.md +48 -0
- package/areas/software/backend/prompts/add-migration.md +93 -0
- package/areas/software/backend/prompts/create-endpoint.md +97 -0
- package/areas/software/backend/prompts/debug-issue.md +87 -0
- package/areas/software/backend/prompts/develop-epic.md +83 -0
- package/areas/software/backend/prompts/develop-feature.md +91 -0
- package/areas/software/backend/prompts/refactor-module.md +79 -0
- package/areas/software/backend/prompts/test-feature.md +89 -0
- package/areas/software/backend/rules/architecture.md +20 -0
- package/areas/software/backend/rules/data_access.md +20 -0
- package/areas/software/backend/rules/security.md +20 -0
- package/areas/software/backend/rules/testing.md +19 -0
- package/areas/software/backend/skills/api-design/SKILL.md +170 -0
- package/areas/software/backend/skills/async-processing/SKILL.md +152 -0
- package/areas/software/backend/skills/database-modeling/SKILL.md +173 -0
- package/areas/software/backend/skills/observability/SKILL.md +162 -0
- package/areas/software/backend/skills/troubleshooting/SKILL.md +139 -0
- package/areas/software/backend/workflows/add-migration.md +79 -0
- package/areas/software/backend/workflows/create-endpoint.md +89 -0
- package/areas/software/backend/workflows/debug-issue.md +77 -0
- package/areas/software/backend/workflows/develop-epic.md +78 -0
- package/areas/software/backend/workflows/develop-feature.md +98 -0
- package/areas/software/backend/workflows/refactor-module.md +73 -0
- package/areas/software/backend/workflows/test-feature.md +67 -0
- package/areas/software/data-engineering/AGENTS.md +59 -0
- package/areas/software/data-engineering/PROMPTS.md +32 -0
- package/areas/software/data-engineering/prompts/backfill-data.md +107 -0
- package/areas/software/data-engineering/prompts/data-quality-incident.md +109 -0
- package/areas/software/data-engineering/prompts/lineage-trace.md +121 -0
- package/areas/software/data-engineering/prompts/new-model.md +117 -0
- package/areas/software/data-engineering/prompts/schema-migration.md +111 -0
- package/areas/software/data-engineering/rules/data-governance.md +11 -0
- package/areas/software/data-engineering/rules/pii-handling.md +19 -0
- package/areas/software/data-engineering/rules/pipeline-integrity.md +11 -0
- package/areas/software/data-engineering/rules/schema-management.md +21 -0
- package/areas/software/data-engineering/skills/data-modeling/SKILL.md +49 -0
- package/areas/software/data-engineering/skills/dbt-patterns/SKILL.md +43 -0
- package/areas/software/data-engineering/skills/lineage-governance/SKILL.md +38 -0
- package/areas/software/data-engineering/skills/orchestration/SKILL.md +35 -0
- package/areas/software/data-engineering/skills/quality-checks/SKILL.md +50 -0
- package/areas/software/data-engineering/skills/sql-optimization/SKILL.md +47 -0
- package/areas/software/data-engineering/skills/streaming-patterns/SKILL.md +48 -0
- package/areas/software/data-engineering/workflows/backfill-data.md +59 -0
- package/areas/software/data-engineering/workflows/data-quality-incident.md +64 -0
- package/areas/software/data-engineering/workflows/lineage-trace.md +56 -0
- package/areas/software/data-engineering/workflows/new-model.md +71 -0
- package/areas/software/data-engineering/workflows/schema-migration.md +67 -0
- package/areas/software/frontend/AGENTS.md +60 -0
- package/areas/software/frontend/PROMPTS.md +32 -0
- package/areas/software/frontend/prompts/a11y-fix.md +75 -0
- package/areas/software/frontend/prompts/bundle-analyze.md +75 -0
- package/areas/software/frontend/prompts/release-prep.md +83 -0
- package/areas/software/frontend/prompts/scaffold-component.md +69 -0
- package/areas/software/frontend/prompts/visual-regression.md +73 -0
- package/areas/software/frontend/rules/accessibility.md +16 -0
- package/areas/software/frontend/rules/architecture.md +29 -0
- package/areas/software/frontend/rules/performance.md +23 -0
- package/areas/software/frontend/rules/quality.md +12 -0
- package/areas/software/frontend/skills/a11y-audit/SKILL.md +61 -0
- package/areas/software/frontend/skills/api-integration/SKILL.md +58 -0
- package/areas/software/frontend/skills/component-design/SKILL.md +171 -0
- package/areas/software/frontend/skills/css-architecture/SKILL.md +146 -0
- package/areas/software/frontend/skills/error-handling/SKILL.md +55 -0
- package/areas/software/frontend/skills/performance-tuning/SKILL.md +58 -0
- package/areas/software/frontend/skills/state-management/SKILL.md +54 -0
- package/areas/software/frontend/skills/testing-patterns/SKILL.md +69 -0
- package/areas/software/frontend/workflows/a11y-fix.md +63 -0
- package/areas/software/frontend/workflows/bundle-analyze.md +56 -0
- package/areas/software/frontend/workflows/release-prep.md +66 -0
- package/areas/software/frontend/workflows/scaffold-component.md +67 -0
- package/areas/software/frontend/workflows/visual-regression.md +65 -0
- package/areas/software/full-stack/AGENTS.md +72 -0
- package/areas/software/full-stack/PROMPTS.md +66 -0
- package/areas/software/full-stack/prompts/backend-project-full-cycle.md +141 -0
- package/areas/software/full-stack/prompts/debug-issue.md +115 -0
- package/areas/software/full-stack/prompts/develop-feature.md +119 -0
- package/areas/software/full-stack/prompts/feature-implementation-flow.md +137 -0
- package/areas/software/full-stack/prompts/testing-ci-pipeline.md +119 -0
- package/areas/software/full-stack/rules/api-design-guide.md +24 -0
- package/areas/software/full-stack/rules/async-concurrency-guide.md +21 -0
