K8s
@john/k8sv2026.04.29.5
01README
Kubernetes operational toolkit — 15 model types covering pods, deployments, services, RBAC, storage, networking, autoscaling, batch jobs, and more. Includes 13 ready-to-run workflows for namespace debugging, security audits, RBAC analysis, cluster health, and operational diagnostics.
02Models
@john/podv2026.02.26.1k8s/pod.ts
fn listContexts()
List available kubeconfig contexts
fn list(namespace?: string)
List all pods in the configured namespace, optionally filtered by label selector
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(podName: string, namespace?: string)
Get a single pod's full status including phase, container states, conditions, and IPs
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| namespace? | string |
fn create(podName: string, image?: string, spec?: any, namespace?: string)
Create a pod from a container image name or a full pod spec object
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| image? | string | |
| spec? | any | |
| namespace? | string |
fn delete(podName: string, namespace?: string)
Delete a pod
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| namespace? | string |
fn restart(podName: string, waitSeconds: number, namespace?: string)
Delete a pod and wait up to waitSeconds for its controller to recreate it in Running state
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| waitSeconds | number | |
| namespace? | string |
fn getLogs(podName: string, container?: string, tailLines: number, previous: boolean, namespace?: string)
Fetch the last N lines of container logs via the K8s API and store as a streaming file
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| container? | string | |
| tailLines | number | |
| previous | boolean | |
| namespace? | string |
fn getMetrics(namespace?: string)
Query the metrics-server API for per-pod and per-container CPU/memory usage in the namespace
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn exec(podName: string, command: array, container?: string)
Run a command in a pod container via kubectl exec and capture stdout/stderr and exit code
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| command | array | |
| container? | string |
Resources
pod(infinite)— Pod state including phase, container statuses, conditions, IPs, and restart counts
metrics(1h)— Per-pod and per-container CPU/memory usage from the metrics-server
execResult(1h)— Stdout, exit code, and metadata from a non-interactive kubectl exec
contextInfo(infinite)— Available kubeconfig contexts
Files
logs(text/plain)— Raw container stdout/stderr logs fetched from the K8s API
@john/pod-summaryv2026.02.26.1k8s/pod_summary.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| sourceName | string |
fn summarize()
Read pod resources from a @john/pod instance and compute counts by phase, node, restart totals, and healthy/unhealthy breakdown
Resources
summary(infinite)— Aggregated pod counts by phase, node, restart totals, high-restart pods, and healthy/unhealthy breakdown
@john/namespacev2026.04.29.1k8s/namespace.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| context? | string | |
| kubeconfig? | string | |
| labels? | string |
fn list()
List all namespaces in the cluster, optionally filtered by label selector
fn get(namespaceName: string)
Get a single namespace's phase, finalizers, conditions, labels, and annotations
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
fn create(namespaceName: string, labels?: record)
Create a new namespace with optional labels
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| labels? | record |
fn delete(namespaceName: string)
Delete a namespace and all resources within it
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
fn update(namespaceName: string, labels?: record, annotations?: record)
Merge new labels and/or annotations onto a namespace via read-then-replace
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| labels? | record | |
| annotations? | record |
fn getResourceQuotas(namespaceName: string)
List all resource quotas in a namespace showing hard limits and current usage
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
fn setResourceQuota(namespaceName: string, quotaName: string, hard: record)
Create or replace a resource quota with the given hard limits (pods, cpu, memory, etc.)
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| quotaName | string | |
| hard | record |
fn deleteResourceQuota(namespaceName: string, quotaName: string)
Delete a resource quota from a namespace
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| quotaName | string |
fn getLimitRanges(namespaceName: string)
List all limit ranges in a namespace showing default, min, and max resource constraints
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
fn setLimitRange(namespaceName: string, limitRangeName: string, limits: array)
Create or replace a limit range defining default, min, and max resource constraints per container type
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| limitRangeName | string | |
| limits | array |
fn deleteLimitRange(namespaceName: string, limitRangeName: string)
Delete a limit range from a namespace
| Argument | Type | Description |
|---|---|---|
| namespaceName | string | |
| limitRangeName | string |
fn getResourceCounts(namespaceName: string)
Count pods, services, deployments, configmaps, secrets, service accounts, and PVCs in a namespace via parallel API calls
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
fn health(namespaceName: string)
Single-call health aggregator. Returns {healthy: bool} plus per-resource breakdown for deployments, pods, services, and Warning events. Use this instead of fanning out across deployment/pod/service/event models when you just need to know whether a namespace is healthy.
