k8s-manifest-generator

Name: k8s-manifest-generator
Author: W. Shobson

KubernetesK8sYAMLDevOpsCloud NativeInfrastructure as CodeManifestsContainerization

⭐ 36.8k📄 MIT🕒 2026-06-16Source ↗

Install this skill

npx skills add wshobson/agents

Works across Claude Code, Cursor, Codex, Copilot & Antigravity

The k8s-manifest-generator skill provides a standardized framework for drafting Kubernetes YAML manifests. It automates the generation of core resource definitions such as Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims, ensuring alignment with cloud-native operational standards. By enforcing structured metadata, resource constraints, and health probe configurations, this skill minimizes common configuration errors. It helps developers move beyond basic pod definitions into secure, production-ready specifications that include environment variables, security contexts, and network routing logic. Rather than manually typing verbose boilerplate code, this skill assists in assembling consistent, valid objects that satisfy Kubernetes API requirements for deployments, stateful sets, and persistent storage management across various environment contexts.

When to Use This Skill

•Scaffolding new microservices for deployment on EKS, GKE, or self-hosted clusters
•Refactoring existing ad-hoc pod definitions into organized production-ready Deployment manifests
•Creating multi-environment configuration structures using ConfigMaps and Secrets
•Defining network service layers to expose internal applications via ClusterIP or LoadBalancer

How to Invoke This Skill

Example prompts that trigger this skill in Claude Code, Cursor, or Antigravity:

“generate a deployment yaml for my app
“create a kubernetes service manifest for port 80
“help me write a secret file for my db credentials
“configure liveness and readiness probes for a spring boot app
“create a configmap from these key value pairs

Pro Tips

💡Always specify clear resource requests and limits to prevent noisy neighbor issues and ensure QoS within your cluster.
💡Leverage GitOps principles by version-controlling the generated manifests and applying them via CI/CD pipelines.
💡After generation, review the manifests with tools like `kubeval` or `conftest` to validate schema and policy adherence before deployment.

What this skill does

•Generates boilerplate YAML for Deployments, Services, and ConfigMaps
•Configures resource requests and limits for CPU and memory management
•Defines health check endpoints through liveness and readiness probe blocks
•Formats sensitive data into Kubernetes Secret objects using stringData
•Implements standard labeling and selector patterns for inter-resource connectivity

When not to use it

✕Managing highly complex Helm charts or Kustomize base layers
✕Interacting with GitOps controllers like ArgoCD that require specific file structures
✕Updating legacy YAML files where automation might overwrite existing manual annotations

Example workflow

Define the workload parameters including image name and port constraints
Generate the base Deployment manifest with defined resource limits
Construct the corresponding Service resource to expose the application port
Extract static configuration variables into a separate ConfigMap object
Package sensitive keys into a Secret and mount them to the deployment
Review the generated YAML files for syntax accuracy and label consistency

Prerequisites

–Basic knowledge of Kubernetes object types
–Container image URI and registry access details
–Environment variable requirements for the target application

Pitfalls & limitations

!Generating Secrets in plain text requires immediate replacement with sealed secrets or external vaults
!Omitting resource limits can lead to pod scheduling issues in constrained clusters
!Over-reliance on automatic generation can lead to ignoring required security context settings

FAQ

Does this skill replace Helm?

No, it generates individual YAML files that can be used independently or as a starting point for building your own templates.

Can it help me with stateful applications?

Yes, it supports the generation of PersistentVolumeClaims which are essential for storage-backed workloads.

Is the generated configuration secure by default?

It enforces best practices like resource requests and health probes, but you must ensure sensitive values are managed by an external security provider after generation.

How it compares

Unlike a generic LLM prompt that might hallucinate deprecated API versions, this skill strictly follows v1 stable APIs and verified best practices to prevent runtime scheduling errors.

