@john/k8s
v2026.03.04.3
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
Repository
https://github.com/johnrwatson/k8s-swamp-extension
Quality score
How well-documented and verifiable this extension is.
Not yet scored.
A score will be generated the next time this extension is published. The owner can also trigger scoring manually.
Install
$ swamp extension pull @john/k8sRelease Notes
debug-namespace-deep now takes a single 'namespace' input. Model instances must follow the naming convention {namespace}-pod, {namespace}-deployment, {namespace}-service, {namespace}-event, {namespace}-configmap, {namespace}-pvc, {namespace}-secret, {namespace}-netpol. The workflow derives all model references automatically via CEL expressions — no need to pass 8 separate model names.
@john/configmapv2026.02.27.1k8s/configmap.ts
listList all configmaps in the configured namespace
getGet a single configmap's data and metadata
| Argument | Type | Description |
|---|---|---|
| configMapName | string |
createCreate a configmap from key-value data pairs with optional labels
| Argument | Type | Description |
|---|---|---|
| configMapName | string | |
| data | record | |
| labels? | record |
updateMerge new keys into an existing configmap via read-then-replace
| Argument | Type | Description |
|---|---|---|
| configMapName | string | |
| data | record |
deleteDelete a configmap
| Argument | Type | Description |
|---|---|---|
| configMapName | string |
Resources
configmap(infinite)— ConfigMap with key-value data, data keys list, labels, and annotations
@john/deploymentv2026.02.27.1k8s/deployment.ts
listList all deployments in the configured namespace with replicas, strategy, containers, and conditions
getGet a deployment's full spec including containers, volumes, security contexts, and rollout conditions
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
createCreate a deployment from a container image or full spec object
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| image? | string | |
| replicas | number | |
| spec? | any |
updateUpdate a deployment's container image and/or replica count via read-then-replace
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| image? | string | |
| replicas? | number |
deleteDelete a deployment
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
scaleScale a deployment to the specified replica count
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| replicas | number |
restartTrigger a rolling restart by setting the restartedAt annotation on the pod template
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
pausePause a deployment's rollout by setting spec.paused = true
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
resumeResume a paused deployment's rollout by setting spec.paused = false
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
getRolloutStatusGet a deployment's rollout status with Available, Progressing, and ReplicaFailure conditions
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
getReplicaSetsList ReplicaSets owned by a deployment, showing rollout history and revisions
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
Resources
deployment(infinite)— Deployment spec with replicas, strategy, containers, volumes, security contexts, and rollout conditions
replicaSet(1h)— ReplicaSet showing replica counts, owner deployment, and revision number
@john/eventv2026.02.27.1k8s/event.ts
listList all events in the namespace, sorted by lastTimestamp descending
getForPodGet events for a specific pod, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| podName | string |
getForDeploymentGet events for a specific deployment, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| deploymentName | string |
getForServiceGet events for a specific service, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| serviceName | string |
getWarningsGet only Warning-type events in the namespace, sorted by lastTimestamp descending
Resources
event(1h)— Kubernetes event with type, reason, message, involved object, count, and timestamps
@john/hpav2026.02.27.1k8s/hpa.ts
listList all HorizontalPodAutoscalers in the namespace with current vs target metrics and replica counts
getGet an HPA's current vs target metrics, replica range, scale conditions, and last scale time
| Argument | Type | Description |
|---|---|---|
| hpaName | string |
createCreate an HPA targeting a deployment with CPU utilization threshold and replica range
| Argument | Type | Description |
|---|---|---|
