From configure-plugin
Provides Skaffold configuration standards for local Kubernetes development using OrbStack and dotenvx. Useful when configuring Skaffold, local K8s setups, Kubernetes profiles, or dotenvx secrets.
npx claudepluginhub laurigates/claude-plugins --plugin configure-pluginThis skill is limited to using the following tools:
Standard Skaffold configuration for local Kubernetes development workflows using OrbStack and dotenvx.
Generates design tokens/docs from CSS/Tailwind/styled-components codebases, audits visual consistency across 10 dimensions, detects AI slop in UI.
Records polished WebM UI demo videos of web apps using Playwright with cursor overlay, natural pacing, and three-phase scripting. Activates for demo, walkthrough, screen recording, or tutorial requests.
Delivers idiomatic Kotlin patterns for null safety, immutability, sealed classes, coroutines, Flows, extensions, DSL builders, and Gradle DSL. Use when writing, reviewing, refactoring, or designing Kotlin code.
Standard Skaffold configuration for local Kubernetes development workflows using OrbStack and dotenvx.
apiVersion: skaffold/v4beta13
kind: Config
Always use the latest stable API version. Currently: skaffold/v4beta13
build:
local:
push: false # Never push to registry for local dev
useDockerCLI: true # Use Docker CLI (better caching)
useBuildkit: true # Enable BuildKit for performance
concurrency: 0 # Unlimited parallel builds
# Generate secrets from encrypted .env files before building
hooks:
before:
- command: ['sh', '-c', 'dotenvx run -- sh scripts/generate-secrets.sh']
os: [darwin, linux]
artifacts:
- image: app-name
context: .
docker:
dockerfile: Dockerfile
# Optional: init container for database migrations
- image: app-db-init
context: .
docker:
dockerfile: Dockerfile.db-init
IMPORTANT: Always bind to localhost only:
portForward:
- resourceType: service
resourceName: app-name
port: 80
localPort: 8080
address: 127.0.0.1 # REQUIRED: Bind to localhost only
Never use 0.0.0.0 or omit the address field.
deploy:
kubeContext: orbstack # OrbStack for local development
kubectl:
defaultNamespace: app-name
# Optional: validation before deploy
hooks:
before:
- host:
command: ["sh", "-c", "echo 'Deploying...'"]
os: [darwin, linux]
statusCheck: true
# Extended timeout for init containers (db migrations, seeding)
statusCheckDeadlineSeconds: 180
tolerateFailuresUntilDeadline: true
# Parse JSON logs from applications for cleaner output
logs:
jsonParse:
fields: ["message", "level", "timestamp"]
db-onlyDatabase only - for running app dev server locally with hot-reload:
profiles:
- name: db-only
build:
artifacts: [] # Don't build app
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/postgresql-secret.yaml
- k8s/postgresql-configmap.yaml
- k8s/postgresql-service.yaml
- k8s/postgresql-statefulset.yaml
portForward:
- resourceType: service
resourceName: postgresql
namespace: app-name
port: 5432
localPort: 5435
address: 127.0.0.1
Use case: Run skaffold dev -p db-only + bun run dev for hot-reload development
services-onlyBackend services only (database, APIs) - use with local frontend dev:
profiles:
- name: services-only
build:
artifacts: [] # Don't build frontend
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/database/*.yaml
- k8s/api/*.yaml
portForward:
- resourceType: service
resourceName: postgresql
port: 5432
localPort: 5435
address: 127.0.0.1
Use case: Run skaffold dev -p services-only + bun run dev for hot-reload frontend
e2e or e2e-with-prod-dataFull stack for end-to-end testing:
profiles:
- name: e2e
manifests:
rawYaml:
- k8s/*.yaml # All manifests
migration-testDatabase migration testing:
profiles:
- name: migration-test
manifests:
rawYaml:
- k8s/database/*.yaml
test:
- image: migration-tester
custom:
- command: "run-migrations.sh"
Always specify kubeContext: orbstack in deploy configuration. This is the standard local development context.
deploy:
kubeContext: orbstack
kubectl: {}
When using Skaffold commands, always include --kube-context=orbstack:
skaffold dev --kube-context=orbstack
skaffold run --kube-context=orbstack
skaffold delete --kube-context=orbstack
Only use a different context if explicitly requested by the user.
| Element | Requirement |
|---|---|
| API version | skaffold/v4beta13 |
| deploy.kubeContext | orbstack (default) |
| local.push | false |
| portForward.address | 127.0.0.1 |
| statusCheck | true recommended |
| dotenvx hooks | Recommended for secrets |
Depending on project type:
| Profile | Purpose | Required |
|---|---|---|
db-only | Database only + local app dev | Recommended |
services-only | Backend services + local frontend | Recommended |
minimal | Without optional features | Optional |
e2e | Full stack testing | Optional |
# Default: Full stack
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/frontend/*.yaml
- k8s/backend/*.yaml
- k8s/database/*.yaml
profiles:
- name: services-only
build:
artifacts: []
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/backend/*.yaml
- k8s/database/*.yaml
# Simpler configuration
manifests:
rawYaml:
- k8s/*.yaml
# No profiles needed for simple services
Skaffold may not be applicable for pure infrastructure repos. Use Terraform/Helm directly.
Projects use dotenvx for encrypted secrets management in local development.
.env files contain encrypted values, safe to commitDOTENV_PRIVATE_KEY decrypts values at runtimedotenvx run -- script to inject secretsbuild:
hooks:
before:
- command: ['sh', '-c', 'dotenvx run -- sh scripts/generate-secrets.sh']
os: [darwin, linux]
deploy:
kubectl:
hooks:
before:
- host:
command: ["sh", "-c", "dotenvx run -- sh scripts/generate-secrets.sh"]
Create scripts/generate-secrets.sh:
#!/bin/bash
# Generate Kubernetes secrets from .env using dotenvx
set -euo pipefail
# Validate required env vars are set
: "${DATABASE_URL:?DATABASE_URL must be set}"
: "${SECRET_KEY:?SECRET_KEY must be set}"
# Generate app secrets manifest
cat > k8s/app-secrets.yaml << EOF
apiVersion: v1
kind: Secret
metadata:
name: app-secrets
namespace: app-name
type: Opaque
stringData:
DATABASE_URL: "${DATABASE_URL}"
SECRET_KEY: "${SECRET_KEY}"
EOF
echo "Generated k8s/app-secrets.yaml"
# Install dotenvx
curl -sfS https://dotenvx.sh | sh
# Create encrypted .env
dotenvx set DATABASE_URL "postgresql://..."
dotenvx set SECRET_KEY "..."
# Encrypt existing .env
dotenvx encrypt
# Store private key securely (NOT in git)
echo "DOTENV_PRIVATE_KEY=..." >> ~/.zshrc
Pre-build hooks for validation (in addition to dotenvx):
build:
artifacts:
- image: app
hooks:
before:
- command: ['bun', 'run', 'check']
os: [darwin, linux]
| Status | Condition |
|---|---|
| PASS | Compliant configuration |
| WARN | Present but missing recommended elements |
| FAIL | Security issue (e.g., portForward without localhost) |
| SKIP | Not applicable (e.g., infrastructure repo) |
statusCheckDeadlineSeconds (increase if needed)tolerateFailuresUntilDeadline: truekubectl logs -f <pod>address: 127.0.0.1 is setuseBuildkit: trueuseDockerCLI: trueconcurrency: 0 for parallel builds