@jetrabbits/agentic 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +143 -0
- package/README.md +154 -0
- package/agentic +1615 -0
- package/areas/devops/ci-cd/AGENTS.md +48 -0
- package/areas/devops/ci-cd/PROMPTS.md +7 -0
- package/areas/devops/ci-cd/prompts/onboard-repo.md +97 -0
- package/areas/devops/ci-cd/prompts/pipeline-debug.md +103 -0
- package/areas/devops/ci-cd/prompts/release-pipeline.md +115 -0
- package/areas/devops/ci-cd/rules/pipeline-standards.md +33 -0
- package/areas/devops/ci-cd/rules/quality-gates.md +24 -0
- package/areas/devops/ci-cd/rules/supply-chain-security.md +34 -0
- package/areas/devops/ci-cd/skills/artifact-management/SKILL.md +157 -0
- package/areas/devops/ci-cd/skills/build-optimization/SKILL.md +168 -0
- package/areas/devops/ci-cd/skills/github-actions-patterns/SKILL.md +190 -0
- package/areas/devops/ci-cd/skills/gitlab-ci-patterns/SKILL.md +169 -0
- package/areas/devops/ci-cd/skills/pipeline-security/SKILL.md +161 -0
- package/areas/devops/ci-cd/workflows/onboard-repo.md +73 -0
- package/areas/devops/ci-cd/workflows/pipeline-debug.md +66 -0
- package/areas/devops/ci-cd/workflows/release-pipeline.md +115 -0
- package/areas/devops/database-ops/AGENTS.md +47 -0
- package/areas/devops/database-ops/prompts/backup-verify.md +83 -0
- package/areas/devops/database-ops/prompts/db-incident.md +127 -0
- package/areas/devops/database-ops/rules/access-control.md +20 -0
- package/areas/devops/database-ops/rules/backup-policy.md +33 -0
- package/areas/devops/database-ops/rules/migration-runbook.md +32 -0
- package/areas/devops/database-ops/skills/backup-restore/SKILL.md +226 -0
- package/areas/devops/database-ops/skills/db-performance/SKILL.md +205 -0
- package/areas/devops/database-ops/skills/migration-safety/SKILL.md +155 -0
- package/areas/devops/database-ops/skills/postgres-operations/SKILL.md +156 -0
- package/areas/devops/database-ops/skills/redis-operations/SKILL.md +174 -0
- package/areas/devops/database-ops/workflows/backup-verify.md +107 -0
- package/areas/devops/database-ops/workflows/db-incident.md +86 -0
- package/areas/devops/devsecops/AGENTS.md +47 -0
- package/areas/devops/devsecops/prompts/policy-onboard.md +79 -0
- package/areas/devops/devsecops/prompts/security-scan-pipeline.md +131 -0
- package/areas/devops/devsecops/rules/container-security.md +22 -0
- package/areas/devops/devsecops/rules/policy-as-code.md +37 -0
- package/areas/devops/devsecops/rules/shift-left-policy.md +26 -0
- package/areas/devops/devsecops/skills/container-hardening/SKILL.md +146 -0
- package/areas/devops/devsecops/skills/opa-policies/SKILL.md +188 -0
- package/areas/devops/devsecops/skills/sbom-supply-chain/SKILL.md +165 -0
- package/areas/devops/devsecops/skills/secret-detection/SKILL.md +190 -0
- package/areas/devops/devsecops/skills/sigstore-signing/SKILL.md +184 -0
- package/areas/devops/devsecops/workflows/policy-onboard.md +104 -0
- package/areas/devops/devsecops/workflows/security-scan-pipeline.md +155 -0
- package/areas/devops/infrastructure/AGENTS.md +50 -0
- package/areas/devops/infrastructure/prompts/destroy-environment.md +81 -0
- package/areas/devops/infrastructure/prompts/drift-remediation.md +71 -0
- package/areas/devops/infrastructure/prompts/module-development.md +69 -0
- package/areas/devops/infrastructure/prompts/provision-environment.md +121 -0
- package/areas/devops/infrastructure/rules/iac-standards.md +80 -0
- package/areas/devops/infrastructure/rules/immutability.md +28 -0
- package/areas/devops/infrastructure/rules/secret-hygiene.md +53 -0
- package/areas/devops/infrastructure/rules/state-management.md +47 -0
- package/areas/devops/infrastructure/skills/ansible-playbooks/SKILL.md +174 -0
- package/areas/devops/infrastructure/skills/cost-optimization/SKILL.md +177 -0
- package/areas/devops/infrastructure/skills/drift-detection/SKILL.md +178 -0
- package/areas/devops/infrastructure/skills/state-management/SKILL.md +159 -0
- package/areas/devops/infrastructure/skills/terraform-modules/SKILL.md +169 -0
- package/areas/devops/infrastructure/workflows/destroy-environment.md +96 -0
- package/areas/devops/infrastructure/workflows/drift-remediation.md +66 -0
- package/areas/devops/infrastructure/workflows/module-development.md +101 -0
- package/areas/devops/infrastructure/workflows/provision-environment.md +96 -0
- package/areas/devops/kubernetes/AGENTS.md +57 -0
- package/areas/devops/kubernetes/PROMPTS.md +9 -0
- package/areas/devops/kubernetes/prompts/cluster-bootstrap.md +67 -0
- package/areas/devops/kubernetes/prompts/debug-workload.md +91 -0
- package/areas/devops/kubernetes/prompts/onboard-service.md +101 -0
- package/areas/devops/kubernetes/prompts/upgrade-cluster.md +63 -0
- package/areas/devops/kubernetes/rules/cluster-standards.md +51 -0
- package/areas/devops/kubernetes/rules/resource-governance.md +80 -0
- package/areas/devops/kubernetes/rules/upgrade-policy.md +52 -0
- package/areas/devops/kubernetes/rules/workload-security.md +64 -0
- package/areas/devops/kubernetes/skills/cluster-operations/SKILL.md +136 -0
- package/areas/devops/kubernetes/skills/helm-charts/SKILL.md +152 -0
- package/areas/devops/kubernetes/skills/network-policies/SKILL.md +169 -0
- package/areas/devops/kubernetes/skills/pod-troubleshooting/SKILL.md +129 -0
- package/areas/devops/kubernetes/skills/rbac-design/SKILL.md +148 -0
- package/areas/devops/kubernetes/skills/resource-tuning/SKILL.md +156 -0
- package/areas/devops/kubernetes/workflows/cluster-bootstrap.md +194 -0
- package/areas/devops/kubernetes/workflows/debug-workload.md +108 -0
- package/areas/devops/kubernetes/workflows/onboard-service.md +124 -0
- package/areas/devops/kubernetes/workflows/upgrade-cluster.md +165 -0
- package/areas/devops/networking/AGENTS.md +47 -0
- package/areas/devops/networking/prompts/onboard-ingress.md +119 -0
- package/areas/devops/networking/prompts/service-mesh-onboard.md +77 -0
- package/areas/devops/networking/rules/ingress-standards.md +17 -0
- package/areas/devops/networking/rules/network-segmentation.md +24 -0
- package/areas/devops/networking/rules/tls-policy.md +32 -0
- package/areas/devops/networking/skills/dns-management/SKILL.md +169 -0
- package/areas/devops/networking/skills/ingress-patterns/SKILL.md +165 -0
- package/areas/devops/networking/skills/service-mesh/SKILL.md +206 -0
- package/areas/devops/networking/skills/tls-termination/SKILL.md +198 -0
- package/areas/devops/networking/skills/vpc-design/SKILL.md +132 -0