| Argument | Type | Description |
|---|---|---|
| namespaceName | string |
Resources
namespace(infinite)— Namespace state including phase, finalizers, conditions, labels, and annotations
resourceQuota(infinite)— Resource quota showing hard limits and current usage for pods, CPU, memory, etc.
limitRange(infinite)— Limit range defining default, min, and max resource constraints for containers in a namespace
resourceCounts(1h)— Count of pods, services, deployments, configmaps, secrets, service accounts, and PVCs in a namespace
namespaceHealth(5m)— Aggregated namespace health: per-deployment readiness, per-pod phase, per-service selector/port match, and Warning event count, plus a single top-level healthy boolean
@john/servicev2026.02.27.1k8s/service.ts
fn list(namespace?: string)
List all services in the configured namespace with their type, ports, and selectors
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(serviceName: string, namespace?: string)
Get a single service's spec including type, clusterIP, ports, and pod selector
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| namespace? | string |
fn getEndpoints(serviceName: string, namespace?: string)
Get the endpoint addresses backing a service, showing which pods are ready and not ready
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| namespace? | string |
fn create(serviceName: string, selector: record, ports: array, type: string, labels?: record)
Create a service with selector, ports, and optional type and labels
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| selector | record | |
| ports | array | |
| type | string | |
| labels? | record |
fn update(serviceName: string, selector?: record, ports?: array)
Update a service's selector and/or ports via read-then-replace
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| selector? | record | |
| ports? | array |
fn delete(serviceName: string, namespace?: string)
Delete a service
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| namespace? | string |
fn diagnoseService(serviceName: string, namespace?: string)
Diagnose a service by comparing its selector against pod labels, reporting mismatches and port analysis
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| namespace? | string |
Resources
service(infinite)— Service spec including type, clusterIP, ports, and pod selector labels
endpoints(1h)— Endpoint addresses backing a service, split into ready and not-ready
diagnosis(1h)— Service diagnosis comparing selector vs pod labels, port analysis, and health status
@john/deploymentv2026.02.27.1k8s/deployment.ts
fn list(namespace?: string)
List all deployments in the configured namespace with replicas, strategy, containers, and conditions
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(deploymentName: string, namespace?: string)
Get a deployment's full spec including containers, volumes, security contexts, and rollout conditions
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
fn create(deploymentName: string, image?: string, replicas: number, spec?: any, namespace?: string)
Create a deployment from a container image or full spec object
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| image? | string | |
| replicas | number | |
| spec? | any | |
| namespace? | string |
fn update(deploymentName: string, image?: string, replicas?: number, namespace?: string)
Update a deployment's container image and/or replica count via read-then-replace
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| image? | string | |
| replicas? | number | |
| namespace? | string |
fn delete(deploymentName: string, namespace?: string)
Delete a deployment
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
fn scale(deploymentName: string, replicas: number, namespace?: string)
Scale a deployment to the specified replica count
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| replicas | number | |
| namespace? | string |
fn restart(deploymentName: string, namespace?: string)
Trigger a rolling restart by setting the restartedAt annotation on the pod template
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
fn pause(deploymentName: string, namespace?: string)
Pause a deployment's rollout by setting spec.paused = true
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
fn resume(deploymentName: string, namespace?: string)
Resume a paused deployment's rollout by setting spec.paused = false
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
fn getRolloutStatus(deploymentName: string, namespace?: string)
Get a deployment's rollout status with Available, Progressing, and ReplicaFailure conditions
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
fn getReplicaSets(deploymentName: string, namespace?: string)
List ReplicaSets owned by a deployment, showing rollout history and revisions