- package/areas/software/full-stack/rules/backend-architecture-rule.md +41 -0
- package/areas/software/full-stack/rules/background-jobs-guide.md +20 -0
- package/areas/software/full-stack/rules/code-quality-guide.md +22 -0
- package/areas/software/full-stack/rules/database-access-guide.md +24 -0
- package/areas/software/full-stack/rules/database-migrations-guide.md +24 -0
- package/areas/software/full-stack/rules/domain-models-guide.md +28 -0
- package/areas/software/full-stack/rules/e2e-test-guide.md +18 -0
- package/areas/software/full-stack/rules/env-settings-guide.md +34 -0
- package/areas/software/full-stack/rules/error-handling-guide.md +20 -0
- package/areas/software/full-stack/rules/logging-observability-guide.md +22 -0
- package/areas/software/full-stack/rules/project-guide.md +34 -0
- package/areas/software/full-stack/rules/python-venv-guide.md +23 -0
- package/areas/software/full-stack/rules/security-guide.md +22 -0
- package/areas/software/full-stack/rules/svt-test-guide.md +17 -0
- package/areas/software/full-stack/rules/testing-ci-guide.md +25 -0
- package/areas/software/full-stack/skills/api-design-principles/SKILL.md +125 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/api-design-checklist.md +155 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/rest-api-template.py +182 -0
- package/areas/software/full-stack/skills/api-design-principles/references/graphql-schema-design.md +583 -0
- package/areas/software/full-stack/skills/api-design-principles/references/rest-best-practices.md +408 -0
- package/areas/software/full-stack/skills/api-design-principles/resources/implementation-playbook.md +513 -0
- package/areas/software/full-stack/skills/api-patterns/SKILL.md +81 -0
- package/areas/software/full-stack/skills/api-patterns/api-style.md +42 -0
- package/areas/software/full-stack/skills/api-patterns/auth.md +24 -0
- package/areas/software/full-stack/skills/api-patterns/documentation.md +26 -0
- package/areas/software/full-stack/skills/api-patterns/graphql.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/rate-limiting.md +31 -0
- package/areas/software/full-stack/skills/api-patterns/response.md +37 -0
- package/areas/software/full-stack/skills/api-patterns/rest.md +40 -0
- package/areas/software/full-stack/skills/api-patterns/scripts/api_validator.py +211 -0
- package/areas/software/full-stack/skills/api-patterns/security-testing.md +122 -0
- package/areas/software/full-stack/skills/api-patterns/trpc.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/versioning.md +22 -0
- package/areas/software/full-stack/skills/app-builder/SKILL.md +135 -0
- package/areas/software/full-stack/skills/app-builder/agent-coordination.md +71 -0
- package/areas/software/full-stack/skills/app-builder/feature-building.md +53 -0
- package/areas/software/full-stack/skills/app-builder/project-detection.md +34 -0
- package/areas/software/full-stack/skills/app-builder/scaffolding.md +118 -0
- package/areas/software/full-stack/skills/app-builder/tech-stack.md +40 -0
- package/areas/software/full-stack/skills/app-builder/templates/SKILL.md +39 -0
- package/areas/software/full-stack/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -0
- package/areas/software/full-stack/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -0
- package/areas/software/full-stack/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/express-api/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +82 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +100 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-static/TEMPLATE.md +106 -0
- package/areas/software/full-stack/skills/app-builder/templates/nuxt-app/TEMPLATE.md +101 -0
- package/areas/software/full-stack/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/react-native-app/TEMPLATE.md +93 -0
- package/areas/software/full-stack/skills/backend-developer/SKILL.md +58 -0
- package/areas/software/full-stack/skills/bash-pro/SKILL.md +310 -0
- package/areas/software/full-stack/skills/blackbox-test/SKILL.md +84 -0
- package/areas/software/full-stack/skills/prompt-project-planner/SKILL.md +130 -0
- package/areas/software/full-stack/skills/prompt-project-planner/output.schema.md +68 -0
- package/areas/software/full-stack/skills/prompt-project-planner/questions.md +80 -0
- package/areas/software/full-stack/skills/python-pro/SKILL.md +158 -0
- package/areas/software/full-stack/skills/skill-creator/LICENSE.txt +202 -0
- package/areas/software/full-stack/skills/skill-creator/SKILL.md +356 -0
- package/areas/software/full-stack/skills/skill-creator/references/output-patterns.md +82 -0
- package/areas/software/full-stack/skills/skill-creator/references/workflows.md +28 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/init_skill.py +303 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/package_skill.py +110 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/quick_validate.py +95 -0
- package/areas/software/full-stack/workflows/backend-project-full-cycle.md +132 -0
- package/areas/software/full-stack/workflows/debug-issue.md +70 -0
- package/areas/software/full-stack/workflows/develop-feature.md +85 -0
- package/areas/software/full-stack/workflows/feature-implementation-flow.md +78 -0
- package/areas/software/full-stack/workflows/testing-ci-pipeline.md +65 -0
- package/areas/software/general/AGENTS.md +68 -0
- package/areas/software/general/prompts/code-review-workflow.md +87 -0
- package/areas/software/general/prompts/development-cycle-workflow.md +83 -0
- package/areas/software/general/prompts/project-setup-workflow.md +93 -0