- package/areas/devops/networking/workflows/onboard-ingress.md +64 -0
- package/areas/devops/networking/workflows/service-mesh-onboard.md +122 -0
- package/areas/devops/observability/AGENTS.md +48 -0
- package/areas/devops/observability/prompts/alert-investigation.md +117 -0
- package/areas/devops/observability/prompts/observability-stack-setup.md +99 -0
- package/areas/devops/observability/prompts/onboard-service-monitoring.md +79 -0
- package/areas/devops/observability/rules/alerting-standards.md +36 -0
- package/areas/devops/observability/rules/data-retention.md +19 -0
- package/areas/devops/observability/rules/golden-signals.md +28 -0
- package/areas/devops/observability/skills/distributed-tracing/SKILL.md +149 -0
- package/areas/devops/observability/skills/grafana-dashboards/SKILL.md +201 -0
- package/areas/devops/observability/skills/log-aggregation/SKILL.md +159 -0
- package/areas/devops/observability/skills/prometheus-alertmanager/SKILL.md +188 -0
- package/areas/devops/observability/skills/slo-implementation/SKILL.md +189 -0
- package/areas/devops/observability/workflows/alert-investigation.md +98 -0
- package/areas/devops/observability/workflows/observability-stack-setup.md +156 -0
- package/areas/devops/observability/workflows/onboard-service-monitoring.md +83 -0
- package/areas/devops/sre/AGENTS.md +48 -0
- package/areas/devops/sre/prompts/incident-response.md +129 -0
- package/areas/devops/sre/prompts/postmortem.md +101 -0
- package/areas/devops/sre/prompts/slo-review.md +125 -0
- package/areas/devops/sre/rules/error-budget-policy.md +25 -0
- package/areas/devops/sre/rules/on-call-standards.md +25 -0
- package/areas/devops/sre/rules/slo-policy.md +31 -0
- package/areas/devops/sre/skills/capacity-planning/SKILL.md +162 -0
- package/areas/devops/sre/skills/chaos-engineering/SKILL.md +186 -0
- package/areas/devops/sre/skills/incident-command/SKILL.md +119 -0
- package/areas/devops/sre/skills/postmortem-analysis/SKILL.md +104 -0
- package/areas/devops/sre/skills/slo-sli-design/SKILL.md +145 -0
- package/areas/devops/sre/workflows/incident-response.md +66 -0
- package/areas/devops/sre/workflows/postmortem.md +90 -0
- package/areas/devops/sre/workflows/slo-review.md +95 -0
- package/areas/software/backend/AGENTS.md +59 -0
- package/areas/software/backend/PROMPTS.md +50 -0
- package/areas/software/backend/README.md +48 -0
- package/areas/software/backend/prompts/add-migration.md +93 -0
- package/areas/software/backend/prompts/create-endpoint.md +97 -0
- package/areas/software/backend/prompts/debug-issue.md +87 -0
- package/areas/software/backend/prompts/develop-epic.md +83 -0
- package/areas/software/backend/prompts/develop-feature.md +91 -0
- package/areas/software/backend/prompts/refactor-module.md +79 -0
- package/areas/software/backend/prompts/test-feature.md +89 -0
- package/areas/software/backend/rules/architecture.md +20 -0
- package/areas/software/backend/rules/data_access.md +20 -0
- package/areas/software/backend/rules/security.md +20 -0
- package/areas/software/backend/rules/testing.md +19 -0
- package/areas/software/backend/skills/api-design/SKILL.md +170 -0
- package/areas/software/backend/skills/async-processing/SKILL.md +152 -0
- package/areas/software/backend/skills/database-modeling/SKILL.md +173 -0
- package/areas/software/backend/skills/observability/SKILL.md +162 -0
- package/areas/software/backend/skills/troubleshooting/SKILL.md +139 -0
- package/areas/software/backend/workflows/add-migration.md +79 -0
- package/areas/software/backend/workflows/create-endpoint.md +89 -0
- package/areas/software/backend/workflows/debug-issue.md +77 -0
- package/areas/software/backend/workflows/develop-epic.md +78 -0
- package/areas/software/backend/workflows/develop-feature.md +98 -0
- package/areas/software/backend/workflows/refactor-module.md +73 -0
- package/areas/software/backend/workflows/test-feature.md +67 -0
- package/areas/software/data-engineering/AGENTS.md +59 -0
- package/areas/software/data-engineering/PROMPTS.md +32 -0
- package/areas/software/data-engineering/prompts/backfill-data.md +107 -0
- package/areas/software/data-engineering/prompts/data-quality-incident.md +109 -0
- package/areas/software/data-engineering/prompts/lineage-trace.md +121 -0
- package/areas/software/data-engineering/prompts/new-model.md +117 -0
- package/areas/software/data-engineering/prompts/schema-migration.md +111 -0
- package/areas/software/data-engineering/rules/data-governance.md +11 -0
- package/areas/software/data-engineering/rules/pii-handling.md +19 -0
- package/areas/software/data-engineering/rules/pipeline-integrity.md +11 -0
- package/areas/software/data-engineering/rules/schema-management.md +21 -0
- package/areas/software/data-engineering/skills/data-modeling/SKILL.md +49 -0
- package/areas/software/data-engineering/skills/dbt-patterns/SKILL.md +43 -0
- package/areas/software/data-engineering/skills/lineage-governance/SKILL.md +38 -0
- package/areas/software/data-engineering/skills/orchestration/SKILL.md +35 -0
- package/areas/software/data-engineering/skills/quality-checks/SKILL.md +50 -0
- package/areas/software/data-engineering/skills/sql-optimization/SKILL.md +47 -0
- package/areas/software/data-engineering/skills/streaming-patterns/SKILL.md +48 -0
- package/areas/software/data-engineering/workflows/backfill-data.md +59 -0
- package/areas/software/data-engineering/workflows/data-quality-incident.md +64 -0
- package/areas/software/data-engineering/workflows/lineage-trace.md +56 -0
- package/areas/software/data-engineering/workflows/new-model.md +71 -0
- package/areas/software/data-engineering/workflows/schema-migration.md +67 -0
- package/areas/software/frontend/AGENTS.md +60 -0
- package/areas/software/frontend/PROMPTS.md +32 -0
- package/areas/software/frontend/prompts/a11y-fix.md +75 -0
- package/areas/software/frontend/prompts/bundle-analyze.md +75 -0
- package/areas/software/frontend/prompts/release-prep.md +83 -0
- package/areas/software/frontend/prompts/scaffold-component.md +69 -0
- package/areas/software/frontend/prompts/visual-regression.md +73 -0
- package/areas/software/frontend/rules/accessibility.md +16 -0
- package/areas/software/frontend/rules/architecture.md +29 -0
- package/areas/software/frontend/rules/performance.md +23 -0
- package/areas/software/frontend/rules/quality.md +12 -0
- package/areas/software/frontend/skills/a11y-audit/SKILL.md +61 -0
- package/areas/software/frontend/skills/api-integration/SKILL.md +58 -0
- package/areas/software/frontend/skills/component-design/SKILL.md +171 -0
