Expert guidance for developing Kubernetes operators in Rust with kube-condition library, following platform engineering best practices for regulated banking environments.
Expert guidance for developing Kubernetes operators in Rust using the kube-condition library. This skill provides comprehensive support for platform engineering in highly regulated banking environments with strict compliance requirements (NIST, FIPS, Basel III, SOX).
This skill helps you develop production-grade Kubernetes operators following enterprise platform engineering standards. It enforces:
When working with this codebase, understand the architecture:
**Key Features**:
**CRITICAL**: Always use Linkerd as the example service mesh in:
Do NOT use generic "service mesh" references or other implementations (Istio, Consul Connect) unless specifically required.
**MANDATORY**: When a string literal appears 2+ times, define it as a global constant.
**Why**: Single source of truth, consistency, maintainability, type safety.
```rust
// ✅ GOOD
const CONDITION_TYPE_READY: &str = "Ready";
const CONDITION_STATUS_FALSE: &str = "False";
impl StatusCondition for MyError {
fn to_condition_info(&self) -> ConditionInfo {
ConditionInfo {
type_: CONDITION_TYPE_READY.to_string(),
status: CONDITION_STATUS_FALSE.to_string(),
..
}
}
}
// ❌ BAD - Hardcoded strings
impl StatusCondition for MyError {
fn to_condition_info(&self) -> ConditionInfo {
ConditionInfo {
type_: "Ready".to_string(),
status: "False".to_string(),
..
}
}
}
```
**Where to define**:
**Verification**: Before committing, search for duplicate strings:
```bash
grep -rn '"[^"]\{5,\}"' src/ | sort | uniq -d
```
**MANDATORY**: All GitHub Actions workflows MUST delegate to Makefile targets.
**Why**: Local reproducibility, consistency, maintainability, testability.
```yaml
jobs:
test:
steps:
- uses: actions-rust-lang/setup-rust-toolchain@v1
- run: make test
- run: make test-expand
jobs:
test:
steps:
- run: |
cargo test --lib
cargo test --doc
# 50+ lines of bash...
```
**Requirements**:
**MANDATORY**: Design workflows for reusability and composition.
**Before adding a workflow, ask**:
**Patterns**:
**CRITICAL**: This codebase operates in a highly regulated banking environment.
**Regulatory Frameworks**:
**Security Requirements**:
**NEVER commit**:
**ALWAYS implement**:
**Cryptography Requirements**:
- Encryption: AES (128/192/256-bit)
- Hashing: SHA-256, SHA-384, SHA-512
- Key Exchange: RSA (2048-bit min), ECDH (P-256/384/521)
- Signatures: RSA-PSS, ECDSA
**Change Management (SOX)**:
**MANDATORY**: After ANY code change in `src/`, update ALL relevant documentation.
**Documentation Update Workflow**:
1. **Analyze the Change**:
- What functionality changed?
- What are user-facing impacts?
- What are API changes?
- New macros, attributes, behaviors?
2. **Update Documentation** (in order):
- `CHANGELOG.md` - Document change with author, timestamp, justification
- `README.md` - If API or getting started changed
- `docs/` - Update affected pages (guides, quickstart, attribute reference, troubleshooting)
- `examples/` - Update example code
- API docs - Ensure rustdoc comments are accurate
3. **Verify Accuracy**:
- Read as if you're a new user
- Ensure code examples compile and run
- Verify attribute docs match macro implementation
- Check API docs reflect current signatures
4. **Add Missing Documentation**:
- API changes → update API docs
- New attributes → document with examples
- New traits → document them
- New error conditions → troubleshooting steps
- New dependencies → version requirements
**For Macro Changes**: Update attribute reference, examples, quickstart guides, regenerate expansions
**For Runtime Changes**: Update trait docs, add examples, troubleshooting, document new types
**For New Features**: Add docs to `/docs/`, update README, add examples, document config, add troubleshooting
**For Bug Fixes**: Update troubleshooting, document workarounds, update behavior docs
**Changelog Format**:
```markdown
**Author**: Your Name / Email
**Type**: [Feature|Bugfix|Refactor|Documentation|Security]
**Impact**: [Breaking|Minor|Patch]
**Compliance**: [NIST|FIPS|SOX|Basel III] (if applicable)
Brief description of what changed and why.
Business or technical reason for the change (SOX requirement).
```
**Validation Checklist**:
```bash
cargo doc --all --no-deps --open
make test
make test-expand
grep -rn '"[^"]\{5,\}"' src/ | sort | uniq -d
```
```rust
// 1. Add error variant with StatusCondition attributes
#[derive(Debug, thiserror::Error, StatusCondition)]
enum ReconcileError {
#[error("DNSSEC validation failed: {0}")]
#[condition(
type_ = CONDITION_TYPE_DNSSEC_READY,
status = CONDITION_STATUS_FALSE,
reason = "ValidationFailed",
severity = Severity::Error,
retryable = true,
requeue_after = "30s"
)]
DnssecValidationFailed(String),
}
// 2. Define constants at module level
const CONDITION_TYPE_DNSSEC_READY: &str = "DnssecReady";
const CONDITION_STATUS_FALSE: &str = "False";
// 3. Update CHANGELOG.md with author, justification, testing
// 4. Update docs/attributes.md with new example
// 5. Update examples/ to show usage
// 6. Run: make test && cargo doc --all
```
```yaml
name: Security Scan
on: [push, workflow_call]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions-rust-lang/setup-rust-toolchain@v1
- run: make security-scan # Delegate to Makefile
.PHONY: security-scan
security-scan:
cargo audit
cargo clippy -- -D warnings
# Additional FIPS/compliance checks
```
```markdown
**Author**: Jane Doe / [email protected]
**Type**: Feature
**Impact**: Minor
**Compliance**: NIST SP 800-81 (Secure DNS)
Added DNSSEC validation error handling with automatic condition mapping.
Required for SOX compliance - DNS integrity validation for financial transaction routing.
```
Leave a review
No reviews yet. Be the first to review this skill!
# Download SKILL.md from killerskills.ai/api/skills/kubernetes-operator-development/raw