- package/areas/software/general/rules/code-style-guide.md +31 -0
- package/areas/software/general/rules/docker-compose-guide.md +27 -0
- package/areas/software/general/rules/git-workflow-guide.md +27 -0
- package/areas/software/general/rules/github-workflow-guide.md +27 -0
- package/areas/software/general/rules/gitlab-ci-guide.md +27 -0
- package/areas/software/general/rules/lint-format-guide.md +29 -0
- package/areas/software/general/rules/makefile-guide.md +34 -0
- package/areas/software/general/rules/readme-sync-guide.md +40 -0
- package/areas/software/general/rules/sdlc-methodology-guide.md +27 -0
- package/areas/software/general/rules/sdlc-role-responsibilities.md +108 -0
- package/areas/software/general/skills/general-dev-tools/SKILL.md +324 -0
- package/areas/software/general/workflows/code-review-workflow.md +84 -0
- package/areas/software/general/workflows/development-cycle-workflow.md +85 -0
- package/areas/software/general/workflows/project-setup-workflow.md +94 -0
- package/areas/software/mlops/AGENTS.md +57 -0
- package/areas/software/mlops/PROMPTS.md +32 -0
- package/areas/software/mlops/prompts/champion-challenger.md +87 -0
- package/areas/software/mlops/prompts/deploy-endpoint.md +91 -0
- package/areas/software/mlops/prompts/evaluate-model.md +87 -0
- package/areas/software/mlops/prompts/model-incident.md +87 -0
- package/areas/software/mlops/prompts/train-experiment.md +83 -0
- package/areas/software/mlops/rules/data-integrity.md +9 -0
- package/areas/software/mlops/rules/model-governance.md +9 -0
- package/areas/software/mlops/rules/production-safety.md +9 -0
- package/areas/software/mlops/rules/reproducibility.md +9 -0
- package/areas/software/mlops/skills/experiment-tracking/SKILL.md +29 -0
- package/areas/software/mlops/skills/feature-engineering/SKILL.md +44 -0
- package/areas/software/mlops/skills/inference-serving/SKILL.md +35 -0
- package/areas/software/mlops/skills/model-evaluation/SKILL.md +40 -0
- package/areas/software/mlops/skills/model-monitoring/SKILL.md +32 -0
- package/areas/software/mlops/workflows/champion-challenger.md +65 -0
- package/areas/software/mlops/workflows/deploy-endpoint.md +70 -0
- package/areas/software/mlops/workflows/evaluate-model.md +63 -0
- package/areas/software/mlops/workflows/model-incident.md +64 -0
- package/areas/software/mlops/workflows/train-experiment.md +56 -0
- package/areas/software/mobile/AGENTS.md +58 -0
- package/areas/software/mobile/PROMPTS.md +32 -0
- package/areas/software/mobile/prompts/crash-triage.md +63 -0
- package/areas/software/mobile/prompts/device-testing.md +83 -0
- package/areas/software/mobile/prompts/ota-update.md +75 -0
- package/areas/software/mobile/prompts/release-build.md +67 -0
- package/areas/software/mobile/prompts/store-submission.md +79 -0
- package/areas/software/mobile/rules/offline-first.md +10 -0
- package/areas/software/mobile/rules/performance-budget.md +20 -0
- package/areas/software/mobile/rules/platform-compliance.md +17 -0
- package/areas/software/mobile/rules/security-mobile.md +9 -0
- package/areas/software/mobile/skills/app-store-prep/SKILL.md +27 -0
- package/areas/software/mobile/skills/mobile-testing/SKILL.md +36 -0
- package/areas/software/mobile/skills/native-modules/SKILL.md +38 -0
- package/areas/software/mobile/skills/navigation-patterns/SKILL.md +49 -0
- package/areas/software/mobile/skills/push-notifications/SKILL.md +40 -0
- package/areas/software/mobile/skills/state-sync/SKILL.md +48 -0
- package/areas/software/mobile/workflows/crash-triage.md +63 -0
- package/areas/software/mobile/workflows/device-testing.md +54 -0
- package/areas/software/mobile/workflows/ota-update.md +54 -0
- package/areas/software/mobile/workflows/release-build.md +67 -0
- package/areas/software/mobile/workflows/store-submission.md +63 -0
- package/areas/software/platform/AGENTS.md +67 -0
- package/areas/software/platform/PROMPTS.md +32 -0
- package/areas/software/platform/prompts/cost-audit.md +117 -0
- package/areas/software/platform/prompts/deploy-production.md +109 -0
- package/areas/software/platform/prompts/drift-check.md +107 -0
- package/areas/software/platform/prompts/incident-response.md +121 -0
- package/areas/software/platform/prompts/provision-env.md +113 -0
- package/areas/software/platform/rules/cost-governance.md +11 -0
- package/areas/software/platform/rules/immutability.md +17 -0
- package/areas/software/platform/rules/reliability.md +19 -0
- package/areas/software/platform/rules/security-posture.md +12 -0
- package/areas/software/platform/skills/ci-cd-pipelines/SKILL.md +58 -0
- package/areas/software/platform/skills/incident-response/SKILL.md +41 -0
- package/areas/software/platform/skills/k8s-manifests/SKILL.md +56 -0
- package/areas/software/platform/skills/networking/SKILL.md +44 -0
- package/areas/software/platform/skills/observability-setup/SKILL.md +49 -0
- package/areas/software/platform/skills/secrets-management/SKILL.md +43 -0
- package/areas/software/platform/skills/terraform-patterns/SKILL.md +75 -0
- package/areas/software/platform/workflows/cost-audit.md +61 -0
- package/areas/software/platform/workflows/deploy-production.md +67 -0
- package/areas/software/platform/workflows/drift-check.md +61 -0
- package/areas/software/platform/workflows/incident-response.md +69 -0
- package/areas/software/platform/workflows/provision-env.md +77 -0
- package/areas/software/qa/AGENTS.md +58 -0
- package/areas/software/qa/PROMPTS.md +32 -0
- package/areas/software/qa/prompts/flakiness-investigation.md +61 -0