- package/areas/software/frontend/skills/css-architecture/SKILL.md +146 -0
- package/areas/software/frontend/skills/error-handling/SKILL.md +55 -0
- package/areas/software/frontend/skills/performance-tuning/SKILL.md +58 -0
- package/areas/software/frontend/skills/state-management/SKILL.md +54 -0
- package/areas/software/frontend/skills/testing-patterns/SKILL.md +69 -0
- package/areas/software/frontend/workflows/a11y-fix.md +63 -0
- package/areas/software/frontend/workflows/bundle-analyze.md +56 -0
- package/areas/software/frontend/workflows/release-prep.md +66 -0
- package/areas/software/frontend/workflows/scaffold-component.md +67 -0
- package/areas/software/frontend/workflows/visual-regression.md +65 -0
- package/areas/software/full-stack/AGENTS.md +72 -0
- package/areas/software/full-stack/PROMPTS.md +66 -0
- package/areas/software/full-stack/prompts/backend-project-full-cycle.md +141 -0
- package/areas/software/full-stack/prompts/debug-issue.md +115 -0
- package/areas/software/full-stack/prompts/develop-feature.md +119 -0
- package/areas/software/full-stack/prompts/feature-implementation-flow.md +137 -0
- package/areas/software/full-stack/prompts/testing-ci-pipeline.md +119 -0
- package/areas/software/full-stack/rules/api-design-guide.md +24 -0
- package/areas/software/full-stack/rules/async-concurrency-guide.md +21 -0
- package/areas/software/full-stack/rules/backend-architecture-rule.md +41 -0
- package/areas/software/full-stack/rules/background-jobs-guide.md +20 -0
- package/areas/software/full-stack/rules/code-quality-guide.md +22 -0
- package/areas/software/full-stack/rules/database-access-guide.md +24 -0
- package/areas/software/full-stack/rules/database-migrations-guide.md +24 -0
- package/areas/software/full-stack/rules/domain-models-guide.md +28 -0
- package/areas/software/full-stack/rules/e2e-test-guide.md +18 -0
- package/areas/software/full-stack/rules/env-settings-guide.md +34 -0
- package/areas/software/full-stack/rules/error-handling-guide.md +20 -0
- package/areas/software/full-stack/rules/logging-observability-guide.md +22 -0
- package/areas/software/full-stack/rules/project-guide.md +34 -0
- package/areas/software/full-stack/rules/python-venv-guide.md +23 -0
- package/areas/software/full-stack/rules/security-guide.md +22 -0
- package/areas/software/full-stack/rules/svt-test-guide.md +17 -0
- package/areas/software/full-stack/rules/testing-ci-guide.md +25 -0
- package/areas/software/full-stack/skills/api-design-principles/SKILL.md +125 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/api-design-checklist.md +155 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/rest-api-template.py +182 -0
- package/areas/software/full-stack/skills/api-design-principles/references/graphql-schema-design.md +583 -0
- package/areas/software/full-stack/skills/api-design-principles/references/rest-best-practices.md +408 -0
- package/areas/software/full-stack/skills/api-design-principles/resources/implementation-playbook.md +513 -0
- package/areas/software/full-stack/skills/api-patterns/SKILL.md +81 -0
- package/areas/software/full-stack/skills/api-patterns/api-style.md +42 -0
- package/areas/software/full-stack/skills/api-patterns/auth.md +24 -0
- package/areas/software/full-stack/skills/api-patterns/documentation.md +26 -0
- package/areas/software/full-stack/skills/api-patterns/graphql.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/rate-limiting.md +31 -0
- package/areas/software/full-stack/skills/api-patterns/response.md +37 -0
- package/areas/software/full-stack/skills/api-patterns/rest.md +40 -0
- package/areas/software/full-stack/skills/api-patterns/scripts/api_validator.py +211 -0
- package/areas/software/full-stack/skills/api-patterns/security-testing.md +122 -0
- package/areas/software/full-stack/skills/api-patterns/trpc.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/versioning.md +22 -0
- package/areas/software/full-stack/skills/app-builder/SKILL.md +135 -0
- package/areas/software/full-stack/skills/app-builder/agent-coordination.md +71 -0
- package/areas/software/full-stack/skills/app-builder/feature-building.md +53 -0
- package/areas/software/full-stack/skills/app-builder/project-detection.md +34 -0
- package/areas/software/full-stack/skills/app-builder/scaffolding.md +118 -0
- package/areas/software/full-stack/skills/app-builder/tech-stack.md +40 -0
- package/areas/software/full-stack/skills/app-builder/templates/SKILL.md +39 -0
- package/areas/software/full-stack/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -0
- package/areas/software/full-stack/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -0
- package/areas/software/full-stack/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/express-api/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +82 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +100 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-static/TEMPLATE.md +106 -0
- package/areas/software/full-stack/skills/app-builder/templates/nuxt-app/TEMPLATE.md +101 -0
- package/areas/software/full-stack/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/react-native-app/TEMPLATE.md +93 -0
- package/areas/software/full-stack/skills/backend-developer/SKILL.md +58 -0
- package/areas/software/full-stack/skills/bash-pro/SKILL.md +310 -0
- package/areas/software/full-stack/skills/blackbox-test/SKILL.md +84 -0
- package/areas/software/full-stack/skills/prompt-project-planner/SKILL.md +130 -0
- package/areas/software/full-stack/skills/prompt-project-planner/output.schema.md +68 -0
- package/areas/software/full-stack/skills/prompt-project-planner/questions.md +80 -0
- package/areas/software/full-stack/skills/python-pro/SKILL.md +158 -0
- package/areas/software/full-stack/skills/skill-creator/LICENSE.txt +202 -0
- package/areas/software/full-stack/skills/skill-creator/SKILL.md +356 -0
- package/areas/software/full-stack/skills/skill-creator/references/output-patterns.md +82 -0
- package/areas/software/full-stack/skills/skill-creator/references/workflows.md +28 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/init_skill.py +303 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/package_skill.py +110 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/quick_validate.py +95 -0
- package/areas/software/full-stack/workflows/backend-project-full-cycle.md +132 -0
- package/areas/software/full-stack/workflows/debug-issue.md +70 -0
- package/areas/software/full-stack/workflows/develop-feature.md +85 -0
