Summary

KubeShark addresses the critical issue of LLMs hallucinating or generating insecure/deprecated Kubernetes manifests. This skill for Claude Code and Codex grounds AI-generated Kubernetes configurations in official best practices and security standards, preventing costly runtime errors and vulnerabilities. It ensures production-ready, reliable manifests by eliminating common LLM mistakes.

How It Works

The core is a "failure-mode workflow" guiding LLMs through context capture, failure diagnosis, targeted reference loading via Conditional Reference Retrieval (CRR), risk-controlled fix proposals, validation, and a structured output contract. This approach prioritizes diagnosis over raw generation, tackles Kubernetes' multi-dimensional risks (security, networking, scheduling), and mitigates training data pollution from deprecated APIs, yielding safer, more accurate results.

Quick Start & Requirements

• Install: Clone to ~/.claude/skills/kubernetes-skill (Claude Code) or project root .kubernetes-skill (Codex). Alternatively, install via Claude Code's marketplace (/plugin marketplace add LukasNiessen/kubernetes-skill).
• Prerequisites: Claude Code or Codex environment.
• Setup: ~2 minutes.
• Docs: Quick Start, Marketplace.

Highlighted Details

• Conditional Reference Retrieval (CRR): Dynamically loads platform-specific (EKS, GKE, AKS, OpenShift) or controller-specific (GitOps, observability) guidance only when detected, optimizing token usage.
• Compliance & Security: Aligns with Kubernetes docs, NSA/CISA Hardening Guide, OWASP Top 10, PSS, and CIS Benchmarks, enforcing security-first defaults (e.g., PSS restricted profile).
• Token Efficiency: Aggressively de-duplicated and optimized content for maximum quality per token, avoiding generic documentation dumps.
• Comprehensive Coverage: Includes dedicated references for Helm, Kustomize, policy engines (Kyverno, OPA/Gatekeeper), and banks of good/bad examples with LLM mistake checklists.

Maintenance & Community

• Maintainers: LukasNiessen, janMagnusHeimann, TristanKruse.
• Community: Active via GitHub Discussions (link).

Licensing & Compatibility

• License: MIT.
• Compatibility: Permissive MIT license supports commercial use and integration into closed-source projects.

Limitations & Caveats

Designed as an LLM augmentation, its effectiveness depends on the LLM's execution environment and interpretation. Targets Kubernetes 1.25+ baseline, flagging pre-1.25 deprecated APIs; guidance is version-aware.