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
Resources
deployment(infinite)— Deployment spec with replicas, strategy, containers, volumes, security contexts, and rollout conditions
replicaSet(1h)— ReplicaSet showing replica counts, owner deployment, and revision number
@john/eventv2026.02.27.1k8s/event.ts
fn list(namespace?: string)
List all events in the namespace, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn getForPod(podName: string, namespace?: string)
Get events for a specific pod, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| podName | string | |
| namespace? | string |
fn getForDeployment(deploymentName: string, namespace?: string)
Get events for a specific deployment, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| deploymentName | string | |
| namespace? | string |
fn getForService(serviceName: string, namespace?: string)
Get events for a specific service, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| serviceName | string | |
| namespace? | string |
fn getWarnings(namespace?: string)
Get only Warning-type events in the namespace, sorted by lastTimestamp descending
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
Resources
event(1h)— Kubernetes event with type, reason, message, involved object, count, and timestamps
@john/configmapv2026.02.27.1k8s/configmap.ts
fn list(namespace?: string)
List all configmaps in the configured namespace
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(configMapName: string, namespace?: string)
Get a single configmap's data and metadata
| Argument | Type | Description |
|---|---|---|
| configMapName | string | |
| namespace? | string |
fn create(configMapName: string, data: record, labels?: record, namespace?: string)
Create a configmap from key-value data pairs with optional labels
| Argument | Type | Description |
|---|---|---|
| configMapName | string | |
| data | record | |
| labels? | record | |
| namespace? | string |
fn update(configMapName: string, data: record, namespace?: string)
Merge new keys into an existing configmap via read-then-replace
| Argument | Type | Description |
|---|---|---|
| configMapName | string | |
| data | record | |
| namespace? | string |
fn delete(configMapName: string, namespace?: string)
Delete a configmap
| Argument | Type | Description |
|---|---|---|
| configMapName | string | |
| namespace? | string |
Resources
configmap(infinite)— ConfigMap with key-value data, data keys list, labels, and annotations
@john/secretv2026.02.27.1k8s/secret.ts
fn list(namespace?: string)
List all secrets in the namespace showing type and data keys (not content)
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(secretName: string, namespace?: string)
Get a secret with decoded data values (sensitive, stored in vault)
| Argument | Type | Description |
|---|---|---|
| secretName | string | |
| namespace? | string |
fn create(secretName: string, data: record, type: string, labels?: record, namespace?: string)
Create a secret from key-value data pairs (values will be base64-encoded)
| Argument | Type | Description |
|---|---|---|
| secretName | string | |
| data | record | |
| type | string | |
| labels? | record | |
| namespace? | string |
fn update(secretName: string, data: record, namespace?: string)
Merge new keys into an existing secret via read-then-replace (values will be base64-encoded)
| Argument | Type | Description |
|---|---|---|
| secretName | string | |
| data | record | |
| namespace? | string |
fn delete(secretName: string, namespace?: string)
Delete a secret
| Argument | Type | Description |
|---|---|---|
| secretName | string | |
| namespace? | string |
Resources
secretMeta(infinite)— Secret metadata with type and data key names (no content)
secret(infinite)— Secret with decoded data values (sensitive, stored in vault)
@john/ingressv2026.02.27.1k8s/ingress.ts
fn list(namespace?: string)
List all ingresses in the configured namespace
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(ingressName: string, namespace?: string)
Get an ingress's spec with rules, TLS config, and load balancer status
| Argument | Type | Description |
|---|---|---|
| ingressName | string | |
| namespace? | string |
fn create(ingressName: string, rules: array, ingressClassName?: string, tls?: array, annotations?: record)
Create an ingress from rules with optional TLS config and ingress class
| Argument | Type | Description |
|---|---|---|
| ingressName | string | |
| rules | array | |
| ingressClassName? | string | |
| tls? | array | |
| annotations? | record |
fn update(ingressName: string, rules?: array, tls?: array, annotations?: record)
Update an ingress's rules, TLS config, or annotations via read-then-replace
| Argument | Type | Description |
|---|---|---|
| ingressName | string | |
| rules? | array | |
