数据同步
- 作者仓库星标 0
- 作者更新于 实时读取
- 作者仓库 skills-registry
- 领域
- 运维部署
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @tomevault-io · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 即装即用
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- 未声明(默认跨平台)
- 底层运行要求
- 无特殊要求
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- 网络行为
- 仅限本地
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: config-as-data
description: Use whenever the user is authoring or modifying Kubernetes configuration stored in ConfigHub, or…
category: 运维部署
runtime: 无特殊运行时
---
# config-as-data 输出预览
## PART A: 任务判断
- 适用问题:部署、CI、环境检查、发布或运维排障。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“The rule / When to use / Do not load for”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于部署、CI、环境检查、发布或运维排障,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“The rule / When to use / Do not load for”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、主要在本地完成、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件;主要在本地完成;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文没有稳定的斜杠命令要求。安装验证后通常全局生效,直接在对话里点名这个 Skill 并描述任务即可。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件。
先用一个小任务确认它会围绕“The rule / When to use / Do not load for”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: config-as-data
description: Use whenever the user is authoring or modifying Kubernetes configuration stored in ConfigHub, or…
category: 运维部署
source: tomevault-io/skills-registry
---
# config-as-data
## 什么时候使用
- 把部署运维方向的常用动作沉淀成 Agent 可调用的技能 适合处理部署、CI、发布、回滚、环境检查和运维排障,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代的步骤…
- 面向部署、CI、环境检查、发布或运维排障,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「The rule / When to use / Do not load for」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件;主要在本地完成;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "config-as-data" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> The rule / When to use / Do not load for
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> 无特殊运行时 | 读取文件、写入/修改文件 | 主要在本地完成
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} config-as-data
Authoring discipline for Kubernetes configuration stored in ConfigHub.
The rule
A ConfigHub Unit contains fully materialized YAML with literal values for every field. Code (functions) operates on data. Data is the source of record. This is not a style preference — it's what makes ConfigHub's query, validation, mutation-graph, and revision-history features work. Re-rendered or templated Units break all of those.
If you're tempted to reach for Helm, Kustomize, Jsonnet, cdk8s, or a values file to author new configuration for ConfigHub, stop and re-read this skill.
When to use
- User is creating a new Kubernetes resource to store in a Unit.
- User is about to add a Helm chart or Kustomize overlay to a Unit's source.
- User asks how to "parameterize" a Unit, share config across environments, or keep a values file alongside YAML.
- User asks how to do something "like Helm values" or "like Kustomize overlays" in ConfigHub.
- User starts templating YAML (
{{ .Values.x }},${VAR},<% %>) that will end up in a Unit.
Do not load for
- One-shot
import-from-helm/import-from-kustomize(those skills render once, then this discipline takes over for subsequent edits). - Authoring config that will live in git or a chart repo, not in ConfigHub.
- Pure read / query tasks.
Preflight gates
cub organization listsucceeds (proves a valid token;cub context get/cub info/cub versiondon't require one) andcub context getreturns a default space.- User has write permission on the target Space.
- If authoring new config, confirm with the user which Space this Unit belongs to. Best practice: one Space per app × environment/region.
The loop
1. Establish intent — authoring or migrating?
- New resource from scratch. Go to step 2.
- Migrating existing Helm/Kustomize. The right skill is
import-from-helmorimport-from-kustomize(future). If those aren't available, render once withhelm templateorkustomize build, strip runtime-only fields, and store the output as a Unit — then never re-render.
2. Produce literal YAML
First, check if the skill-examples Space has a relevant example Unit to use as a starting point:
cub unit get <example-slug> --space skill-examples -o yaml 2>/dev/null
The skill-examples-bootstrap skill seeds Units for common resource types (hello-app, hello-statefulset, hello-daemonset, hello-job, hello-cronjob, hello-ingress, hello-netpol, hello-rbac, hello-hpa, hello-pdb). If a matching example exists, adapt it. If not, scaffold from Kubernetes or hand-author:
kubectl create deployment my-app --image=confighubplaceholder:confighubplaceholder \
--dry-run=client -o yaml \
| yq 'del(.metadata.creationTimestamp, .status)' > my-app.yaml
Use confighubplaceholder for string fields and 999999999 for numeric fields that need to be supplied later. vet-placeholders will block apply while any remain.
