Kubernetes Specialist
Author production-grade Kubernetes ConfigMaps and Secrets with correct mounting patterns instead of guessing YAML.
Overview
Kubernetes-specialist is an agent skill most often used in Operate (also Ship launch prep) that documents ConfigMap and Secret YAML and kubectl patterns for production Kubernetes configuration.
Install
npx skills add https://github.com/jeffallan/claude-skills --skill kubernetes-specialistWhat is this skill?
- Production-ready ConfigMap YAML for key-value, multi-line properties, JSON, and nested YAML blobs
- kubectl recipes to create ConfigMaps from literals, single files, or whole directories
- Opaque Secret patterns with stringData vs base64 data and TLS material examples
- Namespace-scoped metadata conventions (e.g. production) for config and secrets separation
- Reference-oriented snippets agents can paste into Deployments and Helm values
Adoption & trust: 10.2k installs on skills.sh; 9.7k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are shipping to Kubernetes but your agent keeps mixing plain config with secrets, wrong encoding, or blobs that do not mount cleanly into pods.
Who is it for?
Indie SaaS operators moving from `.env` files to cluster ConfigMaps and Kubernetes Secrets with consistent production naming.
Skip if: Greenfield local-only prototypes with no cluster, or teams that already standardize entirely on external secret managers without in-cluster Secrets.
When should I use this skill?
User needs Kubernetes ConfigMap or Secret YAML, kubectl creation patterns, or production configuration structure for cluster workloads.
What do I get? / Deliverables
You get namespace-scoped ConfigMap and Secret manifests plus kubectl creation commands ready to wire into Deployments, StatefulSets, or GitOps repos.
- ConfigMap and Secret manifest YAML
- kubectl commands to create maps from literals or files
- Structured config blobs (properties, JSON, YAML) ready for volume mounts
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Operate infra is the canonical home for runtime cluster configuration, while the same manifests are drafted earlier during Ship launch prep. ConfigMaps and Secrets are core cluster state and security plumbing—not application feature code or growth analytics.
Where it fits
Map database pool settings into a ConfigMap while keeping passwords in a separate Secret referenced by the Deployment.
Generate production namespace ConfigMaps from a configs/ directory before the first rollout.
Rotate API keys by updating an Opaque Secret and rolling pods without touching container images.
How it compares
YAML and kubectl reference for K8s config/secrets—not a managed PaaS deploy skill or a full Helm chart generator.
Common Questions / FAQ
Who is kubernetes-specialist for?
Developers operating their own Kubernetes namespaces who need vetted ConfigMap and Secret examples during deploy and iteration.
When should I use kubernetes-specialist?
During Ship launch when wiring environment config; in Operate infra when rotating credentials or splitting config from secrets; in Build backend when aligning app settings with cluster conventions.
Is kubernetes-specialist safe to install?
The skill contains example secret values and TLS placeholders—never commit real credentials; review the Security Audits panel on this page and follow your org’s secret handling rules.
SKILL.md
READMESKILL.md - Kubernetes Specialist
# Kubernetes Configuration Management ## ConfigMap Patterns ### Basic ConfigMap ```yaml apiVersion: v1 kind: ConfigMap metadata: name: app-config namespace: production data: # Simple key-value pairs database.host: "postgres-service.database.svc.cluster.local" database.port: "5432" database.name: "appdb" # Multi-line configuration app.properties: | server.port=8080 logging.level=INFO cache.enabled=true cache.ttl=3600 # JSON configuration features.json: | { "featureA": true, "featureB": false, "maxConnections": 100 } # YAML configuration config.yaml: | server: port: 8080 timeout: 30s database: pool_size: 20 max_connections: 100 ``` ### ConfigMap from Files ```bash # Create from literal values kubectl create configmap app-config \ --from-literal=database.host=postgres \ --from-literal=database.port=5432 # Create from file kubectl create configmap nginx-config \ --from-file=nginx.conf # Create from directory kubectl create configmap app-configs \ --from-file=configs/ ``` ## Secret Patterns ### Opaque Secret (Generic) ```yaml apiVersion: v1 kind: Secret metadata: name: app-secrets namespace: production type: Opaque stringData: # Plain text (will be base64 encoded) db-password: "MySecurePassword123!" api-key: "sk-1234567890abcdef" jwt-secret: "super-secret-jwt-key" data: # Already base64 encoded tls.crt: LS0tLS1CRUdJTi... tls.key: LS0tLS1CRUdJTi... ``` ### TLS Secret ```yaml apiVersion: v1 kind: Secret metadata: name: example-tls namespace: production type: kubernetes.io/tls stringData: tls.crt: | -----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgIJAKZ... -----END CERTIFICATE----- tls.key: | -----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0B... -----END PRIVATE KEY----- ``` ### Docker Registry Secret ```yaml apiVersion: v1 kind: Secret metadata: name: registry-credentials namespace: production type: kubernetes.io/dockerconfigjson stringData: .dockerconfigjson: | { "auths": { "myregistry.io": { "username": "myuser", "password": "mypassword", "email": "user@example.com", "auth": "bXl1c2VyOm15cGFzc3dvcmQ=" } } } ``` ### Basic Auth Secret ```yaml apiVersion: v1 kind: Secret metadata: name: basic-auth namespace: production type: kubernetes.io/basic-auth stringData: username: admin password: super-secret-password ``` ### SSH Auth Secret ```yaml apiVersion: v1 kind: Secret metadata: name: ssh-key namespace: production type: kubernetes.io/ssh-auth stringData: ssh-privatekey: | -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUA... -----END OPENSSH PRIVATE KEY----- ``` ## Using ConfigMaps and Secrets ### Environment Variables ```yaml apiVersion: v1 kind: Pod metadata: name: app-pod spec: containers: - name: app image: myapp:latest env: # Single value from ConfigMap - name: DATABASE_HOST valueFrom: configMapKeyRef: name: app-config key: database.host # Single value from Secret - name: DATABASE_PASSWORD valueFrom: secretKeyRef: name: app-secrets key: db-password # All keys from ConfigMap as env vars envFrom: - configMapRef: name: app-config prefix: CONFIG_ # All keys from Secret as env vars - secretRef: name: app-secrets prefix: SECRET_ ``` ### Volume Mounts ```yaml apiVersion: v1 kind: Pod metadata: name: app-pod spec: containers: - name: app image: myapp:latest volumeMounts: # Mount entire ConfigMap as directory - name: config-volume mountPath: /etc/config readOnly: true # Mount specific key as file - name: app-properties mountPath: /etc/app/app.properties subPath: app.properties readOnly: true # Mount Secret as files - name: s