| tls? | array | |
| annotations? | record |
fn delete(ingressName: string, namespace?: string)
Delete an ingress
| Argument | Type | Description |
|---|---|---|
| ingressName | string | |
| namespace? | string |
Resources
ingress(infinite)— Ingress with rules, TLS config, default backend, and load balancer IPs
@john/nodev2026.02.27.1k8s/node.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| context? | string | |
| kubeconfig? | string | |
| labels? | string |
fn list()
List all nodes with status, capacity, conditions, and taints
fn get(nodeName: string)
Get a node's full status including conditions, capacity, taints, and node info
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
fn getMetrics()
Get CPU and memory usage for all nodes from metrics-server
fn cordon(nodeName: string)
Cordon a node by setting spec.unschedulable = true
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
fn uncordon(nodeName: string)
Uncordon a node by setting spec.unschedulable = false
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
fn taint(nodeName: string, key: string, value: string, effect: enum)
Add a taint to a node
| Argument | Type | Description |
|---|---|---|
| nodeName | string | |
| key | string | |
| value | string | |
| effect | enum |
fn untaint(nodeName: string, key: string)
Remove a taint from a node by key
| Argument | Type | Description |
|---|---|---|
| nodeName | string | |
| key | string |
fn getPodsOnNode(nodeName: string)
List all pods running on a specific node across all namespaces
| Argument | Type | Description |
|---|---|---|
| nodeName | string |
Resources
node(infinite)— Node with conditions, capacity, allocatable resources, taints, and node info
nodeMetrics(1h)— Node CPU and memory usage from metrics-server
nodePod(1h)— Pod running on a specific node
@john/pvcv2026.02.27.1k8s/pvc.ts
fn list(namespace?: string)
List all PersistentVolumeClaims in the namespace with binding status, storage class, and capacity
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(pvcName: string, namespace?: string)
Get a PVC's binding status, storage class, requested vs actual capacity, and access modes
| Argument | Type | Description |
|---|---|---|
| pvcName | string | |
| namespace? | string |
fn create(pvcName: string, storageClassName: string, storage: string, accessModes: array, namespace?: string)
Create a PVC with storage class, access mode, and requested capacity
| Argument | Type | Description |
|---|---|---|
| pvcName | string | |
| storageClassName | string | |
| storage | string | |
| accessModes | array | |
| namespace? | string |
fn delete(pvcName: string, namespace?: string)
Delete a PersistentVolumeClaim
| Argument | Type | Description |
|---|---|---|
| pvcName | string | |
| namespace? | string |
fn listVolumes()
List all PersistentVolumes in the cluster with phase, capacity, reclaim policy, and source
Resources
pvc(infinite)— PersistentVolumeClaim with phase, storage class, capacity, access modes, and bound volume
pv(infinite)— PersistentVolume with phase, capacity, reclaim policy, and volume source
@john/hpav2026.02.27.1k8s/hpa.ts
fn list(namespace?: string)
List all HorizontalPodAutoscalers in the namespace with current vs target metrics and replica counts
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(hpaName: string, namespace?: string)
Get an HPA's current vs target metrics, replica range, scale conditions, and last scale time
| Argument | Type | Description |
|---|---|---|
| hpaName | string | |
| namespace? | string |
fn create(hpaName: string, targetDeployment: string, minReplicas: number, maxReplicas: number, cpuTargetPercent: number, namespace?: string)
Create an HPA targeting a deployment with CPU utilization threshold and replica range
| Argument | Type | Description |
|---|---|---|
| hpaName | string | |
| targetDeployment | string | |
| minReplicas | number | |
| maxReplicas | number | |
| cpuTargetPercent | number | |
| namespace? | string |
fn delete(hpaName: string, namespace?: string)
Delete a HorizontalPodAutoscaler
| Argument | Type | Description |
|---|---|---|
| hpaName | string | |
| namespace? | string |
Resources
hpa(infinite)— HorizontalPodAutoscaler with current/target metrics, replica range, scale conditions, and last scale time
@john/jobv2026.02.27.1k8s/job.ts
fn listJobs(namespace?: string)
List all Jobs in the namespace with completion status, duration, and failure counts
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn getJob(jobName: string, namespace?: string)
Get a Job's full status including completions, failures, duration, conditions, and containers
| Argument | Type | Description |
|---|---|---|
| jobName | string | |
| namespace? | string |
fn deleteJob(jobName: string, namespace?: string)
Delete a Job and its pods
| Argument | Type | Description |
