Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From StageSet
Author and operate StageSet custom resources (apiVersion stages.metio.wtf/v1) for the stageset-controller — a Flux controller for ordered, gated, multi-stage Kubernetes delivery. Use this when writing or editing a StageSet YAML, wiring a Flux source (GitRepository / OCIRepository / Bucket / ExternalArtifact, or a producer like a JaaS JsonnetSnippet) into staged rollouts, adding typed actions / ready checks / update windows / versioned migrations / conflict policies, configuring per-tenant impersonation, or driving a StageSet with the stagesetctl CLI (diff, build, get, reconcile). Applies whenever a repo has StageSet manifests or the stageset-controller is in play.
How this skill is triggered — by the user, by Claude, or both
Slash command
/stageset:stagesetThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
`StageSet` (`stages.metio.wtf/v1`) is a Flux-compatible controller for **ordered,
StageSet (stages.metio.wtf/v1) is a Flux-compatible controller for ordered,
gated, multi-stage delivery. A StageSet rolls out a sequence of stages, each
built from a Flux source (GitRepository, OCIRepository, Bucket, or an
ExternalArtifact), waiting for each stage to become healthy
before the next — with typed actions between stages, update windows, versioned
migrations, conflict policies, and per-stage pruning. It is continuously
reconciled and applies under per-tenant ServiceAccount impersonation.
Reach for a StageSet (over a plain Flux Kustomization) when a release must happen
in order: CRDs before the operator that needs them, a migration before the app,
a gate before a production rollout.
The full, current documentation lives at https://stageset.projects.metio.wtf/,
with a machine-readable index at /llms.txt and the whole site concatenated at
/llms-full.txt. When you need an exact field, default, or example, prefer those
over memory. Key pages: the API reference,
usage (one feature each), and
CLI.
references/reference.md in this skill is a compact cheat-sheet of the same.
Start minimal — only spec.stages is required (spec.interval is optional and
defaults to the controller's --default-interval):
apiVersion: stages.metio.wtf/v1
kind: StageSet
metadata:
name: my-app
namespace: default
spec:
stages:
- name: app
sourceRef:
name: my-app # an ExternalArtifact; kind defaults to ExternalArtifact
Then layer options on, in roughly this order of need:
serviceAccountName — impersonated for every apply/prune/action. Set it in
multi-tenant/production clusters; the StageSet can only do what that SA allows.decryption — {provider: sops, secretRef: {name}} decrypts SOPS-encrypted
files in stage sources before they apply. Keys in the Secret: age under *.agekey,
PGP under *.asc (both tenant-scoped, read under serviceAccountName); cloud KMS
uses the controller's ambient creds and needs no secretRef.path, prune (default true), patches
(Kustomize), postBuild.substitute / substituteFrom.actions (pre / post / onFailure) — each Action has exactly one of
patch / http / wait / job / delete / apply.readyChecks — checks (kstatus) and/or exprs (CEL) to define "healthy".conflictPolicy — default + per-resource rules (Fail/Recreate/
KeepExisting); allowDataLoss: true is required to Recreate a PVC/PV.updateWindows + windowScope — gate when new revisions roll out.version + migrations — run a migration once when crossing a version boundary.rollbackOnFailure — restore the last good revision on failure (needs a
rollback store configured on the controller).sourceRef.kind defaults to ExternalArtifact. A stage can also point directly
at a classic Flux source — GitRepository, OCIRepository, Bucket — so plain
manifests in Git/OCI/Bucket need no producer. Use a producer (e.g. a JaaS
JsonnetSnippet, apiVersion: jaas.metio.wtf/v1) only when the manifests must be
rendered first; the controller resolves the producer's published ExternalArtifact.Action with two operation blocks is rejected — exactly one.sourceRef is the link.stagesetctl previews and drives StageSets with your kubeconfig (also works as
kubectl stageset). Always preview before applying logic changes:
stagesetctl diff my-app -n apps # what would change (exit 1 = changes; CI gate)
stagesetctl build my-app --stage app # render the manifests to stdout
stagesetctl get my-app -n apps # human-readable status (stages, phases, revisions)
stagesetctl reconcile my-app --wait # force an out-of-band reconcile
diff follows the diff(1) convention (exit 1 on changes), so it gates CI. Use
stagesetctl reconcile --update-now to push a window-held rollout through.
status.conditions[Ready].reason names the failure; each reason has a runbook at
https://stageset.projects.metio.wtf/runbooks/<reason>/ (lower-cased). kubectl describe stageset <name> shows the per-stage phase and message; status.stages[]
carries each stage's phase, applied revision, and executed actions.
With --mcp-bind-address set, the controller serves a Model Context Protocol
endpoint (streamable HTTP) exposing read-only list_stagesets / get_stageset
tools (Ready status, reason, runbook URL, version, per-stage phases, applied
revisions, pending migrations). --mcp-allow-mutations additionally exposes
gated reconcile_stageset / suspend_stageset / resume_stageset write tools,
all acting as the controller's ServiceAccount. Full reference:
https://stageset.projects.metio.wtf/usage/mcp-server/.
npx claudepluginhub metio/stageset-controller --plugin stagesetBlocks Edit/Write/Bash actions until Claude investigates importers, data schemas, and user instructions. Improves output quality by forcing concrete facts before edits.