| hpaName | string | |
| targetDeployment | string | |
| minReplicas | number | |
| maxReplicas | number | |
| cpuTargetPercent | number |
deleteDelete a HorizontalPodAutoscaler
| Argument | Type | Description |
|---|---|---|
| hpaName | string |
Resources
hpa(infinite)— HorizontalPodAutoscaler with current/target metrics, replica range, scale conditions, and last scale time
@john/ingressv2026.02.27.1k8s/ingress.ts
listList all ingresses in the configured namespace
getGet an ingress's spec with rules, TLS config, and load balancer status
| Argument | Type | Description |
|---|---|---|
| ingressName | string |
createCreate an ingress from rules with optional TLS config and ingress class
| Argument | Type | Description |
|---|---|---|
| ingressName | string | |
| rules | array | |
| ingressClassName? | string | |
| tls? | array | |
| annotations? | record |
updateUpdate an ingress's rules, TLS config, or annotations via read-then-replace
| Argument | Type | Description |
|---|---|---|
| ingressName | string | |
| rules? | array | |
| tls? | array | |
| annotations? | record |
deleteDelete an ingress
| Argument | Type | Description |
|---|---|---|
| ingressName | string |
Resources
ingress(infinite)— Ingress with rules, TLS config, default backend, and load balancer IPs
@john/jobv2026.02.27.1k8s/job.ts
listJobsList all Jobs in the namespace with completion status, duration, and failure counts
getJobGet a Job's full status including completions, failures, duration, conditions, and containers
| Argument | Type | Description |
|---|---|---|
| jobName | string |
deleteJobDelete a Job and its pods
| Argument | Type | Description |
|---|---|---|
| jobName | string |
listCronJobsList all CronJobs with schedule, suspend status, last run times, and active job count
getCronJobGet a CronJob's schedule, suspend status, concurrency policy, and history limits
| Argument | Type | Description |
|---|---|---|
| cronJobName | string |
deleteCronJobDelete a CronJob and all its child Jobs
| Argument | Type | Description |
|---|---|---|
| cronJobName | string |
Resources
job(infinite)— Job with completions, failures, duration, conditions, and owner CronJob reference
cronJob(infinite)— CronJob with schedule, suspend status, concurrency policy, and last schedule/success times
@john/namespacev2026.02.26.1k8s/namespace.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| context? | string | |
| kubeconfig? | string | |
| labels? | string |
listList all namespaces in the cluster, optionally filtered by label selector
getGet a single namespace's phase, finalizers, conditions, labels, and annotations
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
createCreate a new namespace with optional labels
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| labels? | record |
deleteDelete a namespace and all resources within it
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
updateMerge new labels and/or annotations onto a namespace via read-then-replace
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| labels? | record | |
| annotations? | record |
getResourceQuotasList all resource quotas in a namespace showing hard limits and current usage
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
setResourceQuotaCreate or replace a resource quota with the given hard limits (pods, cpu, memory, etc.)
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| quotaName | string | |
| hard | record |
deleteResourceQuotaDelete a resource quota from a namespace
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| quotaName | string |
getLimitRangesList all limit ranges in a namespace showing default, min, and max resource constraints
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
setLimitRangeCreate or replace a limit range defining default, min, and max resource constraints per container type
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| limitRangeName | string | |
| limits | array |
deleteLimitRangeDelete a limit range from a namespace
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| limitRangeName | string |
getResourceCountsCount pods, services, deployments, configmaps, secrets, service accounts, and PVCs in a namespace via parallel API calls
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
Resources
namespace(infinite)— Namespace state including phase, finalizers, conditions, labels, and annotations
resourceQuota(infinite)— Resource quota showing hard limits and current usage for pods, CPU, memory, etc.