|---|---|---|
| jobName | string | |
| namespace? | string |
fn listCronJobs(namespace?: string)
List all CronJobs with schedule, suspend status, last run times, and active job count
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn getCronJob(cronJobName: string, namespace?: string)
Get a CronJob's schedule, suspend status, concurrency policy, and history limits
| Argument | Type | Description |
|---|---|---|
| cronJobName | string | |
| namespace? | string |
fn deleteCronJob(cronJobName: string, namespace?: string)
Delete a CronJob and all its child Jobs
| Argument | Type | Description |
|---|---|---|
| cronJobName | string | |
| namespace? | string |
Resources
job(infinite)— Job with completions, failures, duration, conditions, and owner CronJob reference
cronJob(infinite)— CronJob with schedule, suspend status, concurrency policy, and last schedule/success times
@john/netpolv2026.02.27.1k8s/netpol.ts
fn list(namespace?: string)
List all NetworkPolicies in the namespace with pod selectors, policy types, and rule counts
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn get(policyName: string, namespace?: string)
Get a NetworkPolicy's full spec with pod selector, ingress/egress rules, peer selectors, and CIDR blocks
| Argument | Type | Description |
|---|---|---|
| policyName | string | |
| namespace? | string |
fn create(policyName: string, podSelector: record, policyTypes: array, ingress?: array, egress?: array)
Create a NetworkPolicy with pod selector and ingress/egress rules
| Argument | Type | Description |
|---|---|---|
| policyName | string | |
| podSelector | record | |
| policyTypes | array | |
| ingress? | array | |
| egress? | array |
fn delete(policyName: string, namespace?: string)
Delete a NetworkPolicy
| Argument | Type | Description |
|---|---|---|
| policyName | string | |
| namespace? | string |
Resources
netpol(infinite)— NetworkPolicy with pod selector, ingress/egress rules, peer selectors, and CIDR blocks
@john/rbacv2026.02.27.1k8s/rbac.ts
fn listRoles(namespace?: string)
List all Roles in the namespace with their permission rules (apiGroups, resources, verbs)
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn getRole(roleName: string, namespace?: string)
Get a Role's full permission rules showing which API groups, resources, and verbs are allowed
| Argument | Type | Description |
|---|---|---|
| roleName | string | |
| namespace? | string |
fn listClusterRoles()
List all ClusterRoles in the cluster with their permission rules and aggregation selectors
fn getClusterRole(clusterRoleName: string)
Get a ClusterRole's full permission rules and aggregation configuration
| Argument | Type | Description |
|---|---|---|
| clusterRoleName | string |
fn listRoleBindings(namespace?: string)
List all RoleBindings in the namespace showing which subjects are bound to which roles
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn getRoleBinding(roleBindingName: string, namespace?: string)
Get a RoleBinding's subjects (users, groups, service accounts) and the role it references
| Argument | Type | Description |
|---|---|---|
| roleBindingName | string | |
| namespace? | string |
fn listClusterRoleBindings()
List all ClusterRoleBindings showing which subjects have cluster-wide role assignments
fn getClusterRoleBinding(clusterRoleBindingName: string)
Get a ClusterRoleBinding's subjects and the cluster role it references
| Argument | Type | Description |
|---|---|---|
| clusterRoleBindingName | string |
fn listServiceAccounts(namespace?: string)
List all ServiceAccounts in the namespace with auto-mount token status and secret counts
| Argument | Type | Description |
|---|---|---|
| namespace? | string |
fn getServiceAccount(serviceAccountName: string, namespace?: string)
Get a ServiceAccount's auto-mount token setting and associated secrets
| Argument | Type | Description |
|---|---|---|
| serviceAccountName | string | |
| namespace? | string |
Resources
role(infinite)— Namespaced Role with API group/resource/verb permission rules
clusterRole(infinite)— Cluster-scoped ClusterRole with permission rules and optional aggregation selectors
roleBinding(infinite)— Namespaced RoleBinding linking subjects (users, groups, service accounts) to a Role or ClusterRole
clusterRoleBinding(infinite)— Cluster-scoped ClusterRoleBinding linking subjects to a ClusterRole
serviceAccount(infinite)— ServiceAccount with auto-mount token status and associated secret count
03Workflows
@john/debug-namespace-deep66654a96-7f45-4b6a-acff-e4987d40e648
Comprehensive namespace debugging workflow. Discovers and diagnoses every deployment, pod, service, configmap, PVC, secret, network policy, and event in a namespace, then iterates over all discovered services, deployments, and network policies for deep diagnostics — per-service selector and endpoint diagnosis, per-deployment rollout status and ReplicaSet history, and per-netpol rule inspection. PREREQ — create the 9 per-namespace model instances first. Run this once per namespace before invoking
