Back to Details

kubernetes-flux

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Kubernetes Flux Skill

Kubernetes Flux 技能

Installation

安装

The skill invokes the Flux CLI. Install:
  • macOS/Linux (Homebrew): 
    brew install fluxcd/tap/flux
  • macOS/Linux (script): 
    curl -s https://fluxcd.io/install.sh | sudo bash
  • Windows (winget): 
    winget install -e --id FluxCD.Flux
  • Windows (Chocolatey): 
    choco install flux
  • Custom dir: 
    curl -s https://fluxcd.io/install.sh | bash -s ~/.local/bin
Verify: 
flux --version
. Then use 
flux bootstrap
to deploy controllers if needed.
本技能调用Flux CLI,安装方式如下:
  • macOS/Linux(Homebrew)
    brew install fluxcd/tap/flux
  • macOS/Linux(脚本)
    curl -s https://fluxcd.io/install.sh | sudo bash
  • Windows(winget)
    winget install -e --id FluxCD.Flux
  • Windows(Chocolatey)
    choco install flux
  • 自定义目录
    curl -s https://fluxcd.io/install.sh | bash -s ~/.local/bin
验证安装:
flux --version
。若需要,可使用
flux bootstrap
部署控制器。

Cheat Sheet & Best Practices

速查表与最佳实践

Bootstrap: 
flux bootstrap git --url=ssh://git@host/repo.git --path=clusters/my-cluster
; use 
--branch
, 
--interval
, 
--private-key-file
or 
--token-auth
as needed.
Status: 
flux check
— controllers/CRDs; 
flux get all -A
— all resources; 
flux get kustomizations
; 
flux tree kustomization <name>
— managed objects.
Hacks: Use 
flux get sources git
and 
flux get kustomizations
to see sync state. Reconcile on demand: 
flux reconcile kustomization <name> --with-source
. Pin versions with 
FLUX_VERSION
on install script. Prefer Git over Helm for app manifests when using GitOps.
引导部署
flux bootstrap git --url=ssh://git@host/repo.git --path=clusters/my-cluster
;可根据需要添加
--branch
--interval
--private-key-file
--token-auth
参数。
状态检查
flux check
— 检查控制器/CRD状态;
flux get all -A
— 查看所有资源;
flux get kustomizations
flux tree kustomization <name>
— 查看托管对象。
实用技巧:使用
flux get sources git
flux get kustomizations
查看同步状态。按需触发调和:
flux reconcile kustomization <name> --with-source
。在安装脚本中通过
FLUX_VERSION
固定版本。使用GitOps时,优先选择Git而非Helm来存储应用清单。

Certifications & Training

认证与培训

Kubernetes: CKA / CKAD (Linux Foundation). Flux: GitOps with Flux (LFS269). Skill data: Bootstrap, reconcile, status (
flux check
, 
flux get all
), tree; GitOps workflow.
Kubernetes相关CKA / CKAD(Linux基金会)。Flux相关GitOps with Flux (LFS269)技能核心内容:引导部署、调和、状态检查(
flux check
flux get all
)、资源树;GitOps工作流。

Hooks & Workflows

钩子与工作流

Suggested hooks: Pre-apply: 
flux check
. Post-push (to Git repo used by Flux): optional reconcile trigger. Use with devops (always) for GitOps clusters.
Workflows: Use with devops (always). Flow: bootstrap or reconcile; debug with 
flux get all
, 
flux tree kustomization
. See 
gitops-workflow
skill and enterprise workflows.
推荐钩子:预应用钩子:
flux check
。推送后钩子(推送到Flux使用的Git仓库):可选触发调和。始终与devops技能配合使用,以管理GitOps集群。
工作流:始终与devops技能配合使用。流程:引导部署或调和;使用
flux get all
flux tree kustomization
进行调试。可参考
gitops-workflow
技能及企业级工作流。

Overview

概述

This skill provides comprehensive Kubernetes cluster management through kubectl, enabling AI agents to inspect, troubleshoot, and manage Kubernetes resources.
本技能通过kubectl提供全面的Kubernetes集群管理能力,支持AI Agent检查、排查和管理Kubernetes资源。