Source & trust

⭐ 37k stars📄 MIT🕒 Updated 2026-06-16

View original skill on GitHub →

📄 Full skill instructions — original source: wshobson/agents

# Kubernetes Manifest Generator

Step-by-step guidance for creating production-ready Kubernetes manifests including Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims.

## Purpose

This skill provides comprehensive guidance for generating well-structured, secure, and production-ready Kubernetes manifests following cloud-native best practices and Kubernetes conventions.

## When to Use This Skill

Use this skill when you need to:

- Create new Kubernetes Deployment manifests
- Define Service resources for network connectivity
- Generate ConfigMap and Secret resources for configuration management
- Create PersistentVolumeClaim manifests for stateful workloads
- Follow Kubernetes best practices and naming conventions
- Implement resource limits, health checks, and security contexts
- Design manifests for multi-environment deployments

## Step-by-Step Workflow

### 1. Gather Requirements

**Understand the workload:**

- Application type (stateless/stateful)
- Container image and version
- Environment variables and configuration needs
- Storage requirements
- Network exposure requirements (internal/external)
- Resource requirements (CPU, memory)
- Scaling requirements
- Health check endpoints

**Questions to ask:**

- What is the application name and purpose?
- What container image and tag will be used?
- Does the application need persistent storage?
- What ports does the application expose?
- Are there any secrets or configuration files needed?
- What are the CPU and memory requirements?
- Does the application need to be exposed externally?

### 2. Create Deployment Manifest

**Follow this structure:**

apiVersion: apps/v1
kind: Deployment
metadata:
  name: <app-name>
  namespace: <namespace>
  labels:
    app: <app-name>
    version: <version>
spec:
  replicas: 3
  selector:
    matchLabels:
      app: <app-name>
  template:
    metadata:
      labels:
        app: <app-name>
        version: <version>
    spec:
      containers:
        - name: <container-name>
          image: <image>:<tag>
          ports:
            - containerPort: <port>
              name: http
          resources:
            requests:
              memory: "256Mi"
              cpu: "250m"
            limits:
              memory: "512Mi"
              cpu: "500m"
          livenessProbe:
            httpGet:
              path: /health
              port: http
            initialDelaySeconds: 30
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /ready
              port: http
            initialDelaySeconds: 5
            periodSeconds: 5
          env:
            - name: ENV_VAR
              value: "value"
          envFrom:
            - configMapRef:
                name: <app-name>-config
            - secretRef:
                name: <app-name>-secret

**Best practices to apply:**

- Always set resource requests and limits
- Implement both liveness and readiness probes
- Use specific image tags (never :latest)
- Apply security context for non-root users
- Use labels for organization and selection
- Set appropriate replica count based on availability needs

**Reference:** See references/deployment-spec.md for detailed deployment options

### 3. Create Service Manifest

**Choose the appropriate Service type:**

**ClusterIP (internal only):**

apiVersion: v1
kind: Service
metadata:
  name: <app-name>
  namespace: <namespace>
  labels:
    app: <app-name>
spec:
  type: ClusterIP
  selector:
    app: <app-name>
  ports:
    - name: http
      port: 80
      targetPort: 8080
      protocol: TCP

**LoadBalancer (external access):**

apiVersion: v1
kind: Service
metadata:
  name: <app-name>
  namespace: <namespace>
  labels:
    app: <app-name>
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-type: nlb
spec:
  type: LoadBalancer
  selector:
    app: <app-name>
  ports:
    - name: http
      port: 80
      targetPort: 8080
      protocol: TCP

**Reference:** See references/service-spec.md for service types and networking

### 4. Create ConfigMap

**For application configuration:**

apiVersion: v1
kind: ConfigMap
metadata:
  name: <app-name>-config
  namespace: <namespace>
data:
  APP_MODE: production
  LOG_LEVEL: info
  DATABASE_HOST: db.example.com
  # For config files
  app.properties: |
    server.port=8080
    server.host=0.0.0.0
    logging.level=INFO