discoverCollect all resources in the namespace in parallel
1.list-deployments${{ inputs.namespace + "-deployment" }}.list— List all deployments with replica counts, images, and conditions
2.list-pods${{ inputs.namespace + "-pod" }}.list— List all pods with phase, container states, and restart counts
3.list-services${{ inputs.namespace + "-service" }}.list— List all services with type, ports, and selectors
4.list-configmaps${{ inputs.namespace + "-configmap" }}.list— List all configmaps with their data keys and values
5.list-pvcs${{ inputs.namespace + "-pvc" }}.list— List all PVCs with binding status, storage class, and capacity
6.list-secrets${{ inputs.namespace + "-secret" }}.list— List all secrets with type and data keys (not decoded values)
7.list-netpols${{ inputs.namespace + "-netpol" }}.list— List all NetworkPolicies with pod selectors and rule counts
8.list-events${{ inputs.namespace + "-event" }}.list— List all events sorted by timestamp
9.get-warnings${{ inputs.namespace + "-event" }}.getWarnings— List only warning-type events for quick problem identification
diagnose-servicesAutomatically diagnose every discovered service — selector matching, endpoint health, port analysis
1.diagnose-${{ self.svc.attributes.name }}${{ inputs.namespace + "-service" }}.diagnoseService— Diagnose service selector and port matching
diagnose-deploymentsCheck rollout status and ReplicaSet history for every discovered deployment
1.rollout-${{ self.dep.attributes.name }}${{ inputs.namespace + "-deployment" }}.getRolloutStatus— Get deployment rollout status and conditions
2.replicasets-${{ self.dep.attributes.name }}${{ inputs.namespace + "-deployment" }}.getReplicaSets— Get deployment ReplicaSet history and revisions
inspect-netpolsFetch full rule details for every discovered NetworkPolicy — selectors, ports, and CIDR blocks
1.get-${{ self.pol.attributes.name }}${{ inputs.namespace + "-netpol" }}.get— Inspect NetworkPolicy rules, selectors, and traffic configuration
summarizeFinal health roll-up. Runs the @john/namespace.health aggregator after everything else — the resulting `namespaceHealth` data record carries a single `healthy: bool` plus per-resource breakdown so callers don't need to fan out across pods/deployments/services/events to verify state.
1.health${{ inputs.namespace + "-namespace" }}.health— Aggregated namespace health — one record summarising the whole namespace
@john/deployment-status731aed2b-b876-42e5-84e4-327133e1dfaf
Rollout health check for all deployments — replica counts, rollout conditions, ReplicaSet history, and warning events
checkCollect deployment specs, rollout conditions, and related events
1.list-deployments${{ inputs.deploymentModel }}.list— Fetch all deployments with replica counts, strategy, containers, and rollout conditions
2.list-events${{ inputs.eventModel }}.list— Fetch all events to correlate with deployment activity (scaling, rollouts, failures)
3.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch warning events to surface rollout failures, image pull errors, and crash loops
@john/service-connectivityfc82018b-d717-49ac-9ecd-f0396d6a6f61
Service connectivity overview — all services, all pods with labels, endpoints, and warning events for diagnosing routing and selector mismatches
collectGather services, pods, and events to diagnose connectivity issues
1.list-services${{ inputs.serviceModel }}.list— Fetch all services with selectors, ports, and types for selector-vs-label comparison
2.list-pods${{ inputs.podModel }}.list— Fetch all pods with labels, phase, and container ports for cross-referencing against service selectors
3.list-events${{ inputs.eventModel }}.list— Fetch all events to identify service-related issues (endpoint changes, failures)
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch warning events for quick identification of connectivity-affecting problems
@john/cluster-health07dac9da-b595-43a8-b3a9-db6844b3b177
Cluster-wide health overview — node conditions, resource capacity, CPU/memory utilization, pod distribution, and storage status
assessCollect node status, metrics, pod health, and storage data
1.list-nodes${{ inputs.nodeModel }}.list— Fetch all nodes with conditions (Ready, MemoryPressure, DiskPressure), capacity, taints, and schedulability
2.get-node-metrics${{ inputs.nodeModel }}.getMetrics— Fetch CPU and memory usage for all nodes from metrics-server
3.list-pods${{ inputs.podModel }}.list— Fetch all pods to assess distribution, phases, and restart counts
4.get-pod-metrics${{ inputs.podModel }}.getMetrics— Fetch per-pod CPU and memory usage from metrics-server