When to Use

使用场景

  • Debugging application pods and containers
  • Monitoring deployment rollouts and status
  • Analyzing service networking and endpoints
  • Investigating cluster events and errors
  • Troubleshooting performance issues
  • Managing application scaling
  • Port forwarding for local development
  • 调试应用Pod与容器
  • 监控Deployment发布状态
  • 分析Service网络与端点
  • 排查集群事件与错误
  • 解决性能问题
  • 管理应用扩缩容
  • 端口转发用于本地开发

Requirements

前置要求

  • kubectl installed and configured
  • Valid KUBECONFIG file or default context
  • Cluster access credentials
  • Appropriate RBAC permissions
  • 已安装并配置kubectl
  • 有效的KUBECONFIG文件或默认上下文
  • 集群访问凭证
  • 合适的RBAC权限

Quick Reference

快速参考

bash
undefined
bash
undefined

Get pods in current namespace

获取当前命名空间下的Pod

kubectl get pods
kubectl get pods

Get pods in specific namespace

获取指定命名空间下的Pod

kubectl get pods -n production
kubectl get pods -n production

Get pods with labels

获取带指定标签的Pod

kubectl get pods -l app=web -n production
kubectl get pods -l app=web -n production

Describe a pod

查看Pod详情

kubectl describe pod my-app-123 -n default
kubectl describe pod my-app-123 -n default

Get pod logs

获取Pod日志

kubectl logs my-app-123 -n default
kubectl logs my-app-123 -n default

Get logs with tail

获取最新N条日志

kubectl logs my-app-123 -n default --tail=100
kubectl logs my-app-123 -n default --tail=100

Get logs since time

获取最近1小时的日志

kubectl logs my-app-123 -n default --since=1h
kubectl logs my-app-123 -n default --since=1h

List recent events

列出最近事件

kubectl get events -n default --sort-by='.lastTimestamp' | tail -20
kubectl get events -n default --sort-by='.lastTimestamp' | tail -20

Watch events in real-time

实时监控事件

kubectl get events -n default -w
undefined
kubectl get events -n default -w
undefined

Resource Discovery

资源发现

Pods

Pod

bash
undefined
bash
undefined

List all pods

列出指定命名空间下的所有Pod

kubectl get pods -n <namespace>
kubectl get pods -n <namespace>

List pods with wide output

列出指定命名空间下的Pod(含详细信息)

kubectl get pods -n <namespace> -o wide
kubectl get pods -n <namespace> -o wide

List pods across all namespaces

列出所有命名空间下的Pod

kubectl get pods -A
kubectl get pods -A

Filter by label

按标签过滤Pod

kubectl get pods -l app=nginx -n <namespace>
undefined
kubectl get pods -l app=nginx -n <namespace>
undefined

Deployments

Deployment

bash
undefined
bash
undefined

List deployments

列出指定命名空间下的Deployment

kubectl get deployments -n <namespace>
kubectl get deployments -n <namespace>

Get deployment details

查看Deployment详情

kubectl describe deployment <name> -n <namespace>
kubectl describe deployment <name> -n <namespace>

Check rollout status

检查发布状态

kubectl rollout status deployment/<name> -n <namespace>
undefined
kubectl rollout status deployment/<name> -n <namespace>
undefined

Services

Service

bash
undefined
bash
undefined

List services

列出指定命名空间下的Service

kubectl get svc -n <namespace>
kubectl get svc -n <namespace>

Describe service

查看Service详情

kubectl describe svc <name> -n <namespace>
kubectl describe svc <name> -n <namespace>

Get endpoints

获取Service端点

kubectl get endpoints <name> -n <namespace>
undefined
kubectl get endpoints <name> -n <namespace>
undefined

ConfigMaps and Secrets

ConfigMap与Secret

bash
undefined
bash
undefined

List ConfigMaps

列出指定命名空间下的ConfigMap

kubectl get configmaps -n <namespace>
kubectl get configmaps -n <namespace>

Describe ConfigMap

查看ConfigMap详情

kubectl describe configmap <name> -n <namespace>
kubectl describe configmap <name> -n <namespace>

Get ConfigMap data

获取ConfigMap数据

kubectl get configmap <name> -n <namespace> -o yaml
kubectl get configmap <name> -n <namespace> -o yaml