- package/areas/software/full-stack/workflows/feature-implementation-flow.md +78 -0
- package/areas/software/full-stack/workflows/testing-ci-pipeline.md +65 -0
- package/areas/software/general/AGENTS.md +68 -0
- package/areas/software/general/prompts/code-review-workflow.md +87 -0
- package/areas/software/general/prompts/development-cycle-workflow.md +83 -0
- package/areas/software/general/prompts/project-setup-workflow.md +93 -0
- package/areas/software/general/rules/code-style-guide.md +31 -0
- package/areas/software/general/rules/docker-compose-guide.md +27 -0
- package/areas/software/general/rules/git-workflow-guide.md +27 -0
- package/areas/software/general/rules/github-workflow-guide.md +27 -0
- package/areas/software/general/rules/gitlab-ci-guide.md +27 -0
- package/areas/software/general/rules/lint-format-guide.md +29 -0
- package/areas/software/general/rules/makefile-guide.md +34 -0
- package/areas/software/general/rules/readme-sync-guide.md +40 -0
- package/areas/software/general/rules/sdlc-methodology-guide.md +27 -0
- package/areas/software/general/rules/sdlc-role-responsibilities.md +108 -0
- package/areas/software/general/skills/general-dev-tools/SKILL.md +324 -0
- package/areas/software/general/workflows/code-review-workflow.md +84 -0
- package/areas/software/general/workflows/development-cycle-workflow.md +85 -0
- package/areas/software/general/workflows/project-setup-workflow.md +94 -0
- package/areas/software/mlops/AGENTS.md +57 -0
- package/areas/software/mlops/PROMPTS.md +32 -0
- package/areas/software/mlops/prompts/champion-challenger.md +87 -0
- package/areas/software/mlops/prompts/deploy-endpoint.md +91 -0
- package/areas/software/mlops/prompts/evaluate-model.md +87 -0
- package/areas/software/mlops/prompts/model-incident.md +87 -0
- package/areas/software/mlops/prompts/train-experiment.md +83 -0
- package/areas/software/mlops/rules/data-integrity.md +9 -0
- package/areas/software/mlops/rules/model-governance.md +9 -0
- package/areas/software/mlops/rules/production-safety.md +9 -0
- package/areas/software/mlops/rules/reproducibility.md +9 -0
- package/areas/software/mlops/skills/experiment-tracking/SKILL.md +29 -0
- package/areas/software/mlops/skills/feature-engineering/SKILL.md +44 -0
- package/areas/software/mlops/skills/inference-serving/SKILL.md +35 -0
- package/areas/software/mlops/skills/model-evaluation/SKILL.md +40 -0
- package/areas/software/mlops/skills/model-monitoring/SKILL.md +32 -0
- package/areas/software/mlops/workflows/champion-challenger.md +65 -0
- package/areas/software/mlops/workflows/deploy-endpoint.md +70 -0
- package/areas/software/mlops/workflows/evaluate-model.md +63 -0
- package/areas/software/mlops/workflows/model-incident.md +64 -0
- package/areas/software/mlops/workflows/train-experiment.md +56 -0
- package/areas/software/mobile/AGENTS.md +58 -0
- package/areas/software/mobile/PROMPTS.md +32 -0
- package/areas/software/mobile/prompts/crash-triage.md +63 -0
- package/areas/software/mobile/prompts/device-testing.md +83 -0
- package/areas/software/mobile/prompts/ota-update.md +75 -0
- package/areas/software/mobile/prompts/release-build.md +67 -0
- package/areas/software/mobile/prompts/store-submission.md +79 -0
- package/areas/software/mobile/rules/offline-first.md +10 -0
- package/areas/software/mobile/rules/performance-budget.md +20 -0
- package/areas/software/mobile/rules/platform-compliance.md +17 -0
- package/areas/software/mobile/rules/security-mobile.md +9 -0
- package/areas/software/mobile/skills/app-store-prep/SKILL.md +27 -0
- package/areas/software/mobile/skills/mobile-testing/SKILL.md +36 -0
- package/areas/software/mobile/skills/native-modules/SKILL.md +38 -0
- package/areas/software/mobile/skills/navigation-patterns/SKILL.md +49 -0
- package/areas/software/mobile/skills/push-notifications/SKILL.md +40 -0
- package/areas/software/mobile/skills/state-sync/SKILL.md +48 -0
- package/areas/software/mobile/workflows/crash-triage.md +63 -0
- package/areas/software/mobile/workflows/device-testing.md +54 -0
- package/areas/software/mobile/workflows/ota-update.md +54 -0
- package/areas/software/mobile/workflows/release-build.md +67 -0
- package/areas/software/mobile/workflows/store-submission.md +63 -0
- package/areas/software/platform/AGENTS.md +67 -0
- package/areas/software/platform/PROMPTS.md +32 -0
- package/areas/software/platform/prompts/cost-audit.md +117 -0
- package/areas/software/platform/prompts/deploy-production.md +109 -0
- package/areas/software/platform/prompts/drift-check.md +107 -0
- package/areas/software/platform/prompts/incident-response.md +121 -0
- package/areas/software/platform/prompts/provision-env.md +113 -0
- package/areas/software/platform/rules/cost-governance.md +11 -0
- package/areas/software/platform/rules/immutability.md +17 -0
- package/areas/software/platform/rules/reliability.md +19 -0
- package/areas/software/platform/rules/security-posture.md +12 -0
- package/areas/software/platform/skills/ci-cd-pipelines/SKILL.md +58 -0
- package/areas/software/platform/skills/incident-response/SKILL.md +41 -0
- package/areas/software/platform/skills/k8s-manifests/SKILL.md +56 -0
- package/areas/software/platform/skills/networking/SKILL.md +44 -0
- package/areas/software/platform/skills/observability-setup/SKILL.md +49 -0
- package/areas/software/platform/skills/secrets-management/SKILL.md +43 -0
- package/areas/software/platform/skills/terraform-patterns/SKILL.md +75 -0
- package/areas/software/platform/workflows/cost-audit.md +61 -0
- package/areas/software/platform/workflows/deploy-production.md +67 -0
- package/areas/software/platform/workflows/drift-check.md +61 -0
- package/areas/software/platform/workflows/incident-response.md +69 -0
- package/areas/software/platform/workflows/provision-env.md +77 -0
- package/areas/software/qa/AGENTS.md +58 -0
- package/areas/software/qa/PROMPTS.md +32 -0
- package/areas/software/qa/prompts/flakiness-investigation.md +61 -0
- package/areas/software/qa/prompts/performance-audit.md +65 -0
- package/areas/software/qa/prompts/regression-suite.md +61 -0
- package/areas/software/qa/prompts/smoke-test.md +65 -0
- package/areas/software/qa/prompts/test-coverage-report.md +61 -0
- package/areas/software/qa/rules/flakiness-policy.md +12 -0
- package/areas/software/qa/rules/quality-gates.md +28 -0
- package/areas/software/qa/rules/test-data.md +9 -0
- package/areas/software/qa/rules/test-strategy.md +11 -0
