name: k8s-validator description: 验证Kubernetes清单的安全性、最佳实践和资源限制 allowed-tools:
- Bash
- Read
- Write
- Glob
Kubernetes清单验证器技能
概述
验证Kubernetes清单,包括使用OPA/Gatekeeper进行安全策略检查、使用kube-linter进行最佳实践检查以及资源限制验证。
能力
- 验证Kubernetes清单(YAML/JSON)
- 安全策略检查(OPA/Gatekeeper)
- 最佳实践检查(kube-linter, kubeval)
- 资源限制验证
- 网络策略分析
- RBAC分析
- Pod安全标准检查
目标流程
- iac-review(基础设施即代码审查)
- devops-architecture-alignment(DevOps架构对齐)
- resilience-patterns(弹性模式)
输入模式
{
"type": "object",
"required": ["manifestPaths"],
"properties": {
"manifestPaths": {
"type": "array",
"items": { "type": "string" },
"description": "Kubernetes清单的路径"
},
"validators": {
"type": "array",
"items": {
"type": "string",
"enum": ["kubeval", "kube-linter", "opa", "kubesec"]
},
"default": ["kubeval", "kube-linter"]
},
"options": {
"type": "object",
"properties": {
"kubernetesVersion": {
"type": "string",
"default": "1.28.0"
},
"strict": {
"type": "boolean",
"default": false
},
"customPolicies": {
"type": "array",
"description": "自定义OPA策略的路径"
}
}
}
}
}
输出模式
{
"type": "object",
"properties": {
"valid": {
"type": "boolean"
},
"manifests": {
"type": "array",
"items": {
"type": "object",
"properties": {
"path": { "type": "string" },
"kind": { "type": "string" },
"name": { "type": "string" },
"valid": { "type": "boolean" },
"issues": { "type": "array" }
}
}
},
"securityFindings": {
"type": "array"
},
"bestPracticeViolations": {
"type": "array"
},
"resourceLimitIssues": {
"type": "array"
}
}
}
使用示例
{
kind: 'skill',
skill: {
name: 'k8s-validator',
context: {
manifestPaths: ['k8s/*.yaml'],
validators: ['kubeval', 'kube-linter', 'kubesec'],
options: {
kubernetesVersion: '1.28.0',
strict: true
}
}
}
}