DevOps & Infra Skill
Bash Defensive Patterns
Master defensive Bash programming techniques for production-grade scripts.
$15
K8s Manifest Generator
Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and…
A step-by-step guide and template set for generating production-ready Kubernetes manifests: Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims. Every manifest follows cloud-native best practices with resource limits, health probes, security contexts, and standard labels built in.
$15 one-time
Add to a kit → Prices include 20% VAT. · Forged on real agency work · one-time, no lock-in
- Type Skill
- Category DevOps & Infra
- Delivery Email · instant
- License One-time
Inside the run · no black box
See the actual work before you buy it.
YAML gets written last. The workload is interrogated first, then every Deployment ships with probes, pinned tags and resource limits baked in, and three validators must pass before anything touches a cluster.
- Interrogates the workload before writing YAML: stateless or stateful, image and exact tag, ports, CPU and memory needs, storage, external exposure and health endpoints. Missing answers become questions, not assumptions.
- Writes the Deployment with the non-negotiables baked in: resource requests and limits, liveness plus readiness probes, pinned image tags (latest is forbidden), replica count matched to availability needs.
- Picks the Service type deliberately: ClusterIP for internal traffic, LoadBalancer only when external exposure is justified, with named ports and selectors that provably match pod labels.
- Separates configuration from secrets: ConfigMap for non-sensitive values, Secret for credentials with the explicit rule that plain secrets never land in Git, pointing to Sealed Secrets or External Secrets Operator instead.
- Hardens the pod security context as a checklist: runAsNonRoot, drop ALL capabilities, readOnlyRootFilesystem, no privilege escalation, RuntimeDefault seccomp, plus the standard app.kubernetes.io label set on everything.
- Validates before anything ships: kubectl apply --dry-run client and server side, then kubeval, kube-score and kube-linter, so a broken manifest fails in review instead of in the cluster.
One power source. 6 lines out.
k8s-manifest-generator · core
core active · 6 lines
- ✓ creating deployment mani…
Creating Deployment manifests with replicas, probes, and resource limits
- ✓ defining clusterip and l…
Defining ClusterIP and LoadBalancer Services for network connectivity
- ✓ separating configuration…
Separating configuration with ConfigMaps and sensitive data with Secrets
- ✓ adding persistentvolumec…
Adding PersistentVolumeClaims for stateful workloads
- ✓ applying hardened security
Applying hardened security contexts that run as non-root with dropped capabilities
- ✓ organizing multi-resourc…
Organizing multi-resource manifests with Kustomize base-and-overlay structure
Yours to keep.
Drag time forward. Watch what stays.
Forever
That's what owning means.
The rented stack
ai writing tool: subscription
expired · access lostanalytics suite: subscription
expired · access lostdesign platform: subscription
expired · access lost(nothing left)
Your forge
-
Ship manifests that pass dry-run and linting on the first try
license: perpetual -
Prevent resource starvation with requests and limits set by default
license: perpetual -
Harden every pod with non-root, read-only filesystem, and dropped capabilities
license: perpetual -
Keep environments consistent and DRY with shared labels and Kustomize overlays
license: perpetual
subscriptions expire · deeds don't
Everything in the box.
Pick a piece up. Watch it work.
Deployment template with liveness, readiness, and resource configuration
6 parts · one working system · ships instantly by email
This wasn't forged for everyone.
- Not for you if you'd rather rent a tool than own one.
- Not for you if you want someone else to run your stack.
- Not for you if you're happy guessing.
DevOps and platform engineers who need consistent, secure, production-grade Kubernetes manifests without hand-rolling YAML from scratch.
then this was forged for you.Works with
Universal by design: these run in any AI. Delivered in the open Agent Skills + MCP format (native in Claude); ChatGPT, Gemini, Cursor and Copilot adapt the same files their own way.
- Claude Native format
- ChatGPT Adapts via open standards
- Gemini Adapts via open standards
- Cursor Adapts via open standards
- Copilot Adapts via open standards
Catch what's on your mind.
the air is clear. nothing between you and the forge.
catch a spark: the forge will answer
-
We use Helm. Does the Kustomize structure clash with that?
No. The templates are plain YAML; the Kustomize base-and-overlay layout is an organizational suggestion, not a dependency. Blocks like probes, resource limits, and the security context lift straight into your Helm charts.
-
What makes these production-ready compared to what kubectl create gives me?
The defaults: every Deployment ships with resource requests and limits, liveness and readiness probes, a non-root security context with a read-only filesystem and dropped capabilities, and standard labels. A validation workflow with dry-run, kubeval, kube-score, and kube-linter targets manifests that pass linting on the first try.
-
Does it generate CRDs, operators, or service mesh config?
No. The scope is core workloads: Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims. Mesh traffic policy and operator development are separate disciplines.
-
How is it delivered?
By email right after purchase: ready to run, downloaded instantly, no setup wait.
-
One-time or subscription?
A one-time purchase; no subscription or hidden fees. VAT (20%) is included.
-
Can I get a refund?
As a digital product, it can’t be refunded once downloaded. That’s why we show exactly what’s inside and who it’s for, right here.