List Secrets (names only)

列出指定命名空间下的Secret(仅显示名称)

kubectl get secrets -n <namespace>
kubectl get secrets -n <namespace>

Describe Secret (values masked)

查看Secret详情(值会被掩码处理)

kubectl describe secret <name> -n <namespace>
undefined
kubectl describe secret <name> -n <namespace>
undefined

Namespaces

命名空间

bash
undefined
bash
undefined

List namespaces

列出所有命名空间

kubectl get namespaces
kubectl get namespaces

Get namespace details

查看命名空间详情

kubectl describe namespace <name>
undefined
kubectl describe namespace <name>
undefined

Troubleshooting

故障排查

Pod Debugging

Pod调试

bash
undefined
bash
undefined

Describe pod for events and conditions

查看Pod事件与状态条件

kubectl describe pod <name> -n <namespace>
kubectl describe pod <name> -n <namespace>

Get pod logs

获取Pod日志

kubectl logs <pod-name> -n <namespace>
kubectl logs <pod-name> -n <namespace>

Get logs from specific container

获取Pod中指定容器的日志

kubectl logs <pod-name> -c <container-name> -n <namespace>
kubectl logs <pod-name> -c <container-name> -n <namespace>

Get previous container logs (after crash)

获取Pod中前一个容器的日志(崩溃后)

kubectl logs <pod-name> -n <namespace> --previous
kubectl logs <pod-name> -n <namespace> --previous

Exec into pod

进入Pod执行命令

kubectl exec -it <pod-name> -n <namespace> -- /bin/sh
kubectl exec -it <pod-name> -n <namespace> -- /bin/sh

Run command in pod

在Pod中执行指定命令

kubectl exec <pod-name> -n <namespace> -- ls -la /app
undefined
kubectl exec <pod-name> -n <namespace> -- ls -la /app
undefined

Events

事件排查

bash
undefined
bash
undefined

List events sorted by time

按时间排序列出事件

kubectl get events -n <namespace> --sort-by='.lastTimestamp'
kubectl get events -n <namespace> --sort-by='.lastTimestamp'

Filter warning events

过滤警告事件

kubectl get events -n <namespace> --field-selector type=Warning
kubectl get events -n <namespace> --field-selector type=Warning

Watch events live

实时监控事件

kubectl get events -n <namespace> -w
undefined
kubectl get events -n <namespace> -w
undefined

Management Operations

管理操作

Scaling

扩缩容

bash
undefined
bash
undefined

Scale deployment

扩缩容Deployment

kubectl scale deployment <name> --replicas=5 -n <namespace>
kubectl scale deployment <name> --replicas=5 -n <namespace>

Autoscale deployment

为Deployment配置自动扩缩容

kubectl autoscale deployment <name> --min=2 --max=10 --cpu-percent=80 -n <namespace>
undefined
kubectl autoscale deployment <name> --min=2 --max=10 --cpu-percent=80 -n <namespace>
undefined

Rollouts

发布版本管理

bash
undefined
bash
undefined

Check rollout status

检查发布状态

kubectl rollout status deployment/<name> -n <namespace>
kubectl rollout status deployment/<name> -n <namespace>

View rollout history

查看发布历史

kubectl rollout history deployment/<name> -n <namespace>
kubectl rollout history deployment/<name> -n <namespace>

Rollback to previous version

回滚到上一个版本

kubectl rollout undo deployment/<name> -n <namespace>
kubectl rollout undo deployment/<name> -n <namespace>

Rollback to specific revision

回滚到指定版本

kubectl rollout undo deployment/<name> --to-revision=2 -n <namespace>
undefined
kubectl rollout undo deployment/<name> --to-revision=2 -n <namespace>
undefined

Port Forwarding

端口转发

bash
undefined
bash
undefined

Forward local port to pod

将本地端口转发到Pod

kubectl port-forward <pod-name> 8080:80 -n <namespace>
kubectl port-forward <pod-name> 8080:80 -n <namespace>

Forward to service

将本地端口转发到Service

kubectl port-forward svc/<service-name> 8080:80 -n <namespace>
undefined
kubectl port-forward svc/<service-name> 8080:80 -n <namespace>
undefined

