Configure Ingress Networking
技能 已验证 活跃Configure Kubernetes Ingress networking with NGINX Ingress Controller, cert-manager for automated TLS certificate management, path-based routing, rate limiting, and multi-domain hosting with SSL termination and load balancing. Use when exposing multiple Kubernetes services via a single load balancer, implementing path-based or host-based routing, automating TLS certificate issuance with Let's Encrypt, or setting up blue-green and canary deployments with traffic splitting.
To automate the complex configuration of production-grade Kubernetes Ingress networking, enabling robust multi-service exposure, secure TLS management, and advanced traffic control.
功能
- Configure NGINX Ingress Controller installation
- Automate TLS certificate issuance with cert-manager
- Implement path-based and host-based routing
- Set up traffic splitting for canary deployments
- Configure rate limiting and authentication
- Customize error pages and headers
使用场景
- Exposing multiple Kubernetes services via a single load balancer
- Implementing path-based or host-based routing for microservices
- Automating TLS certificate issuance and renewal with Let's Encrypt
- Setting up blue-green or canary deployments with traffic splitting
非目标
- Managing the underlying Kubernetes cluster infrastructure
- Configuring application-specific logic beyond network exposure
- Providing a fully automated, zero-configuration solution (user input required for specifics like DNS and credentials)
工作流
- Install NGINX Ingress Controller
- Install cert-manager for Automated TLS
- Create Basic Ingress with TLS
- Implement Advanced Routing and Load Balancing
- Configure Rate Limiting and Authentication
- Implement Custom Error Pages and Request Modification
实践
- DevOps
- Kubernetes Management
- Network Configuration
先决条件
- Kubernetes cluster with LoadBalancer support or MetalLB
- DNS records pointing to cluster LoadBalancer IP
- kubectl and Helm installed
Documentation
- info:Configuration & parameter referenceWhile the procedure details commands and configurations, specific defaults for Helm installations and annotations are not explicitly listed.
Code Execution
- info:ValidationInput validation relies on Kubernetes and Helm's own validation mechanisms. Explicit schema validation for arguments like `email` or `hostedZoneID` is not detailed.
Execution
- info:Pinned dependenciesThe skill relies on system tools like `kubectl` and `helm` which should ideally be pinned, but this is not explicitly declared in the SKILL.md.
安装
/plugin install agent-almanac@pjt222-agent-almanac质量评分
已验证类似扩展
K8s Manifest Generator
100Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.
Setup Container Registry
99Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.
Kubernetes Specialist
99Use when deploying or managing Kubernetes workloads. Invoke to create deployment manifests, configure pod security policies, set up service accounts, define network isolation rules, debug pod crashes, analyze resource limits, inspect container logs, or right-size workloads. Use for Helm charts, RBAC policies, NetworkPolicies, storage configuration, performance optimization, GitOps pipelines, and multi-cluster management.
Secure Linux Web Hosting
99用于在设置、加固或审查自托管云服务器时使用,包括 DNS、SSH、防火墙、Nginx、静态网站托管、反向代理应用程序、使用 Let's Encrypt 或 ACME 客户端进行 HTTPS、安全的 HTTP 到 HTTPS 重定向,或可选的启动后网络调优(如 BBR)。
Mtls Configuration
98Configure mutual TLS (mTLS) for zero-trust service-to-service communication. Use when implementing zero-trust networking, certificate management, or securing internal service communication.
Configure Reverse Proxy
98Configure reverse proxy patterns across multiple tools including Nginx, Traefik, and ShinyProxy. Covers WebSocket proxying, path-based and host-based routing, SSL termination, and Docker label auto-discovery. Use when routing multiple services behind a single entry point, proxying WebSocket connections (Shiny, Socket.IO), auto-discovering Docker services with Traefik labels, or adding SSL termination to services that don't handle TLS natively.