limitRange(infinite)— Limit range defining default, min, and max resource constraints for containers in a namespace
resourceCounts(1h)— Count of pods, services, deployments, configmaps, secrets, service accounts, and PVCs in a namespace
@john/netpolv2026.02.27.1k8s/netpol.ts
listList all NetworkPolicies in the namespace with pod selectors, policy types, and rule counts
getGet a NetworkPolicy's full spec with pod selector, ingress/egress rules, peer selectors, and CIDR blocks
| Argument | Type | Description |
|---|---|---|
| policyName | string |
createCreate a NetworkPolicy with pod selector and ingress/egress rules
| Argument | Type | Description |
|---|---|---|
| policyName | string | |
| podSelector | record | |
| policyTypes | array | |
| ingress? | array | |
| egress? | array |
deleteDelete a NetworkPolicy
| Argument | Type | Description |
|---|---|---|
| policyName | string |
Resources
netpol(infinite)— NetworkPolicy with pod selector, ingress/egress rules, peer selectors, and CIDR blocks
@john/nodev2026.02.27.1k8s/node.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| context? | string | |
| kubeconfig? | string | |
| labels? | string |
listList all nodes with status, capacity, conditions, and taints
getGet a node's full status including conditions, capacity, taints, and node info
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
getMetricsGet CPU and memory usage for all nodes from metrics-server
cordonCordon a node by setting spec.unschedulable = true
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
uncordonUncordon a node by setting spec.unschedulable = false
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
taintAdd a taint to a node
| Argument | Type | Description |
|---|---|---|
| nodeName | string | |
| key | string | |
| value | string | |
| effect | enum |
untaintRemove a taint from a node by key
| Argument | Type | Description |
|---|---|---|
| nodeName | string | |
| key | string |
getPodsOnNodeList all pods running on a specific node across all namespaces
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
Resources
node(infinite)— Node with conditions, capacity, allocatable resources, taints, and node info
nodeMetrics(1h)— Node CPU and memory usage from metrics-server
nodePod(1h)— Pod running on a specific node
@john/podv2026.02.26.1k8s/pod.ts
listContextsList available kubeconfig contexts
listList all pods in the configured namespace, optionally filtered by label selector
getGet a single pod's full status including phase, container states, conditions, and IPs
| Argument | Type | Description |
|---|---|---|
| podName | string |
createCreate a pod from a container image name or a full pod spec object
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| image? | string | |
| spec? | any |
deleteDelete a pod
| Argument | Type | Description |
|---|---|---|
| podName | string |
restartDelete a pod and wait up to waitSeconds for its controller to recreate it in Running state
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| waitSeconds | number |
getLogsFetch the last N lines of container logs via the K8s API and store as a streaming file
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| container? | string | |
| tailLines | number | |
| previous | boolean |
getMetricsQuery the metrics-server API for per-pod and per-container CPU/memory usage in the namespace
execRun a command in a pod container via kubectl exec and capture stdout/stderr and exit code
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| command | array | |
| container? | string |
Resources
pod(infinite)— Pod state including phase, container statuses, conditions, IPs, and restart counts
metrics(1h)— Per-pod and per-container CPU/memory usage from the metrics-server
execResult(1h)— Stdout, exit code, and metadata from a non-interactive kubectl exec
contextInfo(infinite)— Available kubeconfig contexts
Files
logs(text/plain)— Raw container stdout/stderr logs fetched from the K8s API
@john/pod-summaryv2026.02.26.1k8s/pod_summary.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| sourceName | string |
summarizeRead pod resources from a @john/pod instance and compute counts by phase, node, restart totals, and healthy/unhealthy breakdown
Resources
summary(infinite)— Aggregated pod counts by phase, node, restart totals, high-restart pods, and healthy/unhealthy breakdown
@john/pvcv2026.02.27.1k8s/pvc.ts
listList all PersistentVolumeClaims in the namespace with binding status, storage class, and capacity
getGet a PVC's binding status, storage class, requested vs actual capacity, and access modes
| Argument | Type | Description |
|---|---|---|
| pvcName | string |
createCreate a PVC with storage class, access mode, and requested capacity