- package/areas/software/qa/prompts/performance-audit.md +65 -0
- package/areas/software/qa/prompts/regression-suite.md +61 -0
- package/areas/software/qa/prompts/smoke-test.md +65 -0
- package/areas/software/qa/prompts/test-coverage-report.md +61 -0
- package/areas/software/qa/rules/flakiness-policy.md +12 -0
- package/areas/software/qa/rules/quality-gates.md +28 -0
- package/areas/software/qa/rules/test-data.md +9 -0
- package/areas/software/qa/rules/test-strategy.md +11 -0
- package/areas/software/qa/skills/accessibility-testing/SKILL.md +139 -0
- package/areas/software/qa/skills/api-testing/SKILL.md +140 -0
- package/areas/software/qa/skills/e2e-patterns/SKILL.md +152 -0
- package/areas/software/qa/skills/performance-testing/SKILL.md +177 -0
- package/areas/software/qa/skills/test-data-management/SKILL.md +161 -0
- package/areas/software/qa/skills/test-pyramid/SKILL.md +127 -0
- package/areas/software/qa/workflows/flakiness-investigation.md +63 -0
- package/areas/software/qa/workflows/performance-audit.md +59 -0
- package/areas/software/qa/workflows/regression-suite.md +59 -0
- package/areas/software/qa/workflows/smoke-test.md +64 -0
- package/areas/software/qa/workflows/test-coverage-report.md +57 -0
- package/areas/software/security/AGENTS.md +58 -0
- package/areas/software/security/PROMPTS.md +32 -0
- package/areas/software/security/prompts/compliance-report.md +113 -0
- package/areas/software/security/prompts/pen-test-sim.md +113 -0
- package/areas/software/security/prompts/secret-rotation.md +115 -0
- package/areas/software/security/prompts/security-scan.md +91 -0
- package/areas/software/security/prompts/threat-model-review.md +105 -0
- package/areas/software/security/rules/compliance-baseline.md +23 -0
- package/areas/software/security/rules/dependency-policy.md +12 -0
- package/areas/software/security/rules/secrets-policy.md +22 -0
- package/areas/software/security/rules/secure-coding.md +22 -0
- package/areas/software/security/skills/auth-patterns/SKILL.md +42 -0
- package/areas/software/security/skills/crypto-standards/SKILL.md +42 -0
- package/areas/software/security/skills/dependency-audit/SKILL.md +29 -0
- package/areas/software/security/skills/sast-dast-interpretation/SKILL.md +33 -0
- package/areas/software/security/skills/security-headers/SKILL.md +29 -0
- package/areas/software/security/skills/threat-modeling/SKILL.md +36 -0
- package/areas/software/security/workflows/compliance-report.md +57 -0
- package/areas/software/security/workflows/pen-test-sim.md +63 -0
- package/areas/software/security/workflows/secret-rotation.md +67 -0
- package/areas/software/security/workflows/security-scan.md +64 -0
- package/areas/software/security/workflows/threat-model-review.md +62 -0
- package/areas/template/AGENTS-area.tmpl.md +61 -0
- package/areas/template/AGENTS.tmpl.md +67 -0
- package/areas/template/GUIDE.md +102 -0
- package/areas/template/PROMPTS.tmpl.md +29 -0
- package/areas/template/README.md +57 -0
- package/areas/template/README.tmpl.md +51 -0
- package/areas/template/prompt.tmpl.md +101 -0
- package/areas/template/rule.tmpl.md +71 -0
- package/areas/template/skill.tmpl.md +108 -0
- package/areas/template/workflow.tmpl.md +104 -0
- package/bin/agentic.js +24 -0
- package/extensions/antigravity/GEMINI.md +10 -0
- package/extensions/claude/CLAUDE.md +10 -0
- package/extensions/codex/AGENTS.override.md +93 -0
- package/extensions/gemini/GEMINI.md +10 -0
- package/extensions/opencode/agents/designer.md +65 -0
- package/extensions/opencode/agents/developer.md +63 -0
- package/extensions/opencode/agents/devops-engineer.md +69 -0
- package/extensions/opencode/agents/pm.md +61 -0
- package/extensions/opencode/agents/product-owner.md +76 -0
- package/extensions/opencode/agents/qa.md +66 -0
- package/extensions/opencode/agents/team-lead.md +67 -0
- package/extensions/opencode/commands/feature.md +75 -0
- package/extensions/opencode/opencode.json +93 -0
- package/extensions/opencode/plugins/model-checker.json +14 -0
- package/extensions/opencode/plugins/model-checker.ts +279 -0
- package/extensions/opencode/plugins/sound-notification.ts +13 -0
- package/extensions/opencode/plugins/telegram-notification.ts +86 -0
- package/extensions/opencode/skills/code_review_expert/SKILL.md +144 -0
- package/extensions/opencode/skills/design_expert/SKILL.md +42 -0
- package/extensions/opencode/skills/qa_expert/SKILL.md +116 -0
- package/package.json +19 -0
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: cluster-operations
|
|
3
|
+
type: skill
|
|
4
|
+
description: Day-2 cluster operations — node management, etcd backup/restore, certificate rotation, namespace lifecycle.
|
|
5
|
+
related-rules:
|
|
6
|
+
- cluster-standards.md
|
|
7
|
+
- upgrade-policy.md
|
|
8
|
+
allowed-tools: Read, Bash
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Cluster Operations
|
|
12
|
+
|
|
13
|
+
> **Expertise:** Safe day-2 operations on self-hosted Kubernetes clusters — node drain, etcd ops, cert rotation.
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When draining nodes for maintenance, rotating certificates, backing up etcd, or troubleshooting control plane issues.
|
|
18
|
+
|
|
19
|
+
## Node Lifecycle Operations
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
# --- CORDON (stop scheduling new pods, don't evict existing) ---
|
|
23
|
+
kubectl cordon <node-name>
|
|
24
|
+
# Use case: pre-drain notification, temporary maintenance hold
|
|
25
|
+
|
|
26
|
+
# --- DRAIN (evict all pods, mark unschedulable) ---
|
|
27
|
+
kubectl drain <node-name> \
|
|
28
|