**Best practices:**

- Use ConfigMaps for non-sensitive data only
- Organize related configuration together
- Use meaningful names for keys
- Consider using one ConfigMap per component
- Version ConfigMaps when making changes

**Reference:** See assets/configmap-template.yaml for examples

### 5. Create Secret

**For sensitive data:**

apiVersion: v1
kind: Secret
metadata:
  name: <app-name>-secret
  namespace: <namespace>
type: Opaque
stringData:
  DATABASE_PASSWORD: "changeme"
  API_KEY: "secret-api-key"
  # For certificate files
  tls.crt: |
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
  tls.key: |
    -----BEGIN PRIVATE KEY-----
    ...
    -----END PRIVATE KEY-----

**Security considerations:**

- Never commit secrets to Git in plain text
- Use Sealed Secrets, External Secrets Operator, or Vault
- Rotate secrets regularly
- Use RBAC to limit secret access
- Consider using Secret type: kubernetes.io/tls for TLS secrets

### 6. Create PersistentVolumeClaim (if needed)

**For stateful applications:**

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: <app-name>-data
  namespace: <namespace>
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: gp3
  resources:
    requests:
      storage: 10Gi

**Mount in Deployment:**

spec:
  template:
    spec:
      containers:
        - name: app
          volumeMounts:
            - name: data
              mountPath: /var/lib/app
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: <app-name>-data

**Storage considerations:**

- Choose appropriate StorageClass for performance needs
- Use ReadWriteOnce for single-pod access
- Use ReadWriteMany for multi-pod shared storage
- Consider backup strategies
- Set appropriate retention policies

### 7. Apply Security Best Practices

**Add security context to Deployment:**

spec:
  template:
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 1000
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: app
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            capabilities:
              drop:
                - ALL

**Security checklist:**

- [ ] Run as non-root user
- [ ] Drop all capabilities
- [ ] Use read-only root filesystem
- [ ] Disable privilege escalation
- [ ] Set seccomp profile
- [ ] Use Pod Security Standards

### 8. Add Labels and Annotations

**Standard labels (recommended):**

metadata:
  labels:
    app.kubernetes.io/name: <app-name>
    app.kubernetes.io/instance: <instance-name>
    app.kubernetes.io/version: "1.0.0"
    app.kubernetes.io/component: backend
    app.kubernetes.io/part-of: <system-name>
    app.kubernetes.io/managed-by: kubectl

**Useful annotations:**

metadata:
  annotations:
    description: "Application description"
    contact: "[email protected]"
    prometheus.io/scrape: "true"
    prometheus.io/port: "9090"
    prometheus.io/path: "/metrics"

### 9. Organize Multi-Resource Manifests

**File organization options:**

**Option 1: Single file with --- separator**

# app-name.yaml
---
apiVersion: v1
kind: ConfigMap
...
---
apiVersion: v1
kind: Secret
...
---
apiVersion: apps/v1
kind: Deployment
...
---
apiVersion: v1
kind: Service
...

**Option 2: Separate files**

manifests/
├── configmap.yaml
├── secret.yaml
├── deployment.yaml
├── service.yaml
└── pvc.yaml

**Option 3: Kustomize structure**

base/
├── kustomization.yaml
├── deployment.yaml
├── service.yaml
└── configmap.yaml
overlays/
├── dev/
│   └── kustomization.yaml
└── prod/
    └── kustomization.yaml

### 10. Validate and Test

**Validation steps:**

# Dry-run validation
kubectl apply -f manifest.yaml --dry-run=client

# Server-side validation
kubectl apply -f manifest.yaml --dry-run=server

# Validate with kubeval
kubeval manifest.yaml

# Validate with kube-score
kube-score score manifest.yaml

# Check with kube-linter
kube-linter lint manifest.yaml

**Testing checklist:**

- [ ] Manifest passes dry-run validation
- [ ] All required fields are present
- [ ] Resource limits are reasonable
- [ ] Health checks are configured
- [ ] Security context is set
- [ ] Labels follow conventions
- [ ] Namespace exists or is created

