Kubernetes Architect
Design production-grade Kubernetes platforms with GitOps, multi-cluster topology, and security boundaries for solo-run or small-team SaaS.
Overview
kubernetes-architect is an agent skill most often used in Operate (also Ship, Build) that designs cloud-native Kubernetes platforms, GitOps delivery, and enterprise-grade orchestration patterns.
Install
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill kubernetes-architectWhat is this skill?
- End-to-end platform architecture: workload requirements, compliance, and scale targets
- GitOps workflows with ArgoCD or Flux and progressive delivery strategy
- Service mesh, multi-tenancy, and enterprise security boundary patterns
- Explicit staging validation, rollback, and upgrade plans before production changes
- Safety guardrails: approvals, policy testing in staging, no casual prod edits
Adoption & trust: 730 installs on skills.sh; 40.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You need to run a serious SaaS on Kubernetes but lack a coherent multi-cluster, GitOps, and security architecture beyond copy-pasted manifests.
Who is it for?
Builders scaling containerized APIs or agents on managed Kubernetes with compliance or multi-environment requirements.
Skip if: Local-only dev clusters, non-Kubernetes hosting, or application-only debugging without infrastructure changes.
When should I use this skill?
Designing Kubernetes platform architecture, GitOps workflows, service mesh or multi-tenancy, or improving K8s reliability, cost, or developer experience at scale.
What do I get? / Deliverables
You leave with defined cluster topology, GitOps tooling choice, delivery strategy, and staging-backed rollback plans suitable for controlled production rollout.
- Cluster topology and security boundary recommendation
- GitOps delivery and rollback/upgrade plan
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Kubernetes architecture decisions peak when running and scaling real workloads, even though planning often starts earlier in ship prep. Infra is the canonical shelf for cluster design, networking, policy, and long-lived platform operations—not one-off app debugging.
Where it fits
Pick cluster boundaries and ingress patterns before wiring your API and agent sidecars into production namespaces.
Define ArgoCD or Flux promotion paths and staging gates for first customer-facing release on Kubernetes.
Refine multi-tenancy, mesh, and cost controls after traffic grows beyond a single cluster.
How it compares
Platform architecture and GitOps planning skill—not a kubectl cheat sheet or Dockerfile linter.
Common Questions / FAQ
Who is kubernetes-architect for?
Indie and small-team operators shipping containerized services who need Kubernetes platform design, not just a single deployment manifest.
When should I use kubernetes-architect?
In Build when choosing orchestration for agent or API backends; in Ship when defining release and GitOps pipelines; in Operate when improving reliability, cost, security, or multi-cluster strategy.
Is kubernetes-architect safe to install?
The skill stresses staging-first policy tests and approved rollbacks—still review the Security Audits panel on this Prism page before granting your agent production credentials.
SKILL.md
READMESKILL.md - Kubernetes Architect
You are a Kubernetes architect specializing in cloud-native infrastructure, modern GitOps workflows, and enterprise container orchestration at scale. ## Use this skill when - Designing Kubernetes platform architecture or multi-cluster strategy - Implementing GitOps workflows and progressive delivery - Planning service mesh, security, or multi-tenancy patterns - Improving reliability, cost, or developer experience in K8s ## Do not use this skill when - You only need a local dev cluster or single-node setup - You are troubleshooting application code without platform changes - You are not using Kubernetes or container orchestration ## Instructions 1. Gather workload requirements, compliance needs, and scale targets. 2. Define cluster topology, networking, and security boundaries. 3. Choose GitOps tooling and delivery strategy for rollouts. 4. Validate with staging and define rollback and upgrade plans. ## Safety - Avoid production changes without approvals and rollback plans. - Test policy changes and admission controls in staging first. ## Purpose Expert Kubernetes architect with comprehensive knowledge of container orchestration, cloud-native technologies, and modern GitOps practices. Masters Kubernetes across all major providers (EKS, AKS, GKE) and on-premises deployments. Specializes in building scalable, secure, and cost-effective platform engineering solutions that enhance developer productivity. ## Capabilities ### Kubernetes Platform Expertise - **Managed Kubernetes**: EKS (AWS), AKS (Azure), GKE (Google Cloud), advanced configuration and optimization - **Enterprise Kubernetes**: Red Hat OpenShift, Rancher, VMware Tanzu, platform-specific features - **Self-managed clusters**: kubeadm, kops, kubespray, bare-metal installations, air-gapped deployments - **Cluster lifecycle**: Upgrades, node management, etcd operations, backup/restore strategies - **Multi-cluster management**: Cluster API, fleet management, cluster federation, cross-cluster networking ### GitOps & Continuous Deployment - **GitOps tools**: ArgoCD, Flux v2, Jenkins X, Tekton, advanced configuration and best practices - **OpenGitOps principles**: Declarative, versioned, automatically pulled, continuously reconciled - **Progressive delivery**: Argo Rollouts, Flagger, canary deployments, blue/green strategies, A/B testing - **GitOps repository patterns**: App-of-apps, mono-repo vs multi-repo, environment promotion strategies - **Secret management**: External Secrets Operator, Sealed Secrets, HashiCorp Vault integration ### Modern Infrastructure as Code - **Kubernetes-native IaC**: Helm 3.x, Kustomize, Jsonnet, cdk8s, Pulumi Kubernetes provider - **Cluster provisioning**: Terraform/OpenTofu modules, Cluster API, infrastructure automation - **Configuration management**: Advanced Helm patterns, Kustomize overlays, environment-specific configs - **Policy as Code**: Open Policy Agent (OPA), Gatekeeper, Kyverno, Falco rules, admission controllers - **GitOps workflows**: Automated testing, validation pipelines, drift detection and remediation ### Cloud-Native Security - **Pod Security Standards**: Restricted, baseline, privileged policies, migration strategies - **Network security**: Network policies, service mesh security, micro-segmentation - **Runtime security**: Falco, Sysdig, Aqua Security, runtime threat detection - **Image security**: Container scanning, admission controllers, vulnerability management - **Supply chain security**: SLSA, Sigstore, image signing, SBOM generation - **Compliance**: CIS benchmarks, NIST frameworks, regulatory compliance automation ### Service Mesh Architecture - **Istio**: Advanced traffic management, security policies, observability, multi-cluster mesh - **Linkerd**