| Argument | Type | Description |
|---|---|---|
| pvcName | string | |
| storageClassName | string | |
| storage | string | |
| accessModes | array |
deleteDelete a PersistentVolumeClaim
| Argument | Type | Description |
|---|---|---|
| pvcName | string |
listVolumesList all PersistentVolumes in the cluster with phase, capacity, reclaim policy, and source
Resources
pvc(infinite)— PersistentVolumeClaim with phase, storage class, capacity, access modes, and bound volume
pv(infinite)— PersistentVolume with phase, capacity, reclaim policy, and volume source
@john/rbacv2026.02.27.1k8s/rbac.ts
listRolesList all Roles in the namespace with their permission rules (apiGroups, resources, verbs)
getRoleGet a Role's full permission rules showing which API groups, resources, and verbs are allowed
| Argument | Type | Description |
|---|---|---|
| roleName | string |
listClusterRolesList all ClusterRoles in the cluster with their permission rules and aggregation selectors
getClusterRoleGet a ClusterRole's full permission rules and aggregation configuration
| Argument | Type | Description |
|---|---|---|
| clusterRoleName | string |
listRoleBindingsList all RoleBindings in the namespace showing which subjects are bound to which roles
getRoleBindingGet a RoleBinding's subjects (users, groups, service accounts) and the role it references
| Argument | Type | Description |
|---|---|---|
| roleBindingName | string |
listClusterRoleBindingsList all ClusterRoleBindings showing which subjects have cluster-wide role assignments
getClusterRoleBindingGet a ClusterRoleBinding's subjects and the cluster role it references
| Argument | Type | Description |
|---|---|---|
| clusterRoleBindingName | string |
listServiceAccountsList all ServiceAccounts in the namespace with auto-mount token status and secret counts
getServiceAccountGet a ServiceAccount's auto-mount token setting and associated secrets
| Argument | Type | Description |
|---|---|---|
| serviceAccountName | string |
Resources
role(infinite)— Namespaced Role with API group/resource/verb permission rules
clusterRole(infinite)— Cluster-scoped ClusterRole with permission rules and optional aggregation selectors
roleBinding(infinite)— Namespaced RoleBinding linking subjects (users, groups, service accounts) to a Role or ClusterRole
clusterRoleBinding(infinite)— Cluster-scoped ClusterRoleBinding linking subjects to a ClusterRole
serviceAccount(infinite)— ServiceAccount with auto-mount token status and associated secret count
@john/secretv2026.02.27.1k8s/secret.ts
listList all secrets in the namespace showing type and data keys (not content)
getGet a secret with decoded data values (sensitive, stored in vault)
| Argument | Type | Description |
|---|---|---|
| secretName | string |
createCreate a secret from key-value data pairs (values will be base64-encoded)
| Argument | Type | Description |
|---|---|---|
| secretName | string | |
| data | record | |
| type | string | |
| labels? | record |
updateMerge new keys into an existing secret via read-then-replace (values will be base64-encoded)
| Argument | Type | Description |
|---|---|---|
| secretName | string | |
| data | record |
deleteDelete a secret
| Argument | Type | Description |
|---|---|---|
| secretName | string |
Resources
secretMeta(infinite)— Secret metadata with type and data key names (no content)
secret(infinite)— Secret with decoded data values (sensitive, stored in vault)
@john/servicev2026.02.27.1k8s/service.ts
listList all services in the configured namespace with their type, ports, and selectors
getGet a single service's spec including type, clusterIP, ports, and pod selector
| Argument | Type | Description |
|---|---|---|
| serviceName | string |
getEndpointsGet the endpoint addresses backing a service, showing which pods are ready and not ready
| Argument | Type | Description |
|---|---|---|
| serviceName | string |
createCreate a service with selector, ports, and optional type and labels
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| selector | record | |
| ports | array | |
| type | string | |
| labels? | record |
updateUpdate a service's selector and/or ports via read-then-replace
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| selector? | record | |
| ports? | array |
deleteDelete a service
| Argument | Type | Description |
|---|---|---|
| serviceName | string |
diagnoseServiceDiagnose a service by comparing its selector against pod labels, reporting mismatches and port analysis
| Argument | Type | Description |
|---|---|---|
| serviceName | string |
Resources
service(infinite)— Service spec including type, clusterIP, ports, and pod selector labels