## Common Patterns

### Pattern 1: Simple Stateless Web Application

**Use case:** Standard web API or microservice

**Components needed:**

- Deployment (3 replicas for HA)
- ClusterIP Service
- ConfigMap for configuration
- Secret for API keys
- HorizontalPodAutoscaler (optional)

**Reference:** See assets/deployment-template.yaml

### Pattern 2: Stateful Database Application

**Use case:** Database or persistent storage application

**Components needed:**

- StatefulSet (not Deployment)
- Headless Service
- PersistentVolumeClaim template
- ConfigMap for DB configuration
- Secret for credentials

### Pattern 3: Background Job or Cron

**Use case:** Scheduled tasks or batch processing

**Components needed:**

- CronJob or Job
- ConfigMap for job parameters
- Secret for credentials
- ServiceAccount with RBAC

### Pattern 4: Multi-Container Pod

**Use case:** Application with sidecar containers

**Components needed:**

- Deployment with multiple containers
- Shared volumes between containers
- Init containers for setup
- Service (if needed)

## Templates

The following templates are available in the assets/ directory:

- deployment-template.yaml - Standard deployment with best practices
- service-template.yaml - Service configurations (ClusterIP, LoadBalancer, NodePort)
- configmap-template.yaml - ConfigMap examples with different data types
- secret-template.yaml - Secret examples (to be generated, not committed)
- pvc-template.yaml - PersistentVolumeClaim templates

## Reference Documentation

- references/deployment-spec.md - Detailed Deployment specification
- references/service-spec.md - Service types and networking details

## Best Practices Summary

1. **Always set resource requests and limits** - Prevents resource starvation
2. **Implement health checks** - Ensures Kubernetes can manage your application
3. **Use specific image tags** - Avoid unpredictable deployments
4. **Apply security contexts** - Run as non-root, drop capabilities
5. **Use ConfigMaps and Secrets** - Separate config from code
6. **Label everything** - Enables filtering and organization
7. **Follow naming conventions** - Use standard Kubernetes labels
8. **Validate before applying** - Use dry-run and validation tools
9. **Version your manifests** - Keep in Git with version control
10. **Document with annotations** - Add context for other developers

## Troubleshooting

**Pods not starting:**

- Check image pull errors: kubectl describe pod <pod-name>
- Verify resource availability: kubectl get nodes
- Check events: kubectl get events --sort-by='.lastTimestamp'

**Service not accessible:**

- Verify selector matches pod labels: kubectl get endpoints <service-name>
- Check service type and port configuration
- Test from within cluster: kubectl run debug --rm -it --image=busybox -- sh

**ConfigMap/Secret not loading:**

- Verify names match in Deployment
- Check namespace
- Ensure resources exist: kubectl get configmap,secret

## Next Steps

After creating manifests:

1. Store in Git repository
2. Set up CI/CD pipeline for deployment
3. Consider using Helm or Kustomize for templating
4. Implement GitOps with ArgoCD or Flux
5. Add monitoring and observability

## Related Skills

- helm-chart-scaffolding - For templating and packaging
- gitops-workflow - For automated deployments
- k8s-security-policies - For advanced security configurations

By W. Shobson

How to Use This Skill Unit

Option A: Project-Specific (Recommended)

Click "Download" above
In your project, create the directory: .agent/skills/k8s-manifest-generator/
Save the file as SKILL.md
The agent will automatically discover the skill based on its description.

Option B: Global Installation (All Agents)

Save the file to these locations to make it available across all projects:

Claude Code: ~/.claude/skills/wshobson/agents/k8s-manifest-generator/SKILL.md
Cursor: ~/.cursor/skills/wshobson/agents/k8s-manifest-generator/SKILL.md
Antigravity: ~/.gemini/antigravity/skills/wshobson/agents/k8s-manifest-generator/SKILL.md