+
--ignore-daemonsets \ # DaemonSet pods can't be evicted
|
|
29
|
+
--delete-emptydir-data \ # required for pods using emptyDir
|
|
30
|
+
--grace-period=60 \ # give pods time to shut down cleanly
|
|
31
|
+
--timeout=300s # abort if takes > 5 minutes
|
|
32
|
+
# After drain: node is unschedulable and empty (except daemonsets)
|
|
33
|
+
|
|
34
|
+
# --- UNCORDON (return to service) ---
|
|
35
|
+
kubectl uncordon <node-name>
|
|
36
|
+
|
|
37
|
+
# --- Verify node is empty before maintenance ---
|
|
38
|
+
kubectl get pods -A --field-selector=spec.nodeName=<node-name>
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## etcd Backup (bare-metal / kubeadm)
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
# --- Take snapshot (run on a control plane node) ---
|
|
45
|
+
ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-$(date +%Y%m%d-%H%M%S).db \
|
|
46
|
+
--endpoints=https://127.0.0.1:2379 \
|
|
47
|
+
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
|
|
48
|
+
--cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
|
|
49
|
+
--key=/etc/kubernetes/pki/etcd/healthcheck-client.key
|
|
50
|
+
|
|
51
|
+
# --- Verify snapshot ---
|
|
52
|
+
ETCDCTL_API=3 etcdctl snapshot status /backup/etcd-latest.db --write-out=table
|
|
53
|
+
|
|
54
|
+
# --- Restore snapshot (disaster recovery — only when cluster is down) ---
|
|
55
|
+
ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-latest.db \
|
|
56
|
+
--data-dir=/var/lib/etcd-restored \
|
|
57
|
+
--initial-cluster=master-1=https://192.168.1.10:2380 \
|
|
58
|
+
--initial-advertise-peer-urls=https://192.168.1.10:2380 \
|
|
59
|
+
--name=master-1
|
|
60
|
+
# Then update etcd static pod manifest to point to new data-dir
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
## Certificate Rotation (kubeadm)
|
|
64
|
+
|
|
65
|
+
```bash
|
|
66
|
+
# --- Check certificate expiry ---
|
|
67
|
+
kubeadm certs check-expiration
|
|
68
|
+
|
|
69
|
+
# --- Renew all certificates (run on each control plane node) ---
|
|
70
|
+
kubeadm certs renew all
|
|
71
|
+
|
|
72
|
+
# --- Restart control plane components after renewal ---
|
|
73
|
+
# (kubeadm renews certs but doesn't restart static pods automatically)
|
|
74
|
+
for pod in kube-apiserver kube-controller-manager kube-scheduler; do
|
|
75
|
+
kubectl -n kube-system delete pod -l component=$pod
|
|
76
|
+
done
|
|
77
|
+
|
|
78
|
+
# --- Update kubeconfig after cert renewal ---
|
|
79
|
+
cp /etc/kubernetes/admin.conf ~/.kube/config
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
## Namespace Lifecycle
|
|
83
|
+
|
|
84
|
+
```bash
|
|
85
|
+
# --- Create namespace with standard labels ---
|
|
86
|
+
kubectl create namespace my-team-prod
|
|
87
|
+
kubectl label namespace my-team-prod \
|
|
88
|
+
environment=production \
|
|
89
|
+
team=my-team \
|
|
90
|
+
pod-security.kubernetes.io/enforce=restricted
|
|
91
|
+
|
|
92
|
+
# --- Apply default NetworkPolicy and LimitRange immediately ---
|
|
93
|
+
kubectl apply -f infra/namespaces/defaults/ -n my-team-prod
|
|
94
|
+
|
|
95
|
+
# --- Safe namespace deletion (check for resources first) ---
|
|
96
|
+
kubectl get all -n <namespace-to-delete>
|
|
97
|
+
kubectl delete namespace <name> # blocks until all resources are gone
|
|
98
|
+
# If stuck in Terminating:
|
|
99
|
+
kubectl get namespace <name> -o json | \
|
|
100
|
+
jq '.spec.finalizers = []' | \
|
|
101
|
+
kubectl replace --raw "/api/v1/namespaces/<name>/finalize" -f -
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
## Control Plane Health Checks
|
|
105
|
+
|
|
106
|
+
```bash
|
|
107
|
+
# API server, scheduler, controller-manager
|
|
108
|
+
kubectl get componentstatuses # deprecated in 1.19+ but still useful
|
|
109
|
+
kubectl get pods -n kube-system # all system pods should be Running
|
|
110
|
+
|
|
111
|
+
# etcd cluster health
|
|
112
|
+
ETCDCTL_API=3 etcdctl endpoint health \
|
|
113
|
+
--endpoints=https://127.0.0.1:2379 \
|
|
114
|
+
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
|
|
115
|
+
--cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt \
|
|
116
|
+
--key=/etc/kubernetes/pki/etcd/healthcheck-client.key
|
|
117
|
+
|
|
118
|
+
# Node conditions
|
|
119
|
+
kubectl describe nodes | grep -A5 "Conditions:"
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
## Useful Aliases / One-liners
|
|
123
|
+
|
|
124
|
+
```bash
|
|
125
|
+
# All pods not Running
|
|
126
|
+
kubectl get pods -A --field-selector=status.phase!=Running,status.phase!=Succeeded
|
|
127
|
+
|
|
128
|
+
# Recent events by namespace
|
|
129
|
+
kubectl get events -n <ns> --sort-by='.lastTimestamp'
|
|
130
|
+
|
|
131
|
+
# Resource usage by namespace
|
|
132
|
+
kubectl top pods -A --sort-by=memory | head -20
|
|
133
|
+
|
|
134
|
+
# Find pods on a specific node
|
|
135
|
+
kubectl get pods -A -o wide | grep <node-name>
|
|
136
|
+
```
|
|
@@ -0,0 +1,152 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: helm-charts
|
|
3
|
+
type: skill
|
|
4
|
+
description: Design, structure, and test production-grade Helm charts with multi-environment overlays.
|
|
5
|
+
related-rules:
|
|
6
|
+
- workload-security.md
|
|
7
|
+
- resource-governance.md
|
|
8
|
+
allowed-tools: Read, Write, Edit, Bash
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Helm Charts
|
|
12
|
+
|
|
13
|
+
> **Expertise:** Helm 3 chart structure, values hierarchy, multi-environment overlays, chart testing, ArgoCD integration.
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When creating a new Helm chart, reviewing an existing chart, setting up multi-env values, or integrating with ArgoCD.