- package/areas/software/qa/skills/accessibility-testing/SKILL.md +139 -0
- package/areas/software/qa/skills/api-testing/SKILL.md +140 -0
- package/areas/software/qa/skills/e2e-patterns/SKILL.md +152 -0
- package/areas/software/qa/skills/performance-testing/SKILL.md +177 -0
- package/areas/software/qa/skills/test-data-management/SKILL.md +161 -0
- package/areas/software/qa/skills/test-pyramid/SKILL.md +127 -0
- package/areas/software/qa/workflows/flakiness-investigation.md +63 -0
- package/areas/software/qa/workflows/performance-audit.md +59 -0
- package/areas/software/qa/workflows/regression-suite.md +59 -0
- package/areas/software/qa/workflows/smoke-test.md +64 -0
- package/areas/software/qa/workflows/test-coverage-report.md +57 -0
- package/areas/software/security/AGENTS.md +58 -0
- package/areas/software/security/PROMPTS.md +32 -0
- package/areas/software/security/prompts/compliance-report.md +113 -0
- package/areas/software/security/prompts/pen-test-sim.md +113 -0
- package/areas/software/security/prompts/secret-rotation.md +115 -0
- package/areas/software/security/prompts/security-scan.md +91 -0
- package/areas/software/security/prompts/threat-model-review.md +105 -0
- package/areas/software/security/rules/compliance-baseline.md +23 -0
- package/areas/software/security/rules/dependency-policy.md +12 -0
- package/areas/software/security/rules/secrets-policy.md +22 -0
- package/areas/software/security/rules/secure-coding.md +22 -0
- package/areas/software/security/skills/auth-patterns/SKILL.md +42 -0
- package/areas/software/security/skills/crypto-standards/SKILL.md +42 -0
- package/areas/software/security/skills/dependency-audit/SKILL.md +29 -0
- package/areas/software/security/skills/sast-dast-interpretation/SKILL.md +33 -0
- package/areas/software/security/skills/security-headers/SKILL.md +29 -0
- package/areas/software/security/skills/threat-modeling/SKILL.md +36 -0
- package/areas/software/security/workflows/compliance-report.md +57 -0
- package/areas/software/security/workflows/pen-test-sim.md +63 -0
- package/areas/software/security/workflows/secret-rotation.md +67 -0
- package/areas/software/security/workflows/security-scan.md +64 -0
- package/areas/software/security/workflows/threat-model-review.md +62 -0
- package/areas/template/AGENTS-area.tmpl.md +61 -0
- package/areas/template/AGENTS.tmpl.md +67 -0
- package/areas/template/GUIDE.md +102 -0
- package/areas/template/PROMPTS.tmpl.md +29 -0
- package/areas/template/README.md +57 -0
- package/areas/template/README.tmpl.md +51 -0
- package/areas/template/prompt.tmpl.md +101 -0
- package/areas/template/rule.tmpl.md +71 -0
- package/areas/template/skill.tmpl.md +108 -0
- package/areas/template/workflow.tmpl.md +104 -0
- package/bin/agentic.js +24 -0
- package/extensions/antigravity/GEMINI.md +10 -0
- package/extensions/claude/CLAUDE.md +10 -0
- package/extensions/codex/AGENTS.override.md +93 -0
- package/extensions/gemini/GEMINI.md +10 -0
- package/extensions/opencode/agents/designer.md +65 -0
- package/extensions/opencode/agents/developer.md +63 -0
- package/extensions/opencode/agents/devops-engineer.md +69 -0
- package/extensions/opencode/agents/pm.md +61 -0
- package/extensions/opencode/agents/product-owner.md +76 -0
- package/extensions/opencode/agents/qa.md +66 -0
- package/extensions/opencode/agents/team-lead.md +67 -0
- package/extensions/opencode/commands/feature.md +75 -0
- package/extensions/opencode/opencode.json +93 -0
- package/extensions/opencode/plugins/model-checker.json +14 -0
- package/extensions/opencode/plugins/model-checker.ts +279 -0
- package/extensions/opencode/plugins/sound-notification.ts +13 -0
- package/extensions/opencode/plugins/telegram-notification.ts +86 -0
- package/extensions/opencode/skills/code_review_expert/SKILL.md +144 -0
- package/extensions/opencode/skills/design_expert/SKILL.md +42 -0
- package/extensions/opencode/skills/qa_expert/SKILL.md +116 -0
- package/package.json +19 -0
|
@@ -0,0 +1,169 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dns-management
|
|
3
|
+
type: skill
|
|
4
|
+
description: DNS management for Kubernetes — CoreDNS tuning, external-dns automation, split-horizon DNS, and bare-metal DNS design.
|
|
5
|
+
related-rules:
|
|
6
|
+
- network-segmentation.md
|
|
7
|
+
allowed-tools: Read, Write, Edit, Bash
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
# Skill: DNS Management
|
|
11
|
+
|
|
12
|
+
> **Expertise:** CoreDNS configuration, external-dns operator, split-horizon DNS, DNS debugging, bare-metal DNS topology.
|
|
13
|
+
|
|
14
|
+
## When to load
|
|
15
|
+
|
|
16
|
+
When services can't resolve DNS, setting up external-dns automation, configuring split-horizon, or designing DNS for a new cluster.
|
|
17
|
+
|
|
18
|
+
## CoreDNS: Cluster DNS Configuration
|
|
19
|
+
|
|
20
|
+
```yaml
|
|
21
|
+
# ConfigMap: coredns (kube-system)
|
|
22
|
+
apiVersion: v1
|
|
23
|
+
kind: ConfigMap
|
|
24
|
+
metadata:
|
|
25
|
+
name: coredns
|
|
26
|
+
namespace: kube-system
|
|
27
|
+
data:
|
|
28
|
+
Corefile: |
|
|
29
|
+
.:53 {
|
|
30
|
+
errors
|
|
31
|
+
health { lameduck 5s }
|
|
32
|
+
ready
|
|
33
|
+
|
|
34
|
+
# Kubernetes in-cluster DNS
|
|
35
|
+
kubernetes cluster.local in-addr.arpa ip6.arpa {
|
|
36
|
+
pods insecure
|
|
37
|
+
fallthrough in-addr.arpa ip6.arpa
|
|
38
|
+
ttl 30
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
# Forward internal domain to internal DNS server
|
|
42
|
+
internal.example.com {
|
|
43
|
+
forward . 192.168.10.53
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
# Forward everything else to upstream resolvers
|
|
47
|
+
forward . 1.1.1.1 8.8.8.8 {
|
|
48
|
+
max_concurrent 1000
|
|
49
|
+
prefer_udp
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
cache 300 # 5-minute DNS cache
|
|
53
|
+
loop # detect forwarding loops
|
|
54
|
+
reload # hot-reload ConfigMap changes
|
|
55
|
+
loadbalance # round-robin DNS responses
|
|
56
|
+
|
|
57
|
+
# Log DNS errors (not all queries — too noisy)
|
|
58
|
+
log . {
|
|
59
|
+
class error
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
## external-dns (Automated DNS Record Management)
|
|
65
|
+
|
|
66
|
+
```yaml
|
|
67
|
+
# external-dns reads Ingress/Service annotations and creates DNS records
|
|
68
|
+
# Install:
|
|
69
|
+
helm upgrade --install external-dns external-dns/external-dns \
|
|
70
|
+
-n kube-system \
|
|
71
|
+
-f external-dns-values.yaml
|
|
72
|
+
|
|
73
|
+
# external-dns-values.yaml
|
|
74
|
+
provider: cloudflare # cloudflare, route53, hetzner, etc.
