This skill should be used when the user asks to "design cloud-native architecture", "containerize the application", "evaluate service mesh options", "plan serverless migration", or mentions Kubernetes, Istio, FinOps, or 12-factor. [EXPLICIT] It produces architecture documentation covering containers, orchestration, service mesh, serverless decisions, multi-cloud strategy, and cost-aware engineering with FinOps. [EXPLICIT] Use this skill whenever the user needs to design applications for the cloud, even if they don't explicitly ask for "cloud-native-architecture". [EXPLICIT]
From jm-adknpx claudepluginhub javimontano/jm-adk-alfaThis skill is limited to using the following tools:
agents/guardian.mdagents/lead.mdagents/specialist.mdagents/support.mdevals/evals.jsonknowledge/body-of-knowledge.mdknowledge/knowledge-graph.mdprompts/meta.mdprompts/primary.mdprompts/variations/deep.mdprompts/variations/quick.mdreferences/cloud-native-patterns.mdtemplates/output.docx.mdtemplates/output.htmlCloud-native architecture designs applications to fully exploit cloud platforms -- containers, orchestration, service mesh, serverless, infrastructure as code, and cost-aware engineering. This skill produces architecture documentation guiding teams from cloud readiness assessment through production-grade deployment. [EXPLICIT]
Cloud-native no es "mover a la nube" — es diseñar PARA la nube. Contenedores por defecto, service mesh para observabilidad, serverless donde stateless, FinOps integral desde el día uno. El objetivo no es usar servicios cloud — es explotar las propiedades de la nube: elasticidad, resiliencia, observabilidad y optimización continua de costos.
The user provides a system or platform name as $ARGUMENTS. Parse $1 as the system/platform name used throughout all output artifacts. [EXPLICIT]
Parameters:
{MODO}: piloto-auto (default) | desatendido | supervisado | paso-a-paso
{FORMATO}: markdown (default) | html | dual{VARIANTE}: ejecutiva (~40% — S1 assessment + S2 container strategy + S6 FinOps) | técnica (full 6 sections, default)Before generating architecture, detect cloud-native context:
!find . -name "Dockerfile" -o -name "*.yaml" -o -name "*.tf" -o -name "helm" -type d -o -name "serverless.yml" | head -20
If reference materials exist, load them:
Read ${CLAUDE_SKILL_DIR}/references/cloud-native-patterns.md
Evaluate the application against cloud-native principles to identify gaps and transformation priorities. [EXPLICIT]
12-Factor Compliance Audit: Rate each factor as compliant / partial / non-compliant with remediation effort (S/M/L):
Containerization Readiness Checklist:
Container Image Best Practices:
latest tag.Kubernetes Architecture:
Resource Request/Limit Guidance:
| Resource | Request | Limit | Rationale |
|---|---|---|---|
| CPU | Set at P95 usage (from VPA data) | Omit or set 5x request | Avoids CPU throttling; burst on idle cores |
| Memory | Set at P95 usage | Set at 1.5-2x request | OOMKill preferred over node instability |
| Ephemeral storage | Set if logs/cache grow | Set at 2x request | Prevents eviction |
Node Autoscaling Decision Matrix:
| Tool | Mechanism | Provision Speed | Best For |
|---|---|---|---|
| Cluster Autoscaler | ASG-based, node group templates | 2-5 min | Homogeneous workloads, simple setups |
| Karpenter (AWS) | Direct EC2 API, right-sized nodes | 30-60s | Heterogeneous workloads, spot optimization, cost-sensitive |
| GKE NAP | GKE-native, auto node pools | 1-2 min | GKE clusters, managed simplicity |
Pod Autoscaling Decision Matrix:
| Tool | Trigger | Scales To Zero | Best For |
|---|---|---|---|
| HPA | CPU/memory/custom metrics | No | HTTP traffic, steady load spikes |
| VPA | Historical usage analysis | N/A | Right-sizing, legacy apps (recommend-only mode safe) |
| KEDA | External events (Kafka lag, SQS, cron, Prometheus) | Yes | Queue workers, batch jobs, event-driven |
GitOps Deployment:
Gateway API vs. Ingress (2025-2026):
| Aspect | Ingress (Legacy) | Gateway API (Standard) |
|---|---|---|
| Status | Ingress-NGINX retiring March 2026 | GA, v1.2+, CNCF standard |
| Role model | Single resource, annotation-heavy | HTTPRoute, GRPCRoute, TCPRoute (role-oriented) |
| TLS | Annotation-based | First-class TLSRoute |
| Multi-tenancy | Weak | Built-in (Gateway per team, shared GatewayClass) |
| Implementations | NGINX, HAProxy | Envoy Gateway, Cilium, Istio, Kong, Contour |
CNI & Service Mesh Comparison:
| Tool | Type | Data Plane | Resource Overhead | Best For |
|---|---|---|---|---|
| Cilium | CNI + mesh + observability | eBPF (kernel) | Lowest (no sidecar for L3/L4) | Teams wanting unified networking + mesh + observability |
| Calico | CNI + network policy | iptables or eBPF | Low | Network policy enforcement, simple CNI |
| Istio Ambient | Mesh (L4 ztunnel + L7 waypoint) | Per-node + per-namespace | 90% less than sidecar mode | Zero-trust mTLS at scale, new deployments |
| Istio Sidecar | Mesh (Envoy per pod) | Per-pod sidecar | ~50-100MB/sidecar | Complex L7 traffic management |
| Linkerd | Mesh (Rust proxy) | Per-pod sidecar (~10MB) | Very low | Teams wanting simplicity over features |
mTLS & Zero Trust: Mesh-managed short-lived certificates (hours). Service-to-service RBAC, deny-by-default. SPIFFE identities.