|
|
18
|
+
|
|
19
|
+
## Chart Structure (Standard)
|
|
20
|
+
|
|
21
|
+
```
|
|
22
|
+
charts/my-service/
|
|
23
|
+
├── Chart.yaml
|
|
24
|
+
├── values.yaml ← defaults (all envs inherit)
|
|
25
|
+
├── values-staging.yaml ← staging overrides
|
|
26
|
+
├── values-prod.yaml ← production overrides
|
|
27
|
+
├── templates/
|
|
28
|
+
│ ├── _helpers.tpl ← named templates
|
|
29
|
+
│ ├── deployment.yaml
|
|
30
|
+
│ ├── service.yaml
|
|
31
|
+
│ ├── ingress.yaml
|
|
32
|
+
│ ├── hpa.yaml
|
|
33
|
+
│ ├── pdb.yaml
|
|
34
|
+
│ ├── serviceaccount.yaml
|
|
35
|
+
│ ├── networkpolicy.yaml
|
|
36
|
+
│ └── NOTES.txt
|
|
37
|
+
└── tests/
|
|
38
|
+
└── test-connection.yaml
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
## values.yaml Conventions
|
|
42
|
+
|
|
43
|
+
```yaml
|
|
44
|
+
# Always provide a complete, renderable default set
|
|
45
|
+
replicaCount: 2
|
|
46
|
+
|
|
47
|
+
image:
|
|
48
|
+
repository: registry.example.com/my-service
|
|
49
|
+
tag: "" # overridden by CI with digest
|
|
50
|
+
digest: "" # prefer digest over tag in prod
|
|
51
|
+
pullPolicy: IfNotPresent
|
|
52
|
+
|
|
53
|
+
serviceAccount:
|
|
54
|
+
create: true
|
|
55
|
+
name: "" # auto-generated from chart name if empty
|
|
56
|
+
|
|
57
|
+
resources:
|
|
58
|
+
requests: { cpu: 100m, memory: 128Mi }
|
|
59
|
+
limits: { cpu: 500m, memory: 512Mi }
|
|
60
|
+
|
|
61
|
+
autoscaling:
|
|
62
|
+
enabled: true
|
|
63
|
+
minReplicas: 2
|
|
64
|
+
maxReplicas: 10
|
|
65
|
+
targetCPUUtilizationPercentage: 70
|
|
66
|
+
|
|
67
|
+
ingress:
|
|
68
|
+
enabled: false
|
|
69
|
+
className: nginx
|
|
70
|
+
hosts: []
|
|
71
|
+
tls: []
|
|
72
|
+
|
|
73
|
+
podDisruptionBudget:
|
|
74
|
+
enabled: true
|
|
75
|
+
minAvailable: 1
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
## _helpers.tpl Essentials
|
|
79
|
+
|
|
80
|
+
```yaml
|
|
81
|
+
{{/* Selector labels — must be stable across upgrades */}}
|
|
82
|
+
{{- define "app.selectorLabels" -}}
|
|
83
|
+
app.kubernetes.io/name: {{ include "app.name" . }}
|
|
84
|
+
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
85
|
+
{{- end }}
|
|
86
|
+
|
|
87
|
+
{{/* Use digest when available, fall back to tag */}}
|
|
88
|
+
{{- define "app.image" -}}
|
|
89
|
+
{{- if .Values.image.digest -}}
|
|
90
|
+
{{ .Values.image.repository }}@{{ .Values.image.digest }}
|
|
91
|
+
{{- else -}}
|
|
92
|
+
{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
|
|
93
|
+
{{- end -}}
|
|
94
|
+
{{- end }}
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
## Multi-Environment with ArgoCD
|
|
98
|
+
|
|
99
|
+
```yaml
|
|
100
|
+
# argocd/apps/my-service-prod.yaml
|
|
101
|
+
apiVersion: argoproj.io/v1alpha1
|
|
102
|
+
kind: Application
|
|
103
|
+
metadata:
|
|
104
|
+
name: my-service-prod
|
|
105
|
+
namespace: argocd
|
|
106
|
+
spec:
|
|
107
|
+
project: production
|
|
108
|
+
source:
|
|
109
|
+
repoURL: https://git.example.com/infra/charts
|
|
110
|
+
targetRevision: HEAD
|
|
111
|
+
path: charts/my-service
|
|
112
|
+
helm:
|
|
113
|
+
valueFiles:
|
|
114
|
+
- values.yaml
|
|
115
|
+
- values-prod.yaml
|
|
116
|
+
destination:
|
|
117
|
+
server: https://kubernetes.default.svc
|
|
118
|
+
namespace: my-service-prod
|
|
119
|
+
syncPolicy:
|
|
120
|
+
automated:
|
|
121
|
+
prune: true
|
|
122
|
+
selfHeal: true
|
|
123
|
+
syncOptions:
|
|
124
|
+
- CreateNamespace=true
|
|
125
|
+
- ServerSideApply=true
|
|
126
|
+
```
|
|
127
|
+
|
|
128
|
+
## Chart Testing
|
|
129
|
+
|
|
130
|
+
```bash
|
|
131
|
+
# Lint (catches YAML errors + best practice violations)
|
|
132
|
+
helm lint charts/my-service/ -f charts/my-service/values-prod.yaml
|
|
133
|
+
|
|
134
|
+
# Render and inspect (no cluster needed)
|
|
135
|
+
helm template my-service charts/my-service/ \
|
|
136
|
+
-f charts/my-service/values-prod.yaml \
|
|
137
|
+
--debug | kubectl apply --dry-run=client -f -
|
|
138
|
+
|
|
139
|
+
# Integration test with chart-testing (ct)
|
|
140
|
+
ct lint --chart-dirs charts/ --config ct.yaml
|
|
141
|
+
ct install --chart-dirs charts/ --config ct.yaml # deploys to kind cluster
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
## Anti-Patterns
|
|
145
|
+
|
|
146
|
+
| Anti-pattern | Fix |
|
|
147
|
+
|:---|:---|
|
|
148
|
+
| `image.tag: latest` | Use content digest `image.digest: sha256:...` |
|
|
149
|
+
| Hardcoded namespace in templates | Use `.Release.Namespace` |
|
|
150
|
+
| All config in one values.yaml | Split by environment; prod values in separate file |
|
|
151
|
+
| No `resources` block | Always set requests + limits in values defaults |
|
|
152
|
+
| `helm install` without `--atomic` in CI | Use `--atomic --timeout 5m` for automatic rollback |
|
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: network-policies
|
|
3
|
+
type: skill
|
|
4
|
+
description: Design and implement Kubernetes NetworkPolicy and Cilium network policies for namespace isolation and service-to-service access control.
|
|
5
|
+
related-rules:
|
|
6
|
+
- workload-security.md
|
|
7
|
+
- cluster-standards.md
|
|
8
|
+
allowed-tools: Read, Write, Edit, Bash
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Network Policies
|
|
12
|
+
|
|
13
|
+
> **Expertise:** K8s NetworkPolicy + Cilium policy design for multi-tenant namespace isolation and zero-trust traffic control.
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When isolating a new namespace, allowing specific service-to-service communication, debugging traffic being blocked, or auditing inter-namespace access.