For fields kubectl create doesn't cover, hand-author literal YAML — don't template. Consult references/yaml-patterns.md for common shapes. For specific resource types (StatefulSet, Ingress, NetworkPolicy, etc.), use the kubernetes-resources skill.
3. Store in a Unit
cub unit create --space <space> <unit-slug> my-app.yaml \
--change-desc "<summary>
User prompt: <verbatim>
Clarifications: <condensed or 'none'>"
4. Fill in defaults via functions (not by hand)
Prefer the defaults functions over hand-editing — they're hermetic, idempotent, and record a clean revision:
cub function set --space <space> --unit <unit-slug> \
set-container-resources-defaults --change-desc "..."
cub function set --space <space> --unit <unit-slug> \
set-container-probe-defaults --change-desc "..."
cub function set --space <space> --unit <unit-slug> \
set-pod-container-security-context-defaults --change-desc "..."
For Namespaces: set-pod-security-defaults. To guarantee namespace: is set: ensure-namespaces.
5. Make env-specific variations via Units, not templates
To vary config across environments:
- Create one Space per app × environment/region.
- Use upstream → downstream Unit relationships to clone baseline.
- Apply differences via functions:
set-container-image,set-replicas,set-env-var, etc. — each recorded as a revision.
Don't introduce a values file. Don't introduce an overlay. The Space is the parameterization boundary.
For deeper guidance on Space layout (app-home Spaces, per-env Spaces, platform Spaces, naming conventions, and the upstream/downstream topology), load space-topology.
Tool boundary
- Allowed:
cub(mutations),kubectl create --dry-run=clientandkubectl explain(scaffolding only), reading existing chart/overlay content for one-shot import. - Not allowed:
helm install/upgrade,kustomize buildpiped into ongoing editing, writing values files alongside a Unit's YAML, introducing template syntax into a Unit's data.
Change description
Every cub unit create, cub unit update, cub function set, cub run call must pass --change-desc:
<summary line>
User prompt: <verbatim user prompt>
Clarifications: <condensed: "user confirmed target env is prod" / "user chose bundle granularity per-app" / "none">
Stop conditions
- User insists on keeping a values file or template in the Unit. Explain the rule once; if they still want it, stop and hand back — this isn't the skill for that.
- Required field can only be filled correctly at apply time (e.g., a rendered secret from an external system). Use a placeholder + a function that fills it at apply — don't template.
Verify chain
cub unit get <slug> --space <space>— inspect the stored YAML; confirm it is literal.If the Space has validation Triggers wired up (see
triggers-and-applygatesfor the setup), everycub unit create/cub unit update/cub functionset/cub runalready runs them against the new revision — no extra step needed. If not, run the vet functions directly:cub function vet --space <space> --unit <slug> vet-placeholders— no remaining placeholders (unless intentional for later fill).cub function vet --space <space> --unit <slug> vet-schemas— valid against the target K8s version.cub function vet --space <space> --unit <slug> vet-format— clean YAML.
To re-run a specific Trigger against a Unit — useful for validators whose arguments are awkward to retype on the CLI, like
vet-celandvet-starlark, where the configured Trigger already carries the CEL/Starlark expression:cub function vet --space <space> --unit <slug> --trigger <trigger-space>/<trigger-slug>The Trigger supplies the function name and its arguments, so the result matches what automatic validation would produce on a write. Less valuable for validators that take no arguments (
vet-schemas,vet-placeholders,vet-format) — just call those directly.
Evidence
cub unit get <slug> --space <space> --web— opens the Unit in the GUI so the user can see the literal YAML and revision history.
References
references/cub-cli.mdreferences/functions-catalog.mdreferences/yaml-patterns.md— ConfigHub-native YAML patterns for all common resource types.- Companion skills:
kubernetes-resources(authoring specific resource types),space-topology(Space layout, upstream/downstream conventions),triggers-and-applygates(automatic validation on writes, running Triggers explicitly),skill-examples-bootstrap(seeds live examples inskill-examplesSpace). - https://docs.confighub.com/markdown/background/config-as-data.md
Source: confighub/confighub-skills — distributed by TomeVault.
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核