Traffic Management: Canary (gradual shift), blue-green (instant), A/B (header/weight). Circuit breaking, rate limiting, retry/timeout (idempotent operations only).
Observability Stack:
Decision Matrix:
| Factor | Favor Serverless | Favor Containers |
|---|---|---|
| Traffic pattern | Spiky, unpredictable | Steady, predictable |
| Execution time | <15 minutes | Long-running |
| State | Stateless | Stateful |
| Cold start tolerance | Acceptable (100-500ms) | Not acceptable (<50ms) |
| Cost at volume | <1M invocations/month | >10M invocations/month |
| Vendor lock-in | Acceptable | Not acceptable |
Cold Start Mitigation: Provisioned concurrency, smaller packages (tree-shaking, layers), language choice (Go/Rust <100ms, Java/C# 500ms-2s), SnapStart (Java on Lambda), warm-up pings.
State Management: External stores (DynamoDB, Redis, S3). Step Functions / Durable Functions for orchestration. Event-driven decoupling via queues.
Vendor Lock-in Assessment: Abstraction layers (SST, Pulumi, Serverless Framework). Exit cost per component. Prefer open standards (CloudEvents, OpenTelemetry).
Strategy Tiers:
Abstraction Approaches:
Cloud-Agnostic Patterns:
FinOps Tooling Comparison:
| Tool | License | Scope | Unique Value |
|---|---|---|---|
| OpenCost | Open source (CNCF Incubating) | K8s workload costs | Free, Prometheus-native, MCP server for AI-driven cost queries |
| Kubecost | Freemium (backed by IBM) | K8s + cloud costs | Savings recommendations, network cost visibility, enterprise support |
| Vantage | Commercial SaaS | Multi-cloud + SaaS | Unified dashboard across AWS/Azure/GCP/Datadog/Snowflake |
| FOCUS | Open standard (FinOps Foundation) | Billing data format | Normalize billing across providers for consistent reporting |
Cost Allocation: Namespace/pod-level via OpenCost/Kubecost. Label strategy: team, service, environment, cost-center. Showback reports per team.
Optimization Levers:
Cost Governance:
| Decision | Enables | Constrains | When to Use |
|---|---|---|---|
| Kubernetes | Portability, scaling, ecosystem | Operational complexity | Polyglot microservices, experienced teams |
| Service Mesh | mTLS, traffic control, observability | Resource overhead, complexity | >10 services, zero-trust required |
| Serverless | Zero ops, pay-per-use | Cold start, vendor lock-in | Event-driven, low-volume, spiky traffic |
| Multi-Cloud | Avoid lock-in, negotiate pricing | Complexity, lowest-common-denominator | Regulatory, negotiation leverage, DR |
| GitOps (ArgoCD) | Auditable, declarative, rollback | Learning curve, git as bottleneck | Kubernetes-native, compliance-driven |
| Spot Instances | 60-90% cost savings | Interruption risk | Stateless, fault-tolerant workloads |
| Karpenter over CA | Faster scaling, better bin-packing | AWS-only (EKS) | EKS clusters with heterogeneous workloads |
| Gateway API over Ingress | Multi-tenancy, role-based, extensible | Newer ecosystem | All new clusters; migrate existing before NGINX retirement |
Monolith Containerization: Containerize the monolith first (lift-and-shift to container), then decompose. Use strangler fig pattern. Do not attempt simultaneous containerization and decomposition. [EXPLICIT]
Stateful Workloads on Kubernetes: Use operators (CloudNativePG for PostgreSQL, Strimzi for Kafka). Alternative: managed services outside K8s. Evaluate operational burden vs. portability. [EXPLICIT]
Serverless at Scale (>10M invocations/month): Model break-even point. Container alternative often cheaper at high volume. Reserved concurrency or Fargate may be more cost-effective. [EXPLICIT]
Regulated Industries: Service mesh mTLS may be mandatory. Image provenance required (SLSA, Sigstore/cosign). Multi-cloud may be required for data residency. Audit logging at infrastructure layer. [EXPLICIT]
Small Team (<5 developers): Full K8s + mesh is likely over-engineered. Use managed Kubernetes, skip mesh, use cloud-managed services. Revisit as team grows. [EXPLICIT]
Before finalizing delivery, verify:
| Format | Default | Description |
|---|---|---|
markdown | Yes | Rich Markdown + Mermaid diagrams. Token-efficient. |
html | On demand | Branded HTML (Design System). Visual impact. |
dual | On demand | Both formats. |
Default output is Markdown with embedded Mermaid diagrams. HTML generation requires explicit {FORMATO}=html parameter. [EXPLICIT]
Primary: A-01_Cloud_Native_Architecture.html -- Executive summary, 12-factor assessment, container strategy, Kubernetes architecture, service mesh design, serverless decisions, multi-cloud plan, FinOps dashboard.
Secondary: Kubernetes manifest templates, Helm chart structure, service mesh configuration, cost allocation report, 12-factor compliance checklist.
Author: Javier Montano | Last updated: March 18, 2026
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.