|
|
75
|
+
env:
|
|
76
|
+
- name: CF_API_TOKEN
|
|
77
|
+
valueFrom:
|
|
78
|
+
secretKeyRef:
|
|
79
|
+
name: cloudflare-token
|
|
80
|
+
key: token
|
|
81
|
+
|
|
82
|
+
sources:
|
|
83
|
+
- ingress
|
|
84
|
+
- service
|
|
85
|
+
domainFilters:
|
|
86
|
+
- example.com
|
|
87
|
+
policy: upsert-only # never delete records (safer); use 'sync' to delete orphans
|
|
88
|
+
txtOwnerId: prod-cluster # unique per cluster — prevents multi-cluster conflicts
|
|
89
|
+
interval: 1m
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
```yaml
|
|
93
|
+
# Ingress: external-dns annotation (auto-creates DNS record)
|
|
94
|
+
metadata:
|
|
95
|
+
annotations:
|
|
96
|
+
external-dns.alpha.kubernetes.io/hostname: api.example.com
|
|
97
|
+
external-dns.alpha.kubernetes.io/ttl: "300"
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
```yaml
|
|
101
|
+
# Service (LoadBalancer): automatic DNS for MetalLB IP
|
|
102
|
+
apiVersion: v1
|
|
103
|
+
kind: Service
|
|
104
|
+
metadata:
|
|
105
|
+
name: api-gateway
|
|
106
|
+
annotations:
|
|
107
|
+
external-dns.alpha.kubernetes.io/hostname: api.example.com
|
|
108
|
+
spec:
|
|
109
|
+
type: LoadBalancer
|
|
110
|
+
# MetalLB assigns external IP → external-dns creates A record pointing to it
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
## Split-Horizon DNS (internal vs external)
|
|
114
|
+
|
|
115
|
+
```
|
|
116
|
+
External DNS (Cloudflare/Route53):
|
|
117
|
+
api.example.com → 203.0.113.10 (public load balancer IP)
|
|
118
|
+
|
|
119
|
+
Internal DNS (CoreDNS custom zone):
|
|
120
|
+
api.example.com → 10.10.16.100 (internal load balancer, bypasses public internet)
|
|
121
|
+
|
|
122
|
+
CoreDNS config for split-horizon:
|
|
123
|
+
api.example.com {
|
|
124
|
+
hosts {
|
|
125
|
+
10.10.16.100 api.example.com
|
|
126
|
+
fallthrough
|
|
127
|
+
}
|
|
128
|
+
}
|
|
129
|
+
```
|
|
130
|
+
|
|
131
|
+
## DNS Debugging
|
|
132
|
+
|
|
133
|
+
```bash
|
|
134
|
+
# Test DNS resolution from within cluster
|
|
135
|
+
kubectl run -it --rm dns-debug \
|
|
136
|
+
--image=infoblox/dnstools \
|
|
137
|
+
--restart=Never -- /bin/sh
|
|
138
|
+
|
|
139
|
+
# Inside the pod:
|
|
140
|
+
dig api.example.com # external DNS
|
|
141
|
+
dig payment-service.production.svc.cluster.local # in-cluster DNS
|
|
142
|
+
nslookup kubernetes.default.svc.cluster.local # API server
|
|
143
|
+
dig @10.96.0.10 payment-service.production # query CoreDNS directly
|
|
144
|
+
|
|
145
|
+
# Check CoreDNS is healthy
|
|
146
|
+
kubectl get pods -n kube-system -l k8s-app=kube-dns
|
|
147
|
+
kubectl logs -n kube-system -l k8s-app=kube-dns --tail=50
|
|
148
|
+
|
|
149
|
+
# Debug DNS on a running pod (without kubectl exec)
|
|
150
|
+
kubectl debug -it <pod> -n <ns> --image=infoblox/dnstools -- dig <hostname>
|
|
151
|
+
|
|
152
|
+
# Enable DNS query logging temporarily (for debugging, then revert)
|
|
153
|
+
# Add to Corefile: log . (logs ALL queries — high volume, use briefly)
|
|
154
|
+
|
|
155
|
+
# Check /etc/resolv.conf in a pod
|
|
156
|
+
kubectl exec -it <pod> -n <ns> -- cat /etc/resolv.conf
|
|
157
|
+
# Expected: nameserver 10.96.0.10 (CoreDNS cluster IP)
|
|
158
|
+
# search <namespace>.svc.cluster.local svc.cluster.local cluster.local
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
## Common DNS Issues
|
|
162
|
+
|
|
163
|
+
| Symptom | Cause | Fix |
|
|
164
|
+
|:---|:---|:---|
|
|
165
|
+
| `NXDOMAIN` for internal service | Wrong namespace in FQDN | Use `svc.namespace.svc.cluster.local` |
|
|
166
|
+
| DNS timeout intermittent | CoreDNS overloaded | Increase replicas; add cache; check ndots |
|
|
167
|
+
| Slow external DNS (> 2s) | ndots=5 causing unnecessary queries | Append `.` to FQDNs or set ndots=1 |
|
|
168
|
+
| `connection refused` to external | Egress NetworkPolicy blocks port 53 | Add allow-dns-egress NetworkPolicy |
|
|
169
|
+
| external-dns not creating records | txtOwnerId conflict with another cluster | Use unique txtOwnerId per cluster |
|
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ingress-patterns
|
|
3
|
+
type: skill
|
|
4
|
+
description: NGINX Ingress Controller patterns — TLS, rate limiting, CORS, rewrites, path-based routing, and MetalLB for bare-metal.
|
|
5
|
+
related-rules:
|
|
6
|
+
- ingress-standards.md
|
|
7
|
+
- tls-policy.md
|
|
8
|
+
allowed-tools: Read, Write, Edit
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Ingress Patterns
|
|
12
|
+
|
|
13
|
+
> **Expertise:** NGINX Ingress Controller, MetalLB, cert-manager TLS, rate limiting, CORS, canary routing.
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When creating or reviewing Kubernetes Ingress resources, setting up TLS, configuring rate limits, or debugging 502/504 responses.