endpoints(1h)— Endpoint addresses backing a service, split into ready and not-ready
diagnosis(1h)— Service diagnosis comparing selector vs pod labels, port analysis, and health status
@john/debug-namespace-deep66654a96-7f45-4b6a-acff-e4987d40e648
Comprehensive namespace debugging workflow — just pass a namespace name. Expects model instances named {namespace}-pod, {namespace}-deployment, {namespace}-service, {namespace}-event, {namespace}-configmap, {namespace}-pvc, {namespace}-secret, and {namespace}-netpol (all targeting the same namespace). Automatically discovers and diagnoses ALL resources: collects every deployment, pod, service, configmap, PVC, secret, network policy, and event in parallel, then iterates over all discovered servic
discoverCollect all resources in the namespace in parallel
1.list-deployments${{ inputs.namespace + "-deployment" }}.list— List all deployments with replica counts, images, and conditions
2.list-pods${{ inputs.namespace + "-pod" }}.list— List all pods with phase, container states, and restart counts
3.list-services${{ inputs.namespace + "-service" }}.list— List all services with type, ports, and selectors
4.list-configmaps${{ inputs.namespace + "-configmap" }}.list— List all configmaps with their data keys and values
5.list-pvcs${{ inputs.namespace + "-pvc" }}.list— List all PVCs with binding status, storage class, and capacity
6.list-secrets${{ inputs.namespace + "-secret" }}.list— List all secrets with type and data keys (not decoded values)
7.list-netpols${{ inputs.namespace + "-netpol" }}.list— List all NetworkPolicies with pod selectors and rule counts
8.list-events${{ inputs.namespace + "-event" }}.list— List all events sorted by timestamp
9.get-warnings${{ inputs.namespace + "-event" }}.getWarnings— List only warning-type events for quick problem identification
diagnose-servicesAutomatically diagnose every discovered service — selector matching, endpoint health, port analysis
1.diagnose-${{ self.svc.attributes.name }}${{ inputs.namespace + "-service" }}.diagnoseService— Diagnose service selector and port matching
diagnose-deploymentsCheck rollout status and ReplicaSet history for every discovered deployment
1.rollout-${{ self.dep.attributes.name }}${{ inputs.namespace + "-deployment" }}.getRolloutStatus— Get deployment rollout status and conditions
2.replicasets-${{ self.dep.attributes.name }}${{ inputs.namespace + "-deployment" }}.getReplicaSets— Get deployment ReplicaSet history and revisions
inspect-netpolsFetch full rule details for every discovered NetworkPolicy — selectors, ports, and CIDR blocks
1.get-${{ self.pol.attributes.name }}${{ inputs.namespace + "-netpol" }}.get— Inspect NetworkPolicy rules, selectors, and traffic configuration
@john/deployment-status731aed2b-b876-42e5-84e4-327133e1dfaf
Rollout health check for all deployments — replica counts, rollout conditions, ReplicaSet history, and warning events
checkCollect deployment specs, rollout conditions, and related events
1.list-deployments${{ inputs.deploymentModel }}.list— Fetch all deployments with replica counts, strategy, containers, and rollout conditions
2.list-events${{ inputs.eventModel }}.list— Fetch all events to correlate with deployment activity (scaling, rollouts, failures)
3.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch warning events to surface rollout failures, image pull errors, and crash loops
@john/service-connectivityfc82018b-d717-49ac-9ecd-f0396d6a6f61
Service connectivity overview — all services, all pods with labels, endpoints, and warning events for diagnosing routing and selector mismatches
collectGather services, pods, and events to diagnose connectivity issues
1.list-services${{ inputs.serviceModel }}.list— Fetch all services with selectors, ports, and types for selector-vs-label comparison
2.list-pods${{ inputs.podModel }}.list— Fetch all pods with labels, phase, and container ports for cross-referencing against service selectors
3.list-events${{ inputs.eventModel }}.list— Fetch all events to identify service-related issues (endpoint changes, failures)
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch warning events for quick identification of connectivity-affecting problems
@john/cluster-health07dac9da-b595-43a8-b3a9-db6844b3b177
Cluster-wide health overview — node conditions, resource capacity, CPU/memory utilization, pod distribution, and storage status
assessCollect node status, metrics, pod health, and storage data
1.list-nodes${{ inputs.nodeModel }}.list— Fetch all nodes with conditions (Ready, MemoryPressure, DiskPressure), capacity, taints, and schedulability
2.get-node-metrics${{ inputs.nodeModel }}.getMetrics— Fetch CPU and memory usage for all nodes from metrics-server