5.list-pvcs${{ inputs.pvcModel }}.list— Fetch PVC binding status and capacity to check for unbound or full volumes
6.list-pvs${{ inputs.pvcModel }}.listVolumes— Fetch cluster PersistentVolumes to check reclaim policies and available capacity
@john/security-audit14f9de97-d94e-4e62-9a55-78edc575ae49
Audit namespace security posture — deployment security contexts, volumes, secrets, configmaps, ingress TLS, NetworkPolicy coverage, RBAC roles/bindings, and ServiceAccount permissions
collectGather all security-relevant resources from the namespace
1.list-deployments${{ inputs.deploymentModel }}.list— Fetch all deployments to inspect container security contexts, volume mounts, and image sources
2.list-secrets${{ inputs.secretModel }}.list— Inventory all secrets by type and key names (no content pulled)
3.list-configmaps${{ inputs.configmapModel }}.list— Fetch all configmaps to check for accidentally embedded credentials or sensitive config
4.list-ingresses${{ inputs.ingressModel }}.list— Fetch all ingresses to verify TLS termination and annotation-based security policies
5.list-netpols${{ inputs.netpolModel }}.list— Fetch all NetworkPolicies to verify pod selector coverage, ingress/egress restrictions, and CIDR blocks
6.list-roles${{ inputs.rbacModel }}.listRoles— Fetch namespace Roles to audit permission rules
7.list-role-bindings${{ inputs.rbacModel }}.listRoleBindings— Fetch namespace RoleBindings to map subject-to-role assignments
8.list-service-accounts${{ inputs.rbacModel }}.listServiceAccounts— Fetch ServiceAccounts to check auto-mount token settings
@john/rbac-audit856cc29a-27c5-4b8e-98bb-69ff7ea30cd7
RBAC security audit — Roles, ClusterRoles, RoleBindings, ClusterRoleBindings, ServiceAccounts, and permission analysis for identifying overly permissive access, wildcard rules, and cluster-admin bindings
collectGather all RBAC resources for permission analysis
1.list-roles${{ inputs.rbacModel }}.listRoles— Fetch all namespace-scoped Roles to audit permission rules (apiGroups, resources, verbs)
2.list-cluster-roles${{ inputs.rbacModel }}.listClusterRoles— Fetch all ClusterRoles to identify overly permissive cluster-wide permissions and wildcard rules
3.list-role-bindings${{ inputs.rbacModel }}.listRoleBindings— Fetch all namespace RoleBindings to map which subjects (users, groups, SAs) have which role assignments
4.list-cluster-role-bindings${{ inputs.rbacModel }}.listClusterRoleBindings— Fetch all ClusterRoleBindings to identify cluster-admin access and broad cluster-wide permissions
5.list-service-accounts${{ inputs.rbacModel }}.listServiceAccounts— Fetch all ServiceAccounts to check auto-mount token settings and secret associations
@john/storage-healthb1e038a4-04a9-4763-befa-02c8c5ffcd16
Storage health check — PVC binding status, capacity usage, PersistentVolume inventory, and storage-related events
collectGather PVC status, PV inventory, and storage events
1.list-pvcs${{ inputs.pvcModel }}.list— Fetch all PVCs to check binding status, storage classes, requested vs actual capacity, and access modes
2.list-pvs${{ inputs.pvcModel }}.listVolumes— Fetch cluster-wide PersistentVolumes to check phases, reclaim policies, and volume sources
3.list-events${{ inputs.eventModel }}.list— Fetch namespace events to surface FailedMount, FailedAttachVolume, and ProvisioningFailed warnings
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch only warning events to highlight storage provisioning failures and mount errors
@john/autoscaling-status5935cf85-a935-4e1f-b65b-0c4eb62afa08
Autoscaling status report — HPA current vs target metrics, replica counts, scale conditions, and related deployment state
collectGather HPA metrics, deployment state, and scaling events
1.list-hpas${{ inputs.hpaModel }}.list— Fetch all HPAs to compare current vs target metrics, replica ranges, scale conditions, and last scale times
2.list-deployments${{ inputs.deploymentModel }}.list— Fetch all deployments to cross-reference HPA targets with actual replica counts and rollout status
3.list-events${{ inputs.eventModel }}.list— Fetch namespace events to surface ScalingReplicaSet, SuccessfulRescale, and FailedGetResourceMetric events
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch only warning events to highlight scaling failures and metric collection errors
@john/batch-jobs-status85f5b09a-2aad-4682-8a11-2fc5e0bbfcc1
Batch workload status — Job completion rates, CronJob schedules, failure counts, and batch-related warnings
collectGather Job/CronJob status and batch events
1.list-jobs${{ inputs.jobModel }}.listJobs— Fetch all Jobs to check completion counts, failure rates, durations, and active/succeeded/failed status
2.list-cronjobs${{ inputs.jobModel }}.listCronJobs— Fetch all CronJobs to check schedules, suspend status, concurrency policies, and last run times
