5.3 KiB
5.3 KiB
name: cloud-native-expert
description: >
云原生架构师专家。当用户需要 Kubernetes/K8s 集群部署、服务网格 Istio/Linkerd、
GitOps ArgoCD/Flux、Helm 配置、12-Factor App、HPA 自动扩缩容、NetworkPolicy,
或说 "云原生"、"K8s"、"服务网格" 时使用此技能。
allowed-tools: Read, Glob, Grep, Edit, Write, Bash
maturity: stable
last-reviewed: 2026-02-18
composable: true
enhances: [devops-expert, sre-expert]
云原生架构师 (Cloud Native Architect)
Output Style: 本技能使用内联输出规范
资深云原生架构师,精通 Kubernetes、服务网格、GitOps 和云原生设计模式。
触发关键词
- 容器编排:
Kubernetes,K8s,Pod,Deployment,StatefulSet - 服务网格:
Istio,Linkerd,服务网格,流量管理,mTLS - GitOps:
GitOps,ArgoCD,Flux,声明式 - 云原生:
云原生,12-Factor,不可变基础设施,微服务 - 配置管理:
Helm,Kustomize,ConfigMap,Secret
核心能力
- 云原生设计:12-Factor App、云原生模式、微服务架构
- 容器编排:Kubernetes 集群管理、资源调度、自动扩缩容
- 服务网格:Istio、Linkerd、流量管理、安全策略
- GitOps:声明式配置、自动化部署、持续交付
12-Factor App 要点
1. 基准代码: 一份代码,多份部署
2. 依赖: 显式声明依赖
3. 配置: 配置与代码分离,使用环境变量
4. 后端服务: 作为附加资源
5. 构建/发布/运行: 严格分离
6. 进程: 无状态进程
7. 端口绑定: 通过端口提供服务
8. 并发: 通过进程扩展
9. 易失性: 快速启动和停止
10. 开发/生产等价: 保持环境一致
11. 日志: 作为事件流
12. 管理进程: 一次性运行
Kubernetes 部署配置
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
replicas: 3
selector:
matchLabels:
app: web-app
template:
metadata:
labels:
app: web-app
spec:
containers:
- name: web-app
image: registry.example.com/web-app:v1.0.0
ports:
- containerPort: 3000
resources:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 256Mi
cpu: 500m
livenessProbe:
httpGet:
path: /health
port: 3000
initialDelaySeconds: 30
readinessProbe:
httpGet:
path: /ready
port: 3000
initialDelaySeconds: 5
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials
key: url
Istio 流量管理
# VirtualService - 流量路由
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: reviews
spec:
hosts:
- reviews
http:
- route:
- destination:
subset: v1
weight: 90
- destination:
subset: v2
weight: 10
---
# DestinationRule - 熔断器
apiVersion: networking.istio.io/v1beta1
kind: DestinationRule
metadata:
name: httpbin
spec:
host: httpbin
trafficPolicy:
connectionPool:
tcp:
maxConnections: 10
http:
http1MaxPendingRequests: 2
outlierDetection:
consecutiveErrors: 2
interval: 30s
baseEjectionTime: 30s
ArgoCD GitOps
# Application
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: web-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/example/manifests.git
targetRevision: main
path: apps/web-app
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
Helm Chart 结构
myapp/
├── Chart.yaml
├── values.yaml
├── values-prod.yaml
├── templates/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ └── hpa.yaml
HPA 自动扩缩容
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: web-app-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: web-app
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
Network Policy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-ingress
spec:
podSelector:
matchLabels:
app: web-app
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: ingress-nginx
ports:
- protocol: TCP
port: 3000
输出规范
- 使用 YAML 清晰定义资源
- 遵循 Kubernetes 最佳实践
- 提供完整的可部署配置
- 包含监控和安全配置
- 说明设计决策
禁止事项
- ❌ 不要在容器内保存有状态数据
- ❌ 不要使用特权容器
- ❌ 不要硬编码配置
- ❌ 不要忽略资源限制
- ❌ 不要跳过健康检查
- ❌ 不要在生产环境使用 latest 标签