Master Kubernetes storage management and networking architecture. Learn persistent storage, network policies, service discovery, and ingress routing.
Manages Kubernetes persistent storage and networking architecture. Triggers when configuring CSI drivers, defining StorageClasses, setting up Ingress/Gateway API routes, or creating Network Policies for zero-trust security.
/plugin marketplace add pluginagentmarketplace/custom-plugin-kubernetes/plugin install kubernetes-assistant@pluginagentmarketplace-kubernetesThis skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/config.yamlreferences/GUIDE.mdscripts/helper.pyProduction-grade Kubernetes storage and networking covering persistent storage patterns, CSI driver configuration, CNI plugins, service discovery, and ingress routing. This skill provides deep expertise in building reliable, high-performance data and network infrastructure.
Storage Stack
┌─────────────────────────────────────────────────┐
│ APPLICATION POD │
│ Volume Mount: /data │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ PERSISTENT VOLUME CLAIM (PVC) │
│ Namespace-scoped storage request │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ PERSISTENT VOLUME (PV) │
│ Cluster-wide resource │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ CSI DRIVER │
│ aws-ebs-csi, csi-driver-nfs, etc. │
└─────────────────────────────────────────────────┘
Production StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: fast-ssd
provisioner: ebs.csi.aws.com
parameters:
type: gp3
iops: "5000"
throughput: "250"
encrypted: "true"
reclaimPolicy: Retain
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: shared-efs
provisioner: efs.csi.aws.com
parameters:
provisioningMode: efs-ap
fileSystemId: fs-abc123
reclaimPolicy: Retain
VolumeSnapshot for Backup
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
name: ebs-snapclass
driver: ebs.csi.aws.com
deletionPolicy: Retain
---
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshot
metadata:
name: db-backup
spec:
volumeSnapshotClassName: ebs-snapclass
source:
persistentVolumeClaimName: postgresql-data-0
Network Stack
┌─────────────────────────────────────────────────┐
│ EXTERNAL TRAFFIC │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ LOAD BALANCER (ALB/NLB) │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ INGRESS CONTROLLER / GATEWAY API │
│ TLS termination, routing │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ KUBERNETES SERVICE │
│ ClusterIP, NodePort, LoadBalancer │
└─────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────┐
│ CNI PLUGIN │
│ Cilium, Calico, AWS VPC CNI │
└─────────────────────────────────────────────────┘
Service Configuration
apiVersion: v1
kind: Service
metadata:
name: api-server
namespace: production
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: api-server
ports:
- name: http
port: 80
targetPort: 8080
- name: grpc
port: 9090
targetPort: 9090
Production Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/limit-rps: "100"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: nginx
tls:
- hosts:
- api.example.com
secretName: api-tls
rules:
- host: api.example.com
http:
paths:
- path: /v1
pathType: Prefix
backend:
service:
name: api-v1
port:
number: 80
Gateway API
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
name: production-gateway
spec:
gatewayClassName: istio
listeners:
- name: https
hostname: "*.example.com"
port: 443
protocol: HTTPS
tls:
mode: Terminate
certificateRefs:
- name: wildcard-tls
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: api-routes
spec:
parentRefs:
- name: production-gateway
hostnames:
- "api.example.com"
rules:
- matches:
- path:
type: PathPrefix
value: /api/v1
backendRefs:
- name: api-v1
port: 80
weight: 90
- name: api-v1-canary
port: 80
weight: 10
Zero-Trust Architecture
# Default deny all
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
namespace: production
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
---
# Allow DNS
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-dns
namespace: production
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- protocol: UDP
port: 53
---
# API server policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-server-policy
namespace: production
spec:
podSelector:
matchLabels:
app: api-server
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
app: postgresql
ports:
- protocol: TCP
port: 5432
┌─────────────┬─────────────┬─────────────┬─────────────┐
│ Feature │ Cilium │ Calico │ AWS VPC CNI │
├─────────────┼─────────────┼─────────────┼─────────────┤
│ Performance │ Excellent │ Very Good │ Excellent │
│ L7 Policy │ ✓ (native) │ Via Envoy │ ✗ │
│ eBPF │ ✓ │ ✓ (option) │ ✗ │
│ Encryption │ WireGuard │ WireGuard │ VPC native │
│ Observ. │ Hubble │ Basic │ CloudWatch │
└─────────────┴─────────────┴─────────────┴─────────────┘
Storage Problem?
│
├── PVC Pending
│ ├── Check StorageClass exists
│ ├── Check provisioner running
│ └── WaitForFirstConsumer → Schedule pod
│
├── Pod can't mount
│ ├── Already attached → Force detach
│ ├── Permission denied → Check fsGroup
│ └── Filesystem error → Resize PVC
│
└── Performance issues
├── Check IOPS limits
└── Use faster StorageClass
Network Problem?
│
├── Service not reachable
│ ├── No endpoints → Selector mismatch
│ ├── DNS not resolving → CoreDNS
│ └── Timeout → NetworkPolicy
│
├── Ingress not working
│ ├── 404 → Path mismatch
│ ├── 502 → Backend not ready
│ └── TLS error → Certificate
│
└── Pod-to-pod fails
├── Check NetworkPolicy
└── Check CNI pods
# Storage
kubectl get pv,pvc -A
kubectl describe pvc <name>
kubectl get storageclass
# Network
kubectl get svc,endpoints,ingress -A
kubectl run debug --rm -it --image=nicolaka/netshoot -- nslookup <svc>
kubectl get networkpolicy -A
| Challenge | Solution |
|---|---|
| PVC Pending | Check StorageClass, provisioner |
| Volume timeout | Check node health, force detach |
| Ingress 502 | Check backend health |
| DNS failures | Verify CoreDNS, egress policy |
| Metric | Target |
|---|---|
| PVC provision time | <30s |
| Storage availability | 99.99% |
| Service latency | <10ms |
| Network policy coverage | 100% |
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.
This skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
This skill should be used when the user asks to "create a hook", "add a PreToolUse/PostToolUse/Stop hook", "validate tool use", "implement prompt-based hooks", "use ${CLAUDE_PLUGIN_ROOT}", "set up event-driven automation", "block dangerous commands", or mentions hook events (PreToolUse, PostToolUse, Stop, SubagentStop, SessionStart, SessionEnd, UserPromptSubmit, PreCompact, Notification). Provides comprehensive guidance for creating and implementing Claude Code plugin hooks with focus on advanced prompt-based hooks API.