|
|
18
|
+
|
|
19
|
+
## Standard Policy Set (apply to every new namespace)
|
|
20
|
+
|
|
21
|
+
```yaml
|
|
22
|
+
# 1. Default deny-all (must be first)
|
|
23
|
+
apiVersion: networking.k8s.io/v1
|
|
24
|
+
kind: NetworkPolicy
|
|
25
|
+
metadata:
|
|
26
|
+
name: default-deny-all
|
|
27
|
+
namespace: my-app
|
|
28
|
+
spec:
|
|
29
|
+
podSelector: {} # matches ALL pods in namespace
|
|
30
|
+
policyTypes: [Ingress, Egress]
|
|
31
|
+
|
|
32
|
+
---
|
|
33
|
+
# 2. Allow DNS (required for all pods)
|
|
34
|
+
apiVersion: networking.k8s.io/v1
|
|
35
|
+
kind: NetworkPolicy
|
|
36
|
+
metadata:
|
|
37
|
+
name: allow-dns-egress
|
|
38
|
+
namespace: my-app
|
|
39
|
+
spec:
|
|
40
|
+
podSelector: {}
|
|
41
|
+
policyTypes: [Egress]
|
|
42
|
+
egress:
|
|
43
|
+
- ports:
|
|
44
|
+
- port: 53
|
|
45
|
+
protocol: UDP
|
|
46
|
+
- port: 53
|
|
47
|
+
protocol: TCP
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
# 3. Allow ingress from ingress controller
|
|
51
|
+
apiVersion: networking.k8s.io/v1
|
|
52
|
+
kind: NetworkPolicy
|
|
53
|
+
metadata:
|
|
54
|
+
name: allow-ingress-controller
|
|
55
|
+
namespace: my-app
|
|
56
|
+
spec:
|
|
57
|
+
podSelector:
|
|
58
|
+
matchLabels:
|
|
59
|
+
app: my-service
|
|
60
|
+
policyTypes: [Ingress]
|
|
61
|
+
ingress:
|
|
62
|
+
- from:
|
|
63
|
+
- namespaceSelector:
|
|
64
|
+
matchLabels:
|
|
65
|
+
kubernetes.io/metadata.name: ingress-nginx
|
|
66
|
+
ports:
|
|
67
|
+
- port: 8080
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
## Service-to-Service Policy
|
|
71
|
+
|
|
72
|
+
```yaml
|
|
73
|
+
# Allow order-service (in orders ns) to call payment-service (in payments ns)
|
|
74
|
+
apiVersion: networking.k8s.io/v1
|
|
75
|
+
kind: NetworkPolicy
|
|
76
|
+
metadata:
|
|
77
|
+
name: allow-from-orders
|
|
78
|
+
namespace: payments
|
|
79
|
+
spec:
|
|
80
|
+
podSelector:
|
|
81
|
+
matchLabels:
|
|
82
|
+
app: payment-service
|
|
83
|
+
policyTypes: [Ingress]
|
|
84
|
+
ingress:
|
|
85
|
+
- from:
|
|
86
|
+
- namespaceSelector:
|
|
87
|
+
matchLabels:
|
|
88
|
+
kubernetes.io/metadata.name: orders
|
|
89
|
+
podSelector:
|
|
90
|
+
matchLabels:
|
|
91
|
+
app: order-service
|
|
92
|
+
ports:
|
|
93
|
+
- port: 8080
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
## Monitoring Ingress (Prometheus scraping)
|
|
97
|
+
|
|
98
|
+
```yaml
|
|
99
|
+
apiVersion: networking.k8s.io/v1
|
|
100
|
+
kind: NetworkPolicy
|
|
101
|
+
metadata:
|
|
102
|
+
name: allow-prometheus-scrape
|
|
103
|
+
namespace: my-app
|
|
104
|
+
spec:
|
|
105
|
+
podSelector: {} # allow scraping all pods in ns
|
|
106
|
+
policyTypes: [Ingress]
|
|
107
|
+
ingress:
|
|
108
|
+
- from:
|
|
109
|
+
- namespaceSelector:
|
|
110
|
+
matchLabels:
|
|
111
|
+
kubernetes.io/metadata.name: monitoring
|
|
112
|
+
ports:
|
|
113
|
+
- port: 9090 # metrics port
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
## Cilium Policies (extended capabilities)
|
|
117
|
+
|
|
118
|
+
```yaml
|
|
119
|
+
# Cilium L7 policy — allow only GET /api/* (not POST/DELETE)
|
|
120
|
+
apiVersion: cilium.io/v2
|
|
121
|
+
kind: CiliumNetworkPolicy
|
|
122
|
+
metadata:
|
|
123
|
+
name: order-service-l7
|
|
124
|
+
namespace: production
|
|
125
|
+
spec:
|
|
126
|
+
endpointSelector:
|
|
127
|
+
matchLabels:
|
|
128
|
+
app: order-service
|
|
129
|
+
ingress:
|
|
130
|
+
- fromEndpoints:
|
|
131
|
+
- matchLabels:
|
|
132
|
+
app: frontend
|
|
133
|
+
toPorts:
|
|
134
|
+
- ports:
|
|
135
|
+
- port: "8080"
|
|
136
|
+
protocol: TCP
|
|
137
|
+
rules:
|
|
138
|
+
http:
|
|
139
|
+
- method: GET
|
|
140
|
+
path: /api/.*
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
## Debugging Blocked Traffic
|
|
144
|
+
|
|
145
|
+
```bash
|
|
146
|
+
# Cilium: observe dropped packets in real-time
|
|
147
|
+
kubectl -n kube-system exec -it $(kubectl -n kube-system get pods -l k8s-app=cilium -o jsonpath='{.items[0].metadata.name}') \
|
|
148
|
+
-- cilium monitor --type drop
|
|
149
|
+
|
|
150
|
+
# Hubble (if installed): flows between pods
|
|
151
|
+
hubble observe --namespace my-app --verdict DROPPED
|
|
152
|
+
|
|
153
|
+
# Calico: check policy hits
|
|
154
|
+
kubectl exec -n kube-system <calico-node-pod> -- calicoctl get networkpolicy -n my-app
|
|
155
|
+
|
|
156
|
+
# Test connectivity manually
|
|
157
|
+
kubectl run test-pod --image=curlimages/curl -it --rm --restart=Never -- \
|
|
158
|
+
curl -v http://payment-service.payments.svc.cluster.local:8080/health
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
## Policy Design Checklist
|
|
162
|
+
|
|
163
|
+
- [ ] Default deny-all applied to namespace
|
|
164
|
+
- [ ] DNS egress allowed (port 53 UDP+TCP)
|
|
165
|
+
- [ ] All required ingress/egress explicitly whitelisted
|
|
166
|
+
- [ ] Ingress controller namespace allowed where applicable
|
|
167
|
+
- [ ] Monitoring (Prometheus) scrape allowed
|
|
168
|
+
- [ ] Cross-namespace refs use `namespaceSelector` with metadata label
|
|
169
|
+
- [ ] Labels used in policies exist on actual pods
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: pod-troubleshooting
|
|
3
|
+
type: skill
|
|
4
|
+
description: Systematic diagnosis of pod failures — CrashLoopBackOff, OOMKilled, Pending, ImagePullBackOff, and service connectivity issues.
|
|
5
|
+
related-rules:
|
|
6
|
+
- resource-governance.md
|
|
7
|
+
- workload-security.md
|
|
8
|
+
allowed-tools: Read, Bash
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Pod Troubleshooting
|
|
12
|
+
|
|
13
|
+
> **Expertise:** Systematic K8s failure diagnosis — from symptom to root cause in under 10 commands.