|
|
18
|
+
|
|
19
|
+
## Standard Production Ingress
|
|
20
|
+
|
|
21
|
+
```yaml
|
|
22
|
+
apiVersion: networking.k8s.io/v1
|
|
23
|
+
kind: Ingress
|
|
24
|
+
metadata:
|
|
25
|
+
name: api-service
|
|
26
|
+
namespace: production
|
|
27
|
+
annotations:
|
|
28
|
+
# TLS + redirect
|
|
29
|
+
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
30
|
+
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
31
|
+
|
|
32
|
+
# Rate limiting
|
|
33
|
+
nginx.ingress.kubernetes.io/limit-rps: "100"
|
|
34
|
+
nginx.ingress.kubernetes.io/limit-connections: "20"
|
|
35
|
+
|
|
36
|
+
# Timeouts (seconds)
|
|
37
|
+
nginx.ingress.kubernetes.io/proxy-connect-timeout: "10"
|
|
38
|
+
nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
|
|
39
|
+
nginx.ingress.kubernetes.io/proxy-send-timeout: "60"
|
|
40
|
+
|
|
41
|
+
# TLS cert via cert-manager
|
|
42
|
+
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
|
43
|
+
|
|
44
|
+
# Security headers
|
|
45
|
+
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
46
|
+
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
47
|
+
add_header X-Frame-Options DENY always;
|
|
48
|
+
add_header X-Content-Type-Options nosniff always;
|
|
49
|
+
spec:
|
|
50
|
+
ingressClassName: nginx
|
|
51
|
+
tls:
|
|
52
|
+
- hosts: [api.example.com]
|
|
53
|
+
secretName: api-example-com-tls
|
|
54
|
+
rules:
|
|
55
|
+
- host: api.example.com
|
|
56
|
+
http:
|
|
57
|
+
paths:
|
|
58
|
+
- path: /
|
|
59
|
+
pathType: Prefix
|
|
60
|
+
backend:
|
|
61
|
+
service:
|
|
62
|
+
name: api-service
|
|
63
|
+
port: { number: 80 }
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
## Path-Based Routing (API + Frontend)
|
|
67
|
+
|
|
68
|
+
```yaml
|
|
69
|
+
spec:
|
|
70
|
+
rules:
|
|
71
|
+
- host: example.com
|
|
72
|
+
http:
|
|
73
|
+
paths:
|
|
74
|
+
- path: /api
|
|
75
|
+
pathType: Prefix
|
|
76
|
+
backend:
|
|
77
|
+
service: { name: api-service, port: { number: 80 } }
|
|
78
|
+
- path: /
|
|
79
|
+
pathType: Prefix
|
|
80
|
+
backend:
|
|
81
|
+
service: { name: frontend, port: { number: 80 } }
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
## CORS Configuration
|
|
85
|
+
|
|
86
|
+
```yaml
|
|
87
|
+
annotations:
|
|
88
|
+
nginx.ingress.kubernetes.io/enable-cors: "true"
|
|
89
|
+
nginx.ingress.kubernetes.io/cors-allow-origin: "https://app.example.com" # NOT *
|
|
90
|
+
nginx.ingress.kubernetes.io/cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
|
|
91
|
+
nginx.ingress.kubernetes.io/cors-allow-headers: "Authorization, Content-Type"
|
|
92
|
+
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
|
|
93
|
+
```
|
|
94
|
+
|
|
95
|
+
## Canary Routing (A/B / blue-green)
|
|
96
|
+
|
|
97
|
+
```yaml
|
|
98
|
+
# Primary ingress (stable)
|
|
99
|
+
---
|
|
100
|
+
apiVersion: networking.k8s.io/v1
|
|
101
|
+
kind: Ingress
|
|
102
|
+
metadata:
|
|
103
|
+
name: api-stable
|
|
104
|
+
annotations:
|
|
105
|
+
nginx.ingress.kubernetes.io/canary: "false"
|
|
106
|
+
spec: { ... }
|
|
107
|
+
|
|
108
|
+
# Canary ingress (10% traffic)
|
|
109
|
+
---
|
|
110
|
+
apiVersion: networking.k8s.io/v1
|
|
111
|
+
kind: Ingress
|
|
112
|
+
metadata:
|
|
113
|
+
name: api-canary
|
|
114
|
+
annotations:
|
|
115
|
+
nginx.ingress.kubernetes.io/canary: "true"
|
|
116
|
+
nginx.ingress.kubernetes.io/canary-weight: "10" # 10% of traffic
|
|
117
|
+
# OR by header:
|
|
118
|
+
nginx.ingress.kubernetes.io/canary-by-header: "X-Canary"
|
|
119
|
+
nginx.ingress.kubernetes.io/canary-by-header-value: "true"
|
|
120
|
+
spec: { ... } # points to canary service
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
## MetalLB (Bare-Metal Load Balancer)
|
|
124
|
+
|
|
125
|
+
```yaml
|
|
126
|
+
# IPAddressPool — assign bare-metal IPs to LoadBalancer services
|
|
127
|
+
apiVersion: metallb.io/v1beta1
|
|
128
|
+
kind: IPAddressPool
|
|
129
|
+
metadata:
|
|
130
|
+
name: prod-pool
|
|
131
|
+
namespace: metallb-system
|
|
132
|
+
spec:
|
|
133
|
+
addresses:
|
|
134
|
+
- 192.168.10.100-192.168.10.150
|
|
135
|
+
|
|
136
|
+
---
|
|
137
|
+
# L2Advertisement — announce IPs via ARP/NDP
|
|
138
|
+
apiVersion: metallb.io/v1beta1
|
|
139
|
+
kind: L2Advertisement
|
|
140
|
+
metadata:
|
|
141
|
+
name: l2-advert
|
|
142
|
+
namespace: metallb-system
|
|
143
|
+
spec:
|
|
144
|
+
ipAddressPools: [prod-pool]
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
## Debugging Ingress Issues
|
|
148
|
+
|
|
149
|
+
```bash
|
|
150
|
+
# Check ingress controller logs
|
|
151
|
+
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx --tail=100
|
|
152
|
+
|
|
153
|
+
# Verify ingress is configured correctly
|
|
154
|
+
kubectl describe ingress <name> -n <ns>
|
|
155
|
+
|
|
156
|
+
# Check endpoints (service selecting the right pods?)
|
|
157
|
+
kubectl get endpoints <svc> -n <ns>
|
|
158
|
+
|
|
159
|
+
# Test TLS
|
|
160
|
+
curl -v https://api.example.com/health 2>&1 | grep "SSL\|TLS\|certificate"
|
|
161
|
+
|
|
162
|
+
# Check cert-manager certificate status
|
|
163
|
+
kubectl get certificate -n <ns>
|
|
164
|
+
kubectl describe certificate <name> -n <ns>
|
|
165
|
+
```
|
|
@@ -0,0 +1,206 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: service-mesh
|
|
3
|
+
type: skill
|
|
4
|
+
description: Implement service mesh for mTLS, traffic management, and observability — Istio and Linkerd patterns for Kubernetes.
|
|
5
|
+
related-rules:
|
|
6
|
+
- network-segmentation.md
|
|
7
|
+
- tls-policy.md
|
|
8
|
+
allowed-tools: Read, Write, Edit, Bash
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
# Skill: Service Mesh
|
|
12
|
+
|
|
13
|
+
> **Expertise:** Istio and Linkerd installation, mTLS enforcement, traffic shifting, circuit breakers, retry policies, observability.
|
|
14
|
+
|
|
15
|
+
## When to load
|
|
16
|
+
|
|
17
|
+
When implementing service-to-service mTLS, traffic shifting for canary deploys, circuit breakers, or setting up mesh-level observability.
