opa-image-security-templates
OPA image security policies for container registry allowlisting, digest enforcement, and signature verification in Kubernetes.
OPA image security policies for container registry allowlisting, digest enforcement, and signature verification in Kubernetes.
Dockerfile best practices, multi-stage builds, docker-compose patterns, and Kubernetes concepts
kubectl + Envoyベースのツールのデバッグと設定確認を支援します(Envoy設定ダンプ、オフラインモード、トラブルシューティング)
Run Codex CLI inside a Podman container with full internet access but filesystem exposure limited to the repo root + explicit bind mounts; use when you want yolo/web-search without giving the agent access to your whole host filesystem.
Install Kyverno, create validation policies, and understand audit vs enforce modes for Kubernetes admission control.
Install and configure AlertManager following monitoring guide patterns and best practices for Kubernetes environments. Trigger with /alertmanager-install
Container query setup required for this project's cqi-based fluid scales. The type and space tokens use cqi units which need container-type declarations to function.
Refactor Docker configurations to improve security, performance, and maintainability. Transforms insecure Dockerfiles and docker-compose files into production-ready containers following 2025 best practices. Implements multi-stage builds, non-root users, pinned image versions, health checks, secrets management, and network segmentation. Fixes common anti-patterns like running as root, hardcoded credentials, missing .dockerignore, and bloated images.
Docker容器化开发指南。当用户需要编写 Dockerfile、配置 docker-compose、优化镜像大小、调试容器问题或实施容器化最佳实践时使用此技能。
This skill creates ephemeral pods cloned from existing deployments for interactive shell access with full application context. Use this when you need Rails console, database access, or debugging with env vars and secrets without affecting production pods.
Kyverno network security policies that enforce NetworkPolicy requirements, Ingress rules, and Service restrictions in Kubernetes.
Create optimized Dockerfiles with multi-stage builds, security hardening, layer caching, and health checks. Includes docker-compose patterns for development and production environments.
Enterprise DevOps with Kubernetes 1.31, Docker 27.x, Terraform 1.9, GitHub Actions, monitoring with Prometheus/Grafana, and cloud-native architectures
kubectl-localmeshにおけるEnvoy HTTPプロトコル設定の実装パターンとトラブルシューティング
Validate Dapr component configs, sidecar annotations, and mTLS settings. Use when: (1) Creating Dapr Component manifests, (2) Adding Dapr annotations to deployments, (3) Configuring pub/sub, state stores, or bindings, (4) Before deploying Dapr-enabled applications, (5) Generating new Dapr components. Validates secrets management (secretKeyRef), scopes, mTLS, sidecar resource limits, and namespace configuration.
Sets SST secrets for deployed environments. Use when configuring Clerk, database, Stripe, or webhook secrets.
Use the oadp-cli kubectl plugin for both cluster-admin backup/restore operations and namespace-scoped non-admin self-service backups.
Validates Kubernetes manifests using kubeconform, kube-score, and custom homelab policies. Use when creating or modifying YAML files, Helm values, or ArgoCD applications.
Implement environment variable management with .env files, validation, and environment-specific configs. Use when setting up configuration, handling secrets, or managing different deployment environments.