3.list-pods${{ inputs.podModel }}.list— Fetch all pods to assess distribution, phases, and restart counts
4.get-pod-metrics${{ inputs.podModel }}.getMetrics— Fetch per-pod CPU and memory usage from metrics-server
5.list-pvcs${{ inputs.pvcModel }}.list— Fetch PVC binding status and capacity to check for unbound or full volumes
6.list-pvs${{ inputs.pvcModel }}.listVolumes— Fetch cluster PersistentVolumes to check reclaim policies and available capacity
@john/security-audit14f9de97-d94e-4e62-9a55-78edc575ae49
Audit namespace security posture — deployment security contexts, volumes, secrets, configmaps, ingress TLS, NetworkPolicy coverage, RBAC roles/bindings, and ServiceAccount permissions
collectGather all security-relevant resources from the namespace
1.list-deployments${{ inputs.deploymentModel }}.list— Fetch all deployments to inspect container security contexts, volume mounts, and image sources
2.list-secrets${{ inputs.secretModel }}.list— Inventory all secrets by type and key names (no content pulled)
3.list-configmaps${{ inputs.configmapModel }}.list— Fetch all configmaps to check for accidentally embedded credentials or sensitive config
4.list-ingresses${{ inputs.ingressModel }}.list— Fetch all ingresses to verify TLS termination and annotation-based security policies
5.list-netpols${{ inputs.netpolModel }}.list— Fetch all NetworkPolicies to verify pod selector coverage, ingress/egress restrictions, and CIDR blocks
6.list-roles${{ inputs.rbacModel }}.listRoles— Fetch namespace Roles to audit permission rules
7.list-role-bindings${{ inputs.rbacModel }}.listRoleBindings— Fetch namespace RoleBindings to map subject-to-role assignments
8.list-service-accounts${{ inputs.rbacModel }}.listServiceAccounts— Fetch ServiceAccounts to check auto-mount token settings
@john/rbac-audit856cc29a-27c5-4b8e-98bb-69ff7ea30cd7
RBAC security audit — Roles, ClusterRoles, RoleBindings, ClusterRoleBindings, ServiceAccounts, and permission analysis for identifying overly permissive access, wildcard rules, and cluster-admin bindings
collectGather all RBAC resources for permission analysis
1.list-roles${{ inputs.rbacModel }}.listRoles— Fetch all namespace-scoped Roles to audit permission rules (apiGroups, resources, verbs)
2.list-cluster-roles${{ inputs.rbacModel }}.listClusterRoles— Fetch all ClusterRoles to identify overly permissive cluster-wide permissions and wildcard rules
3.list-role-bindings${{ inputs.rbacModel }}.listRoleBindings— Fetch all namespace RoleBindings to map which subjects (users, groups, SAs) have which role assignments
4.list-cluster-role-bindings${{ inputs.rbacModel }}.listClusterRoleBindings— Fetch all ClusterRoleBindings to identify cluster-admin access and broad cluster-wide permissions
5.list-service-accounts${{ inputs.rbacModel }}.listServiceAccounts— Fetch all ServiceAccounts to check auto-mount token settings and secret associations
@john/storage-healthb1e038a4-04a9-4763-befa-02c8c5ffcd16
Storage health check — PVC binding status, capacity usage, PersistentVolume inventory, and storage-related events
collectGather PVC status, PV inventory, and storage events
1.list-pvcs${{ inputs.pvcModel }}.list— Fetch all PVCs to check binding status, storage classes, requested vs actual capacity, and access modes
2.list-pvs${{ inputs.pvcModel }}.listVolumes— Fetch cluster-wide PersistentVolumes to check phases, reclaim policies, and volume sources
3.list-events${{ inputs.eventModel }}.list— Fetch namespace events to surface FailedMount, FailedAttachVolume, and ProvisioningFailed warnings
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch only warning events to highlight storage provisioning failures and mount errors
@john/autoscaling-status5935cf85-a935-4e1f-b65b-0c4eb62afa08
Autoscaling status report — HPA current vs target metrics, replica counts, scale conditions, and related deployment state
collectGather HPA metrics, deployment state, and scaling events
1.list-hpas${{ inputs.hpaModel }}.list— Fetch all HPAs to compare current vs target metrics, replica ranges, scale conditions, and last scale times
2.list-deployments${{ inputs.deploymentModel }}.list— Fetch all deployments to cross-reference HPA targets with actual replica counts and rollout status
3.list-events${{ inputs.eventModel }}.list— Fetch namespace events to surface ScalingReplicaSet, SuccessfulRescale, and FailedGetResourceMetric events
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch only warning events to highlight scaling failures and metric collection errors
@john/batch-jobs-status85f5b09a-2aad-4682-8a11-2fc5e0bbfcc1
Batch workload status — Job completion rates, CronJob schedules, failure counts, and batch-related warnings
