FVH (Forum Virium Helsinki) Skaffold configuration standards for local Kubernetes development with OrbStack and dotenvx. Use when configuring Skaffold, setting up local K8s development, or when the user mentions FVH Skaffold, local development, Kubernetes profiles, or dotenvx secrets.
/plugin marketplace add laurigates/claude-plugins/plugin install configure-plugin@lgates-claude-pluginsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
FVH standard Skaffold configuration for local Kubernetes development workflows using OrbStack and dotenvx.
apiVersion: skaffold/v4beta13
kind: Config
Always use the latest stable API version. Currently: skaffold/v4beta13
build:
local:
push: false # Never push to registry for local dev
useDockerCLI: true # Use Docker CLI (better caching)
useBuildkit: true # Enable BuildKit for performance
concurrency: 0 # Unlimited parallel builds
# Generate secrets from encrypted .env files before building
hooks:
before:
- command: ['sh', '-c', 'dotenvx run -- sh scripts/generate-secrets.sh']
os: [darwin, linux]
artifacts:
- image: app-name
context: .
docker:
dockerfile: Dockerfile
# Optional: init container for database migrations
- image: app-db-init
context: .
docker:
dockerfile: Dockerfile.db-init
IMPORTANT: Always bind to localhost only:
portForward:
- resourceType: service
resourceName: app-name
port: 80
localPort: 8080
address: 127.0.0.1 # REQUIRED: Bind to localhost only
Never use 0.0.0.0 or omit the address field.
deploy:
kubeContext: orbstack # OrbStack for local development
kubectl:
defaultNamespace: app-name
# Optional: validation before deploy
hooks:
before:
- host:
command: ["sh", "-c", "echo 'Deploying...'"]
os: [darwin, linux]
statusCheck: true
# Extended timeout for init containers (db migrations, seeding)
statusCheckDeadlineSeconds: 180
tolerateFailuresUntilDeadline: true
# Parse JSON logs from applications for cleaner output
logs:
jsonParse:
fields: ["message", "level", "timestamp"]
db-onlyDatabase only - for running app dev server locally with hot-reload:
profiles:
- name: db-only
build:
artifacts: [] # Don't build app
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/postgresql-secret.yaml
- k8s/postgresql-configmap.yaml
- k8s/postgresql-service.yaml
- k8s/postgresql-statefulset.yaml
portForward:
- resourceType: service
resourceName: postgresql
namespace: app-name
port: 5432
localPort: 5435
address: 127.0.0.1
Use case: Run skaffold dev -p db-only + bun run dev for hot-reload development
services-onlyBackend services only (database, APIs) - use with local frontend dev:
profiles:
- name: services-only
build:
artifacts: [] # Don't build frontend
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/database/*.yaml
- k8s/api/*.yaml
portForward:
- resourceType: service
resourceName: postgresql
port: 5432
localPort: 5435
address: 127.0.0.1
Use case: Run skaffold dev -p services-only + bun run dev for hot-reload frontend
e2e or e2e-with-prod-dataFull stack for end-to-end testing:
profiles:
- name: e2e
manifests:
rawYaml:
- k8s/*.yaml # All manifests
migration-testDatabase migration testing:
profiles:
- name: migration-test
manifests:
rawYaml:
- k8s/database/*.yaml
test:
- image: migration-tester
custom:
- command: "run-migrations.sh"
Always specify kubeContext: orbstack in deploy configuration. This is the FVH standard local development context.
deploy:
kubeContext: orbstack
kubectl: {}
When using Skaffold commands, always include --kube-context=orbstack:
skaffold dev --kube-context=orbstack
skaffold run --kube-context=orbstack
skaffold delete --kube-context=orbstack
Only use a different context if explicitly requested by the user.
| Element | Requirement |
|---|---|
| API version | skaffold/v4beta13 |
| deploy.kubeContext | orbstack (default) |
| local.push | false |
| portForward.address | 127.0.0.1 |
| statusCheck | true recommended |
| dotenvx hooks | Recommended for secrets |
Depending on project type:
| Profile | Purpose | Required |
|---|---|---|
db-only | Database only + local app dev | Recommended |
services-only | Backend services + local frontend | Recommended |
minimal | Without optional features | Optional |
e2e | Full stack testing | Optional |
# Default: Full stack
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/frontend/*.yaml
- k8s/backend/*.yaml
- k8s/database/*.yaml
profiles:
- name: services-only
build:
artifacts: []
manifests:
rawYaml:
- k8s/namespace.yaml
- k8s/backend/*.yaml
- k8s/database/*.yaml
# Simpler configuration
manifests:
rawYaml:
- k8s/*.yaml
# No profiles needed for simple services
Skaffold may not be applicable for pure infrastructure repos. Use Terraform/Helm directly.
FVH projects use dotenvx for encrypted secrets management in local development.
.env files contain encrypted values, safe to commitDOTENV_PRIVATE_KEY decrypts values at runtimedotenvx run -- script to inject secretsbuild:
hooks:
before:
- command: ['sh', '-c', 'dotenvx run -- sh scripts/generate-secrets.sh']
os: [darwin, linux]
deploy:
kubectl:
hooks:
before:
- host:
command: ["sh", "-c", "dotenvx run -- sh scripts/generate-secrets.sh"]
Create scripts/generate-secrets.sh:
#!/bin/bash
# Generate Kubernetes secrets from .env using dotenvx
set -euo pipefail
# Validate required env vars are set
: "${DATABASE_URL:?DATABASE_URL must be set}"
: "${SECRET_KEY:?SECRET_KEY must be set}"
# Generate app secrets manifest
cat > k8s/app-secrets.yaml << EOF
apiVersion: v1
kind: Secret
metadata:
name: app-secrets
namespace: app-name
type: Opaque
stringData:
DATABASE_URL: "${DATABASE_URL}"
SECRET_KEY: "${SECRET_KEY}"
EOF
echo "Generated k8s/app-secrets.yaml"
# Install dotenvx
curl -sfS https://dotenvx.sh | sh
# Create encrypted .env
dotenvx set DATABASE_URL "postgresql://..."
dotenvx set SECRET_KEY "..."
# Encrypt existing .env
dotenvx encrypt
# Store private key securely (NOT in git)
echo "DOTENV_PRIVATE_KEY=..." >> ~/.zshrc
Pre-build hooks for validation (in addition to dotenvx):
build:
artifacts:
- image: app
hooks:
before:
- command: ['bun', 'run', 'check']
os: [darwin, linux]
| Status | Condition |
|---|---|
| PASS | Compliant configuration |
| WARN | Present but missing recommended elements |
| FAIL | Security issue (e.g., portForward without localhost) |
| SKIP | Not applicable (e.g., infrastructure repo) |
statusCheckDeadlineSeconds (increase if needed)tolerateFailuresUntilDeadline: truekubectl logs -f <pod>address: 127.0.0.1 is setuseBuildkit: trueuseDockerCLI: trueconcurrency: 0 for parallel buildsThis skill should be used when the user asks about libraries, frameworks, API references, or needs code examples. Activates for setup questions, code generation involving libraries, or mentions of specific frameworks like React, Vue, Next.js, Prisma, Supabase, etc.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.