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When a pod is not Running, a service is unreachable, or a deployment is stuck.
|
|
18
|
+
|
|
19
|
+
## Diagnostic Decision Tree
|
|
20
|
+
|
|
21
|
+
```
|
|
22
|
+
Pod not Running?
|
|
23
|
+
├── Status: Pending
|
|
24
|
+
│ ├── No nodes match → check node selectors, taints, resource requests
|
|
25
|
+
│ └── PVC not bound → check StorageClass, PV availability
|
|
26
|
+
├── Status: CrashLoopBackOff
|
|
27
|
+
│ ├── Exit code 0 → process exited cleanly but K8s restarts it → check command
|
|
28
|
+
│ ├── Exit code 1 → app error → check logs
|
|
29
|
+
│ ├── Exit code 137 → OOMKilled → increase memory limit
|
|
30
|
+
│ └── Exit code 143 → SIGTERM not handled → fix graceful shutdown
|
|
31
|
+
├── Status: ImagePullBackOff
|
|
32
|
+
│ ├── Image doesn't exist → check tag/digest
|
|
33
|
+
│ └── Registry auth fails → check imagePullSecret
|
|
34
|
+
└── Status: Error / Init:Error
|
|
35
|
+
└── Init container failed → check init container logs
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
## Command Cheatsheet
|
|
39
|
+
|
|
40
|
+
```bash
|
|
41
|
+
# 1. Overview — what's wrong
|
|
42
|
+
kubectl get pods -n <ns> -o wide
|
|
43
|
+
kubectl describe pod <pod> -n <ns> # events section is the first place to look
|
|
44
|
+
|
|
45
|
+
# 2. Logs
|
|
46
|
+
kubectl logs <pod> -n <ns> # current container
|
|
47
|
+
kubectl logs <pod> -n <ns> --previous # last crashed container (CrashLoop)
|
|
48
|
+
kubectl logs <pod> -n <ns> -c <container> # specific container in multi-container pod
|
|
49
|
+
|
|
50
|
+
# 3. Exec into running pod
|
|
51
|
+
kubectl exec -it <pod> -n <ns> -- /bin/sh
|
|
52
|
+
|
|
53
|
+
# 4. Resource pressure check
|
|
54
|
+
kubectl top nodes
|
|
55
|
+
kubectl top pods -n <ns>
|
|
56
|
+
|
|
57
|
+
# 5. Events (cluster-wide, sorted)
|
|
58
|
+
kubectl get events -n <ns> --sort-by='.lastTimestamp' | tail -20
|
|
59
|
+
|
|
60
|
+
# 6. Debug ephemeral container (no exec needed — distroless images)
|
|
61
|
+
kubectl debug -it <pod> -n <ns> --image=busybox:latest --target=<container>
|
|
62
|
+
|
|
63
|
+
# 7. Node-level debug
|
|
64
|
+
kubectl debug node/<node-name> -it --image=ubuntu
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
## CrashLoopBackOff Runbook
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
# Step 1: Get exit code
|
|
71
|
+
kubectl describe pod <pod> -n <ns> | grep -A5 "Last State:"
|
|
72
|
+
|
|
73
|
+
# Step 2: Get crash logs (may only appear in --previous)
|
|
74
|
+
kubectl logs <pod> -n <ns> --previous --tail=100
|
|
75
|
+
|
|
76
|
+
# Step 3: Check if OOMKilled
|
|
77
|
+
kubectl describe pod <pod> -n <ns> | grep -i "OOMKilled\|Reason:"
|
|
78
|
+
# If OOMKilled → increase memory limit or find memory leak
|
|
79
|
+
|
|
80
|
+
# Step 4: Check security context (common in restricted namespaces)
|
|
81
|
+
# Error: "permission denied" or "operation not permitted" → readOnlyRootFilesystem or dropped capabilities
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
## Pending Pod Runbook
|
|
85
|
+
|
|
86
|
+
```bash
|
|
87
|
+
# Check why pod can't be scheduled
|
|
88
|
+
kubectl describe pod <pod> -n <ns> | grep -A20 "Events:"
|
|
89
|
+
|
|
90
|
+
# Common causes:
|
|
91
|
+
# "Insufficient cpu/memory" → check node capacity and pod requests
|
|
92
|
+
kubectl describe nodes | grep -A5 "Allocated resources:"
|
|
93
|
+
|
|
94
|
+
# "node(s) had taints that the pod didn't tolerate"
|
|
95
|
+
kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints
|
|
96
|
+
|
|
97
|
+
# "0/3 nodes are available: 3 node(s) didn't match node affinity"
|
|
98
|
+
# → check pod nodeSelector / affinity vs node labels
|
|
99
|
+
kubectl get nodes --show-labels
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
## Service Connectivity Runbook
|
|
103
|
+
|
|
104
|
+
```bash
|
|
105
|
+
# Is the service selecting the right pods?
|
|
106
|
+
kubectl get endpoints <svc> -n <ns> # should show pod IPs; empty = selector mismatch
|
|
107
|
+
|
|
108
|
+
# Test DNS resolution from within cluster
|
|
109
|
+
kubectl run -it --rm debug --image=busybox --restart=Never -- nslookup <svc>.<ns>.svc.cluster.local
|
|
110
|
+
|
|
111
|
+
# Test HTTP connectivity
|
|
112
|
+
kubectl run -it --rm debug --image=curlimages/curl --restart=Never -- curl -v http://<svc>.<ns>.svc.cluster.local:<port>/health
|
|
113
|
+
|
|
114
|
+
# Check NetworkPolicy blocking traffic
|
|
115
|
+
# Install Hubble CLI (Cilium) or use:
|
|
116
|
+
kubectl exec -n kube-system <cilium-pod> -- cilium monitor --from-pod <src-pod>
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
## OOMKilled Prevention
|
|
120
|
+
|
|
121
|
+
```bash
|
|
122
|
+
# Find actual peak memory usage via metrics
|
|
123
|
+
kubectl top pods -n <ns> --sort-by=memory
|
|
124
|
+
|
|
125
|
+
# Check Vertical Pod Autoscaler recommendation (if VPA installed)
|
|
126
|
+
kubectl describe vpa <name> -n <ns> | grep -A10 "Recommendation:"
|
|
127
|
+
|
|
128
|
+
# Rule of thumb: limit = 1.5× observed peak; request = 0.6× observed peak
|
|
129
|
+
```
|