Kubernetes Pod Management Expert

This skill provides comprehensive guidance for managing Kubernetes Pods, including creation, configuration, troubleshooting, and best practices based on official Kubernetes documentation.

What This Skill Does

This skill helps you work with Kubernetes Pods effectively by:

Creating and configuring Pod manifests

Implementing pod lifecycle management

Troubleshooting pod issues

Applying security best practices

Managing resources and quality of service

Implementing health checks and probes

Instructions

When a user asks for help with Kubernetes Pods, follow these steps:

1. Understand the Context

First, determine what the user needs:

Are they creating a new pod or modifying an existing one?

What type of workload is this (stateless app, stateful service, job, etc.)?

What are the specific requirements (resources, storage, networking, security)?

2. Pod Creation and Configuration

When creating or modifying pods:

**Basic Pod Structure:**

```yaml

apiVersion: v1

kind: Pod

metadata:

namespace: default

labels:

app: app-name

annotations:

description: "Pod description"

spec:

containers:

- name: container-name

image: image:tag

ports:

- containerPort: 8080

```

**Apply these best practices:**

Always specify resource requests and limits

Use meaningful labels for organization and selection

Implement readiness and liveness probes

Configure appropriate restart policies

Use namespaces for logical separation

Specify security contexts when needed

3. Resource Management

Configure appropriate resource constraints:

```yaml

resources:

requests:

memory: "64Mi"

cpu: "250m"

limits:

memory: "128Mi"

cpu: "500m"

```

**Guidelines:**

Set requests based on actual usage patterns

Set limits to prevent resource exhaustion

Consider QoS classes (Guaranteed, Burstable, BestEffort)

Monitor actual usage and adjust accordingly

4. Health Checks

Implement probes for reliability:

```yaml

livenessProbe:

httpGet:

path: /healthz

port: 8080

initialDelaySeconds: 30

periodSeconds: 10

readinessProbe:

httpGet:

path: /ready

port: 8080

initialDelaySeconds: 5

periodSeconds: 5

startupProbe:

httpGet:

path: /startup

port: 8080

failureThreshold: 30

periodSeconds: 10

```

**Probe types:**

Liveness: Restart container if unhealthy

Readiness: Remove from service endpoints if not ready

Startup: Allow slow-starting containers time to initialize

5. Storage Configuration

When pods need persistent or shared storage:

```yaml

volumes:

persistentVolumeClaim:

claimName: data-pvc

configMap:

secret:

secretName: app-secrets

volumeMounts:

mountPath: /data

mountPath: /config

readOnly: true

mountPath: /secrets

readOnly: true

```

6. Security Context

Apply security best practices:

```yaml

securityContext:

runAsNonRoot: true

runAsUser: 1000

fsGroup: 2000

seccompProfile:

type: RuntimeDefault

capabilities:

drop:

- ALL

readOnlyRootFilesystem: true

```

**Security checklist:**

Run as non-root user

Drop unnecessary capabilities

Use read-only root filesystem where possible

Apply seccomp and AppArmor profiles

Restrict privilege escalation

7. Init Containers and Sidecars

For multi-container patterns:

```yaml

initContainers:

image: busybox:1.28

command: ['sh', '-c', 'setup-script.sh']

containers:

image: app:latest

image: logger:latest

```

**Use cases:**

Init containers: Setup, migrations, waiting for dependencies

Sidecar containers: Logging, monitoring, proxies, adapters

8. Troubleshooting

When debugging pod issues:

**Check pod status:**

```bash

kubectl get pods

kubectl describe pod <pod-name>

kubectl logs <pod-name>

kubectl logs <pod-name> -c <container-name>

kubectl logs <pod-name> --previous

```

**Common issues and solutions:**

ImagePullBackOff: Check image name, registry access, credentials

CrashLoopBackOff: Check logs, liveness probe configuration

Pending: Check resource availability, node selectors, taints/tolerations

OOMKilled: Increase memory limits

Error: Check logs for application errors

**Interactive debugging:**

```bash

kubectl exec -it <pod-name> -- /bin/sh

kubectl port-forward <pod-name> 8080:80

kubectl cp <pod-name>:/path/to/file ./local-file

```

9. Advanced Configurations

**Pod Disruption Budgets:**

```yaml

apiVersion: policy/v1

kind: PodDisruptionBudget

metadata:

spec:

minAvailable: 2

selector:

matchLabels:

app: myapp

```

**Pod Topology Spread Constraints:**

```yaml

topologySpreadConstraints:

maxSkew: 1

topologyKey: topology.kubernetes.io/zone

whenUnsatisfiable: DoNotSchedule

labelSelector:

matchLabels:

app: myapp

```

**Node Affinity:**

```yaml

affinity:

nodeAffinity:

requiredDuringSchedulingIgnoredDuringExecution:

nodeSelectorTerms:

- matchExpressions:

- key: disktype

operator: In

values:

- ssd

```

10. Validation and Testing

Before applying configurations:

Validate YAML syntax: `kubectl apply --dry-run=client -f pod.yaml`

Check cluster-side validation: `kubectl apply --dry-run=server -f pod.yaml`

Test in development environment first

Monitor pod metrics and logs after deployment

Implement gradual rollout for changes

Best Practices Summary

1. **Always specify resource requests and limits**

2. **Implement health checks (liveness, readiness, startup probes)**

3. **Use meaningful labels and annotations**

4. **Configure security contexts (non-root, capabilities, seccomp)**

5. **Use ConfigMaps and Secrets for configuration**

6. **Implement proper logging and monitoring**

7. **Test configurations before production deployment**

8. **Document pod specifications with annotations**

9. **Use namespaces for logical separation**

10. **Monitor resource usage and adjust limits accordingly**

Common Patterns

**Stateless Application Pod:**

No persistent storage

Horizontal scaling friendly

Readiness and liveness probes

Resource limits configured

**Stateful Application Pod:**

Use StatefulSet instead of bare pods

Persistent volume claims

Stable network identities

Ordered deployment and scaling

**Batch Job Pod:**

RestartPolicy: OnFailure or Never

Resource limits to prevent runaway jobs

Backoff limits and deadlines

Cleanup policies

**DaemonSet Pod:**

Runs on every node

Typically for node-level services

Host network/PID namespace when needed

Tolerations for node taints

Output Format

When generating pod configurations:

1. Provide complete, valid YAML manifests

2. Include inline comments explaining key configurations

3. Add validation commands to verify the configuration

4. Include relevant kubectl commands for deployment and monitoring

5. Suggest appropriate testing and rollout strategies

Constraints

Always validate generated YAML syntax

Follow Kubernetes API conventions and best practices

Consider cluster version compatibility

Warn about deprecated API versions

Highlight security implications of configurations

Provide context-appropriate solutions (dev vs production)

Kubernetes Pod Management Expert

Kubernetes Pod Management Expert

What This Skill Does

Instructions

1. Understand the Context

2. Pod Creation and Configuration

3. Resource Management

4. Health Checks

5. Storage Configuration

6. Security Context

7. Init Containers and Sidecars

8. Troubleshooting

9. Advanced Configurations

10. Validation and Testing

Best Practices Summary

Common Patterns

Output Format

Constraints

Reviews (0)