Kubernetes YAML Connect Skill
This skill enables connection to Kubernetes clusters using YAML configuration files as input. It provides tools to apply, validate, and manage Kubernetes resources through kubectl commands.
When to Use
Use this skill when:
- - You have Kubernetes YAML configuration files that need to be applied to a cluster
- You need to validate YAML syntax before deployment
- You want to create or update kubeconfig from YAML input
- You need to switch between Kubernetes contexts
- You want to check cluster status and resources
Prerequisites
Required
- -
kubectl must be installed and available in PATH - Kubernetes cluster accessible (local or remote)
- Appropriate permissions for the target cluster
Installing kubectl
If kubectl is not installed, you can install it using:
macOS:
�CODEBLOCK0
Linux:
�CODEBLOCK1
Windows:
�CODEBLOCK2
Verify installation:
�CODEBLOCK3
Core Workflow
1. Validate YAML Syntax
Before applying any YAML, always validate the syntax:
CODEBLOCK4
2. Apply YAML to Cluster
Apply validated YAML to the current context:
CODEBLOCK5
3. Create/Update Kubeconfig from YAML
If you have kubeconfig YAML, save it and update context:
CODEBLOCK6
4. Context Management
List and switch contexts:
CODEBLOCK7
Common Operations
Deploy a Deployment
�CODEBLOCK8
Create a Service
�CODEBLOCK9
Create a ConfigMap
�CODEBLOCK10
Error Handling
Check for Common Issues
�CODEBLOCK11
Validate YAML Before Applying
Always use dry-run first to catch errors:
�CODEBLOCK12
Security Considerations
- 1. Never commit sensitive data in YAML files (use Secrets or external config)
- Validate YAML from untrusted sources before applying
- Use namespaces to isolate resources
- Apply least privilege RBAC permissions
Examples
Example 1: Apply Simple Deployment
�CODEBLOCK13
Example 2: Multi-resource YAML
�CODEBLOCK14
References
For more detailed information, see:
Troubleshooting
Common Issues
- 1. Connection refused: Check if cluster is running and accessible
- Unauthorized: Verify kubeconfig and permissions
- YAML syntax error: Validate YAML with �INLINECODE1
- Resource already exists: Use
kubectl apply for updates or kubectl replace for forced updates
Debug Commands
�CODEBLOCK15
Remember: Always test YAML in a non-production environment first when possible.
Kubernetes YAML 连接技能
该技能支持通过YAML配置文件连接Kubernetes集群,提供通过kubectl命令应用、验证和管理Kubernetes资源的工具。
使用场景
在以下情况下使用此技能:
- - 需要将Kubernetes YAML配置文件应用到集群
- 部署前需要验证YAML语法
- 需要从YAML输入创建或更新kubeconfig
- 需要在Kubernetes上下文之间切换
- 需要检查集群状态和资源
前置条件
必需条件
- - 必须安装kubectl并配置在PATH环境变量中
- 可访问的Kubernetes集群(本地或远程)
- 目标集群的适当权限
安装kubectl
如果未安装kubectl,可通过以下方式安装:
macOS:
bash
使用Homebrew
brew install kubectl
或直接下载
curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
Linux:
bash
使用包管理器(Ubuntu/Debian)
sudo apt-get update
sudo apt-get install -y kubectl
或直接下载
curl -LO https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
Windows:
powershell
使用Chocolatey
choco install kubernetes-cli
或从官方发布版本下载
验证安装:
bash
kubectl version --client
核心工作流程
1. 验证YAML语法
在应用任何YAML之前,始终验证语法:
bash
kubectl apply --dry-run=client -f - <
[YAML_CONTENT]
EOF
2. 将YAML应用到集群
将验证后的YAML应用到当前上下文:
bash
kubectl apply -f - <
[YAML_CONTENT]
EOF
3. 从YAML创建/更新Kubeconfig
如果有kubeconfig YAML,保存并更新上下文:
bash
保存kubeconfig
cat > /tmp/kubeconfig.yaml <
[KUBECONFIG_YAML]
EOF
设置KUBECONFIG环境变量
export KUBECONFIG=/tmp/kubeconfig.yaml
验证连接
kubectl cluster-info
4. 上下文管理
列出和切换上下文:
bash
列出可用上下文
kubectl config get-contexts
切换到特定上下文
kubectl config use-context [CONTEXT_NAME]
获取当前上下文
kubectl config current-context
常见操作
部署Deployment
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
创建Service
yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
创建ConfigMap
yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
APP_ENV: production
LOG_LEVEL: info
错误处理
检查常见问题
bash
检查kubectl是否已安装
command -v kubectl
检查集群连接
kubectl version --short
检查上下文是否已设置
kubectl config view --minify
应用前验证YAML
始终先使用dry-run捕获错误:
bash
kubectl apply --dry-run=client -f [FILEORSTDIN]
安全考虑
- 1. 切勿在YAML文件中提交敏感数据(使用Secrets或外部配置)
- 应用前验证来自不可信来源的YAML
- 使用命名空间隔离资源
- 应用最小权限RBAC权限
示例
示例1:应用简单Deployment
bash
将YAML内容作为变量
YAML_CONTENT=$(cat <应用到集群
kubectl apply -f - <<< $YAML_CONTENT
示例2:多资源YAML
bash
kubectl apply -f - <
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
key: value
apiVersion: apps/v1
kind: Deployment
metadata:
name: app-deployment
spec:
replicas: 2
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: app
image: myapp:latest
envFrom:
- configMapRef:
name: app-config
EOF
参考文档
更多详细信息,请参阅:
故障排除
常见问题
- 1. 连接被拒绝:检查集群是否运行并可访问
- 未授权:验证kubeconfig和权限
- YAML语法错误:使用kubectl apply --dry-run验证YAML
- 资源已存在:使用kubectl apply进行更新或kubectl replace强制更新
调试命令
bash
获取详细错误信息
kubectl describe [RESOURCETYPE] [RESOURCENAME]
检查事件
kubectl get events --sort-by=.lastTimestamp
检查Pod日志
kubectl logs [POD_NAME]
请记住:尽可能先在非生产环境中测试YAML。