|
|
18
|
+
|
|
19
|
+
## Linkerd (lightweight — recommended for bare-metal K8s)
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
# Install Linkerd CLI
|
|
23
|
+
curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh
|
|
24
|
+
|
|
25
|
+
# Pre-flight check
|
|
26
|
+
linkerd check --pre
|
|
27
|
+
|
|
28
|
+
# Install Linkerd (cert-manager manages control plane certs)
|
|
29
|
+
linkerd install --crds | kubectl apply -f -
|
|
30
|
+
linkerd install \
|
|
31
|
+
--set identity.externalCA=true \
|
|
32
|
+
--set identity.issuer.scheme=kubernetes.io/tls \
|
|
33
|
+
| kubectl apply -f -
|
|
34
|
+
|
|
35
|
+
# Install observability extension (Prometheus + Grafana)
|
|
36
|
+
linkerd viz install | kubectl apply -f -
|
|
37
|
+
|
|
38
|
+
# Verify
|
|
39
|
+
linkerd check
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
## Linkerd: Inject Sidecar
|
|
43
|
+
|
|
44
|
+
```yaml
|
|
45
|
+
# Namespace-level injection (all pods in namespace get sidecar)
|
|
46
|
+
metadata:
|
|
47
|
+
annotations:
|
|
48
|
+
linkerd.io/inject: enabled
|
|
49
|
+
|
|
50
|
+
# Per-deployment injection
|
|
51
|
+
spec:
|
|
52
|
+
template:
|
|
53
|
+
metadata:
|
|
54
|
+
annotations:
|
|
55
|
+
linkerd.io/inject: enabled
|
|
56
|
+
|
|
57
|
+
# Skip injection for a specific pod (e.g., database, cronjob)
|
|
58
|
+
metadata:
|
|
59
|
+
annotations:
|
|
60
|
+
linkerd.io/inject: disabled
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
## Linkerd: Traffic Policies
|
|
64
|
+
|
|
65
|
+
```yaml
|
|
66
|
+
# Retry policy (retry on 5xx up to 3 times)
|
|
67
|
+
apiVersion: policy.linkerd.io/v1beta3
|
|
68
|
+
kind: HTTPRoute
|
|
69
|
+
metadata:
|
|
70
|
+
name: order-service-retries
|
|
71
|
+
namespace: production
|
|
72
|
+
spec:
|
|
73
|
+
parentRefs:
|
|
74
|
+
- name: order-service
|
|
75
|
+
kind: Service
|
|
76
|
+
group: core
|
|
77
|
+
port: 8080
|
|
78
|
+
rules:
|
|
79
|
+
- filters:
|
|
80
|
+
- type: RequestRedirect # or RequestMirror, URLRewrite
|
|
81
|
+
backendRefs:
|
|
82
|
+
- name: order-service
|
|
83
|
+
port: 8080
|
|
84
|
+
|
|
85
|
+
---
|
|
86
|
+
# Timeout policy
|
|
87
|
+
apiVersion: policy.linkerd.io/v1alpha1
|
|
88
|
+
kind: ServiceProfile
|
|
89
|
+
metadata:
|
|
90
|
+
name: order-service.production.svc.cluster.local
|
|
91
|
+
namespace: production
|
|
92
|
+
spec:
|
|
93
|
+
routes:
|
|
94
|
+
- name: POST /orders
|
|
95
|
+
condition:
|
|
96
|
+
method: POST
|
|
97
|
+
pathRegex: /orders
|
|
98
|
+
timeout: 5s
|
|
99
|
+
retryBudget:
|
|
100
|
+
retryRatio: 0.2 # retry up to 20% of requests
|
|
101
|
+
minRetriesPerSecond: 10
|
|
102
|
+
ttl: 10s
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
## Istio (full-featured — more complex)
|
|
106
|
+
|
|
107
|
+
```bash
|
|
108
|
+
# Install Istio with minimal profile (no telemetry addons)
|
|
109
|
+
istioctl install --set profile=minimal -y
|
|
110
|
+
|
|
111
|
+
# Verify
|
|
112
|
+
istioctl verify-install
|
|
113
|
+
kubectl get pods -n istio-system
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
```yaml
|
|
117
|
+
# Enable sidecar injection for namespace
|
|
118
|
+
kubectl label namespace production istio-injection=enabled
|
|
119
|
+
|
|
120
|
+
# Strict mTLS (reject plaintext between injected services)
|
|
121
|
+
apiVersion: security.istio.io/v1beta1
|
|
122
|
+
kind: PeerAuthentication
|
|
123
|
+
metadata:
|
|
124
|
+
name: default
|
|
125
|
+
namespace: production
|
|
126
|
+
spec:
|
|
127
|
+
mtls:
|
|
128
|
+
mode: STRICT # STRICT | PERMISSIVE | DISABLE
|
|
129
|
+
|
|
130
|
+
---
|
|
131
|
+
# AuthorizationPolicy: only allow order-service → payment-service
|
|
132
|
+
apiVersion: security.istio.io/v1beta1
|
|
133
|
+
kind: AuthorizationPolicy
|
|
134
|
+
metadata:
|
|
135
|
+
name: payment-service-authz
|
|
136
|
+
namespace: production
|
|
137
|
+
spec:
|
|
138
|
+
selector:
|
|
139
|
+
matchLabels: { app: payment-service }
|
|
140
|
+
action: ALLOW
|
|
141
|
+
rules:
|
|
142
|
+
- from:
|
|
143
|
+
- source:
|
|
144
|
+
principals: ["cluster.local/ns/production/sa/order-service"]
|
|
145
|
+
to:
|
|
146
|
+
- operation:
|
|
147
|
+
methods: ["POST"]
|
|
148
|
+
paths: ["/charge"]
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
```yaml
|
|
152
|
+
# Istio: traffic shifting (canary)
|
|
153
|
+
apiVersion: networking.istio.io/v1beta1
|
|
154
|
+
kind: VirtualService
|
|
155
|
+
metadata:
|
|
156
|
+
name: order-service
|
|
157
|
+
namespace: production
|
|
158
|
+
spec:
|
|
159
|
+
hosts: [order-service]
|
|
160
|
+
http:
|
|
161
|
+
- route:
|
|
162
|
+
- destination:
|
|
163
|
+
host: order-service
|
|
164
|
+
subset: stable
|
|
165
|
+
weight: 90
|
|
166
|
+
- destination:
|
|
167
|
+
host: order-service
|
|
168
|
+
subset: canary
|
|
169
|
+
weight: 10
|
|
170
|
+
---
|
|
171
|
+
apiVersion: networking.istio.io/v1beta1
|
|
172
|
+
kind: DestinationRule
|
|
173
|
+
metadata:
|
|
174
|
+
name: order-service
|
|
175
|
+
namespace: production
|
|
176
|
+
spec:
|
|
177
|
+
host: order-service
|
|
178
|
+
subsets:
|
|
179
|
+
- name: stable
|
|
180
|
+
labels: { version: stable }
|
|
181
|
+
- name: canary
|
|
182
|
+
labels: { version: canary }
|
|
183
|
+
trafficPolicy:
|
|
184
|
+
connectionPool:
|
|
185
|
+
tcp: { maxConnections: 100 }
|
|
186
|
+
outlierDetection:
|
|
187
|
+
consecutiveGatewayErrors: 5
|
|
188
|
+
interval: 10s
|
|
189
|
+
baseEjectionTime: 30s # circuit breaker: eject after 5 errors
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
## Mesh Observability
|
|
193
|
+
|
|
194
|
+
```bash
|
|
195
|
+
# Linkerd: live traffic stats
|
|
196
|
+
linkerd viz stat deploy -n production
|
|
197
|
+
linkerd viz top deploy/order-service -n production
|
|
198
|
+
linkerd viz tap deploy/order-service -n production
|
|
199
|
+
|
|
200
|
+
# Linkerd: service topology
|
|
201
|
+
linkerd viz edges deployment -n production
|
|
202
|
+
|
|
203
|
+
# Istio: traffic analysis
|
|
204
|
+
istioctl analyze -n production
|
|
205
|
+
kubectl exec -it <pod> -c istio-proxy -n production -- pilot-agent request GET stats | grep upstream_cx
|
|
206
|
+
```
|