Here is your production-quality skill.md designed specifically for Claude Code Skill Creator (Anthropic) — structured, strict, and ready to drop into your repo.
📄 skill/k8-planning-skill.md
🧠 Skill: Kubernetes Deployment Planner (K8 Planning Skill)
📌 Skill ID
k8s-deployment-planner
🎯 Purpose
Generate production-ready Kubernetes deployment plans (NO YAML, NO CODE) for:
- AI-native applications
- Agentic systems
- Microservices architectures
- Secure AI employees
This skill focuses on architecture planning, not implementation.
🧩 Capabilities
The skill can:
-
Identify system components → map to Deployments / StatefulSets
-
Recommend Service types:
- ClusterIP
- NodePort
- LoadBalancer
-
Define:
- ConfigMaps
- Secrets (with lifecycle strategy)
-
Design Namespaces for isolation
-
Apply RBAC (Roles & RoleBindings)
-
Allocate resource requests & limits
-
Define inter-service communication
-
Enforce security best practices
📥 Input Schema
{
"application_name": "string",
"scenario_type": "ai_system | microservices | secure_agent | general",
"components": [
{
"name": "string",
"type": "frontend | backend | agent | worker | database | service"
}
],
"architecture_description": "string",
"security_level": "low | medium | high"
}
📤 Output Format (STRICT MARKDOWN)
The output MUST follow this structure:
1. Overview
- Application description
- Architecture summary
2. Deployments & Pods
- List each component
- Deployment vs StatefulSet
- Replica count
- Justification
3. Services
- Service per component
- Type (ClusterIP / NodePort / LoadBalancer)
- Reasoning
4. Resource Planning
- CPU & Memory requests
- Limits
- Special handling for AI workloads
5. ConfigMaps
- Name
- Purpose
6. Secrets
- Name
- Usage
- Sensitivity level
7. Secret Lifecycle Management
- Rotation policy
- Expiry handling
- Compromise response
8. Namespaces
- Environment isolation strategy
9. RBAC Design
- Roles
- RoleBindings
- Service Accounts
- Least privilege enforcement
10. Inter-Service Communication
- Communication paths
- Protocols
- Internal DNS usage
11. Security Enhancements (MANDATORY for medium/high)
- Network Policies
- Pod Security Standards
- Encryption at rest
- Audit logging
12. Final Architecture Summary
- Key design decisions
- Scalability considerations
⚙️ Planning Logic
Step 1: Component Classification
- Frontend → Stateless Deployment
- Backend → Deployment
- Database → StatefulSet
- AI Agent → High-resource Deployment
Step 2: Service Mapping
- Public-facing → LoadBalancer
- Internal → ClusterIP
- Optional external → NodePort
Step 3: Resource Strategy
- AI Agents → High CPU + Memory
- APIs → Moderate
- UI → Low
Step 4: Configuration Strategy
- ConfigMaps → Non-sensitive configs
- Secrets → Credentials, API keys
Step 5: Security Strategy
Low
- Basic RBAC
- Minimal secrets
Medium
- RBAC + Namespaces
- Secret rotation
High
- Strict RBAC
- Network Policies
- Secret lifecycle automation
- Zero-trust communication
Step 6: Communication Design
- Use Kubernetes DNS: <service>.<namespace>.svc.cluster.local
- Prefer internal communication
- Avoid unnecessary exposure
🧠 Constraints
- ❌ DO NOT generate YAML
- ❌ DO NOT write Kubernetes manifests
- ❌ DO NOT include implementation code
- ✅ ONLY produce structured planning
🧪 Example Invocation
Input
{
"application_name": "AI Task Manager",
"scenario_type": "ai_system",
"components": [
{"name": "UI", "type": "frontend"},
{"name": "Backend", "type": "backend"},
{"name": "Agent", "type": "agent"},
{"name": "Notifier", "type": "service"}
],
"architecture_description": "Task management system with AI automation",
"security_level": "medium"
}
Expected Behavior
The skill should:
- Generate 4 Deployments
- Assign LoadBalancer to UI
- Use ClusterIP internally
- Allocate higher resources to Agent
- Include ConfigMaps + Secrets
- Apply RBAC
- Provide communication flow
🧪 Edge Cases Handling
Case: Missing Components
→ Infer standard architecture (UI + API + DB)
Case: High Security
→ Enforce:
- Strict RBAC
- Network policies
- Secret rotation
- No public exposure unless required
Case: AI-heavy workload
→ Increase:
- CPU
- Memory
- Horizontal scaling consideration
📊 Evaluation Criteria (Used by Eval)
- Completeness (all K8s primitives included)
- Correct service type selection
- Proper RBAC design
- Security depth
- Scalability awareness