3.list-events${{ inputs.eventModel }}.list— Fetch namespace events to surface job completion, failure, and scheduling events
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch only warning events to highlight BackoffLimitExceeded, DeadlineExceeded, and failed scheduling
@john/network-audit153573f2-bce7-4657-879f-5d6317c9d7ca
Network policy audit — NetworkPolicy inventory, pod selector coverage, service endpoints, and traffic rule analysis
collectGather NetworkPolicies, services, pods, and events for network analysis
1.list-netpols${{ inputs.netpolModel }}.list— Fetch all NetworkPolicies to audit pod selectors, ingress/egress rules, CIDR blocks, and policy types
2.list-services${{ inputs.serviceModel }}.list— Fetch all services to cross-reference with NetworkPolicy selectors and check endpoint exposure
3.list-pods${{ inputs.podModel }}.list— Fetch all pods to identify which pods are covered by NetworkPolicies and which are unprotected
4.get-warnings${{ inputs.eventModel }}.getWarnings— Fetch warning events to surface any network-related failures
@john/pod-inventory8dbc9cbf-6a48-4065-bfe2-2d0b3559f65b
List all pods via the cluster-pods model and collect per-pod CPU/memory metrics from the metrics-server in a single job
collectList pods from the K8s API and query the metrics-server for resource usage
1.list-podscluster-pods.list— Fetch all pods in the configured namespace via the K8s API
2.collect-metricscluster-pods.getMetrics— Query the metrics-server for CPU and memory usage of all pods in the namespace
@john/pod-health-checkbe9dd9b0-fc50-471e-abb5-2f02beea0c96
Discover all pods via cluster-pods, then iterate over each to fetch detailed status and the last 50 lines of container logs
discoverList all pods in the configured namespace to populate the pod data set
1.list-allcluster-pods.list— Fetch all pods from the K8s API
inspectIterate over each discovered pod to fetch its full status and recent logs
1.get-statuscluster-pods.get— Read detailed pod status including container states, conditions, and restart counts
2.get-logscluster-pods.getLogs— Fetch the last 50 lines of stdout/stderr logs from each pod's containers
@john/cluster-summaryeaea8dd8-54f0-4d86-ab75-68bd3dd5ec1b
Collect pod inventory and metrics from cluster-pods, then aggregate into a summary with counts by phase, node, restart totals, and health status
collectFetch all pods from the K8s API and query the metrics-server for CPU/memory usage
1.list-podscluster-pods.list— Fetch all pods in the configured namespace via the K8s API
2.get-metricscluster-pods.getMetrics— Query the metrics-server for per-pod CPU and memory usage
summarizeRead collected pod data and compute aggregated statistics
1.build-summarypod-summary.summarize— Aggregate pods by phase, node, restart count, and health status into a single summary resource
04Previous Versions
2026.04.29.4Apr 29, 2026
Modified 1 models
2026.04.29.3Apr 29, 2026
Modified 1 workflows
2026.04.29.2Apr 29, 2026
2026.04.29.1Apr 29, 2026
2026.03.04.3Mar 4, 2026
debug-namespace-deep now takes a single 'namespace' input. Model instances must follow the naming convention {namespace}-pod, {namespace}-deployment, {namespace}-service, {namespace}-event, {namespace}-configmap, {namespace}-pvc, {namespace}-secret, {namespace}-netpol. The workflow derives all model references automatically via CEL expressions — no need to pass 8 separate model names.
2026.03.04.2Mar 4, 2026
debug-namespace-deep workflow now automatically discovers and diagnoses all resources in the namespace. Removed the serviceNames, deploymentNames, and netpolNames inputs — the workflow uses data.findBySpec() to iterate over every service, deployment, and network policy found during discovery. Just provide model instance names and the workflow handles the rest.
2026.03.04.1Mar 4, 2026
Replaced namespace-debug workflow with debug-namespace-deep — a comprehensive deep-dive debugging workflow that collects deployments, pods, services, configmaps, PVCs, secrets, network policies, and events in parallel, then runs targeted per-service diagnostics, per-deployment rollout status and ReplicaSet history, and per-netpol rule inspection. Significantly improves namespace debugging quality and coverage.
2026.02.27.5Feb 27, 2026
2026.02.27.4Feb 27, 2026
2026.02.27.3Feb 27, 2026
2026.02.27.2yankedFeb 27, 2026
2026.02.27.1yankedFeb 27, 2026
05Stats
D
58 / 100
Downloads
161
Archive size
5.3 MB
- Has README or module doc0/2missing
- README has a code example0/1missing
- README is substantive0/1pending
- Most symbols documented1/1earned
- No slow types1/1earned
- Has description1/1earned
- Platform support declared (or universal)2/2earned
- License declared0/1missing
- Verified public repository2/2earned
06Platforms