collectGather Job/CronJob status and batch events
1.list-jobs${{ inputs.jobModel }}.listJobs— Fetch all Jobs to check completion counts, failure rates, durations, and active/succeeded/failed status
2.list-cronjobs${{ inputs.jobModel }}.listCronJobs— Fetch all CronJobs to check schedules, suspend status, concurrency policies, and last run times
3.list-events${{ inputs.eventModel }}.list— Fetch namespace events to surface job completion, failure, and scheduling events
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch only warning events to highlight BackoffLimitExceeded, DeadlineExceeded, and failed scheduling
@john/network-audit153573f2-bce7-4657-879f-5d6317c9d7ca
Network policy audit — NetworkPolicy inventory, pod selector coverage, service endpoints, and traffic rule analysis
collectGather NetworkPolicies, services, pods, and events for network analysis
1.list-netpols${{ inputs.netpolModel }}.list— Fetch all NetworkPolicies to audit pod selectors, ingress/egress rules, CIDR blocks, and policy types
2.list-services${{ inputs.serviceModel }}.list— Fetch all services to cross-reference with NetworkPolicy selectors and check endpoint exposure
3.list-pods${{ inputs.podModel }}.list— Fetch all pods to identify which pods are covered by NetworkPolicies and which are unprotected
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch warning events to surface any network-related failures
@john/pod-inventory8dbc9cbf-6a48-4065-bfe2-2d0b3559f65b
List all pods via the cluster-pods model and collect per-pod CPU/memory metrics from the metrics-server in a single job
collectList pods from the K8s API and query the metrics-server for resource usage
1.list-podscluster-pods.list— Fetch all pods in the configured namespace via the K8s API
2.collect-metricscluster-pods.getMetrics— Query the metrics-server for CPU and memory usage of all pods in the namespace
@john/pod-health-checkbe9dd9b0-fc50-471e-abb5-2f02beea0c96
Discover all pods via cluster-pods, then iterate over each to fetch detailed status and the last 50 lines of container logs
discoverList all pods in the configured namespace to populate the pod data set
1.list-allcluster-pods.list— Fetch all pods from the K8s API
inspectIterate over each discovered pod to fetch its full status and recent logs
1.get-statuscluster-pods.get— Read detailed pod status including container states, conditions, and restart counts
2.get-logscluster-pods.getLogs— Fetch the last 50 lines of stdout/stderr logs from each pod's containers
@john/cluster-summaryeaea8dd8-54f0-4d86-ab75-68bd3dd5ec1b
Collect pod inventory and metrics from cluster-pods, then aggregate into a summary with counts by phase, node, restart totals, and health status
collectFetch all pods from the K8s API and query the metrics-server for CPU/memory usage
1.list-podscluster-pods.list— Fetch all pods in the configured namespace via the K8s API
2.get-metricscluster-pods.getMetrics— Query the metrics-server for per-pod CPU and memory usage
summarizeRead collected pod data and compute aggregated statistics
1.build-summarypod-summary.summarize— Aggregate pods by phase, node, restart count, and health status into a single summary resource
2026.03.04.25.3 MBMar 4, 2026
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
Release Notes
debug-namespace-deep workflow now automatically discovers and diagnoses all resources in the namespace. Removed the serviceNames, deploymentNames, and netpolNames inputs — the workflow uses data.findBySpec() to iterate over every service, deployment, and network policy found during discovery. Just provide model instance names and the workflow handles the rest.
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64
2026.03.04.15.3 MBMar 4, 2026
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
Release Notes
Replaced namespace-debug workflow with debug-namespace-deep — a comprehensive deep-dive debugging workflow that collects deployments, pods, services, configmaps, PVCs, secrets, network policies, and events in parallel, then runs targeted per-service diagnostics, per-deployment rollout status and ReplicaSet history, and per-netpol rule inspection. Significantly improves namespace debugging quality and coverage.
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64
2026.02.27.55.3 MBFeb 27, 2026
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64
2026.02.27.45.3 MBFeb 27, 2026
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64
2026.02.27.35.3 MBFeb 27, 2026
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64
2026.02.27.2yanked5.3 MBFeb 27, 2026
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64
2026.02.27.1yanked5.3 MBFeb 27, 2026
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64