Context Management

上下文管理

bash
undefined
bash
undefined

Get current context

获取当前上下文

kubectl config current-context
kubectl config current-context

List all contexts

列出所有上下文

kubectl config get-contexts
kubectl config get-contexts

Switch context

切换上下文

kubectl config use-context <context-name>
kubectl config use-context <context-name>

Set default namespace

设置默认命名空间

kubectl config set-context --current --namespace=<namespace>
undefined
kubectl config set-context --current --namespace=<namespace>
undefined

Common Workflows

常见工作流

Troubleshoot a Failing Pod

排查故障Pod

bash
undefined
bash
undefined

1. Find the problematic pod

1. 定位问题Pod

kubectl get pods -n production
kubectl get pods -n production

2. Describe for events

2. 查看Pod事件

kubectl describe pod <pod-name> -n production
kubectl describe pod <pod-name> -n production

3. Check events

3. 检查集群事件

kubectl get events -n production --sort-by='.lastTimestamp' | tail -20
kubectl get events -n production --sort-by='.lastTimestamp' | tail -20

4. Get logs

4. 获取Pod日志

kubectl logs <pod-name> -n production --tail=200
undefined
kubectl logs <pod-name> -n production --tail=200
undefined

Monitor Deployment Rollout

监控Deployment发布

bash
undefined
bash
undefined

1. Check deployment status

1. 检查Deployment状态

kubectl get deployments -n production
kubectl get deployments -n production

2. Watch rollout

2. 监控发布过程

kubectl rollout status deployment/<name> -n production
kubectl rollout status deployment/<name> -n production

3. Watch pods

3. 监控Pod状态

kubectl get pods -l app=<app-name> -n production -w
undefined
kubectl get pods -l app=<app-name> -n production -w
undefined

Debug Service Connectivity

调试Service连通性

bash
undefined
bash
undefined

1. Check service

1. 检查Service详情

kubectl describe svc <name> -n <namespace>
kubectl describe svc <name> -n <namespace>

2. Check endpoints

2. 检查Service端点

kubectl get endpoints <name> -n <namespace>
kubectl get endpoints <name> -n <namespace>

3. Check backing pods

3. 检查后端Pod

kubectl get pods -l <service-selector> -n <namespace>
kubectl get pods -l <service-selector> -n <namespace>

4. Port forward for testing

4. 端口转发用于测试

kubectl port-forward svc/<name> 8080:80 -n <namespace>
undefined
kubectl port-forward svc/<name> 8080:80 -n <namespace>
undefined

Safety Features

安全特性

Blocked Operations

受限操作

The following are dangerous and require confirmation:
  • kubectl delete
    commands
  • Destructive exec commands (rm, dd, mkfs)
  • Scale to 0 replicas in production
以下操作存在风险,需要确认后执行:
  • kubectl delete
    命令
  • 破坏性exec命令(如rm、dd、mkfs)
  • 在生产环境中将副本数缩容至0

Masked Output

输出掩码

Secret values are always masked. Only metadata shown.
Secret的值始终会被掩码处理,仅显示元数据。

Error Handling

错误处理

ErrorCauseFix
kubectl not found
Not installedInstall kubectl
Unable to connect
Cluster unreachableCheck network/VPN
Forbidden
RBAC permissionsRequest permissions
NotFound
Resource missingVerify name/namespace
context deadline exceeded
TimeoutCheck cluster health
错误信息原因解决方法
kubectl not found
未安装kubectl安装kubectl
Unable to connect
集群无法访问检查网络/VPN连接
Forbidden
RBAC权限不足申请对应权限
NotFound
资源不存在验证资源名称与命名空间
context deadline exceeded
请求超时检查集群健康状态

Related

相关资源

Memory Protocol (MANDATORY)

记忆协议(必填)

Before starting:
bash
cat .claude/context/memory/learnings.md
After completing: Record any new patterns or exceptions discovered.
ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.
开始前
bash
cat .claude/context/memory/learnings.md
完成后:记录发现的任何新模式或异常情况。
假设会被中断:你的上下文可能会重置。如果内容未被记录到记忆中,则视为未发生。