SkillRepo
Sign InSign Up
Catalog
google/gke-app-onboarding

google

gke-app-onboarding

Manages GKE application onboarding, covering containerization, deployment manifests, and migration. Use when onboarding or deploying an application to GKE for the first time, or containerizing an app for GKE. Don't use for general GKE cluster administration or upgrades (use gke-basics or gke-upgrades instead).

global
New~1.2k
v1.0Saved Jun 24, 2026

GKE App Onboarding

This reference provides workflows for containerizing and deploying applications to GKE for the first time.

MCP Tools: apply_k8s_manifest, get_k8s_resource, get_k8s_rollout_status, get_k8s_logs, describe_k8s_resource

Workflow

1. App Assessment

Before containerizing, assess the application:

  • Language & Framework: Identify the tech stack
  • Dependencies: List required libraries and external services
  • Configuration: How is the app configured? (env vars, config files, secrets)
  • Statefulness: Does it need persistent storage? (databases, file storage)
  • Networking: Port mapping and protocol (HTTP, gRPC, TCP)
  • Health endpoints: Does the app expose health check endpoints?

2. Containerization

Create a container image:

Dockerfile (recommended for most apps):

# Multi-stage build for smaller, more secure images
FROM golang:1.22 AS builder
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 go build -o server .

FROM gcr.io/distroless/static:nonroot
COPY --from=builder /app/server /server
USER nonroot:nonroot
EXPOSE 8080
ENTRYPOINT ["/server"]

Best practices:

  • Use multi-stage builds to keep production images small
  • Use distroless or minimal base images to reduce attack surface
  • Run as non-root user
  • Log to stdout and stderr for Cloud Logging collection

For applications where writing a Dockerfile is not preferred, you can use Cloud Native Buildpacks to automatically detect the language and build a container image:

pack build <image> --builder gcr.io/buildpacks/builder:latest

3. Image Management

Build and store the container image:

# Configure Docker for Artifact Registry
gcloud auth configure-docker <REGION>-docker.pkg.dev --quiet

# Build and push
docker build -t <REGION>-docker.pkg.dev/<PROJECT>/<REPO>/<IMAGE>:<TAG> .
docker push <REGION>-docker.pkg.dev/<PROJECT>/<REPO>/<IMAGE>:<TAG>

Vulnerability scanning: Enable automatic scanning in Artifact Registry to detect issues in base images and dependencies.

# Check scan results
gcloud artifacts docker images describe \
  <REGION>-docker.pkg.dev/<PROJECT>/<REPO>/<IMAGE>:<TAG> \
  --show-package-vulnerability \
  --quiet

4. Manifest Generation

Generate Kubernetes manifests for the application:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-app
        image: <REGION>-docker.pkg.dev/<PROJECT>/<REPO>/<IMAGE>:<TAG>
        ports:
        - containerPort: 8080
        resources:
          requests:
            cpu: "250m"
            memory: "256Mi"
          limits:
            cpu: "500m"
            memory: "512Mi"
        livenessProbe:
          httpGet:
            path: /healthz
            port: 8080
          initialDelaySeconds: 10
        readinessProbe:
          httpGet:
            path: /readyz
            port: 8080
          initialDelaySeconds: 5
---
apiVersion: v1
kind: Service
metadata:
  name: my-app
spec:
  selector:
    app: my-app
  ports:
  - port: 80
    targetPort: 8080
  type: ClusterIP

Checklist for manifests:

  • Resource requests and limits set
  • Liveness and readiness probes configured
  • At least 2 replicas for production
  • Service type appropriate (ClusterIP for internal, use Gateway API for external)

5. Deploy

# MCP (preferred)
apply_k8s_manifest(parent="projects/<PROJECT>/locations/<REGION>/clusters/<CLUSTER>", yamlManifest="<manifest>")

# Verify
get_k8s_rollout_status(parent="...", resourceType="deployment", name="my-app")
get_k8s_resource(parent="...", resourceType="pod", labelSelector="app=my-app")

kubectl fallback:

kubectl apply -f manifests/
kubectl rollout status deployment/my-app
kubectl get pods -l app=my-app

Next Steps

Once the application is running on GKE:

  • Configure autoscaling — see the gke-scaling skill
  • Set up observability — see the gke-observability skill
  • Harden security — see the gke-security skill
  • Configure reliability (PDBs, topology spread) — see the gke-reliability skill
Files5
5 files · 13.6 KB

Select a file to preview

Overall Score

86/100

Grade

A

Excellent

Safety

85

Quality

89

Clarity

86

Completeness

82

Summary

A reference skill guiding containerization and deployment of applications to Google Kubernetes Engine (GKE) for the first time. Covers app assessment, Dockerfile creation, container image management, Kubernetes manifest generation, and deployment verification using MCP tools or kubectl.

Static Analysis Findings

1 finding

Patterns detected by deterministic static analysis before AI scoring. Hover over any finding code for detailed information and remediation guidance.

Credential Exposure
SEC-020Direct .env File Access

Direct .env file access

assets/index.js.env
85% confidenceCWE-538: Sensitive Info in Externally-Accessible File

Detected Capabilities

file readmanifest templatinggcloud command executiondocker build and pushkubectl deploymentcontainer image scanningk8s resource querying

Trigger Keywords

Phrases that MCP clients use to match this skill to user intent.

containerize for gkedeploy to gkegke manifest generationdocker image to gkekubernetes deployment setup

Risk Signals

INFO

Direct .env file reference in assets/index.js

assets/index.js | static analysis SEC-020

Referenced Domains

External domains referenced in skill content, detected by static analysis.

buildpacks.iowww.apache.org

Use Cases

  • Containerize a new application for GKE deployment
  • Generate production-ready Kubernetes manifests with resource requests, probes, and replicas
  • Build and push container images to Artifact Registry with vulnerability scanning
  • Deploy an application to GKE and verify rollout status
  • Migrate an existing application to run on GKE

Quality Notes

  • Well-structured workflow covering all key GKE onboarding phases with clear step progression
  • Includes both MCP tool commands (preferred) and kubectl fallback for deployment flexibility
  • Provides production-ready Kubernetes manifest examples with security best practices (non-root user, resource limits, health probes, distroless images)
  • Excellent security guidance: multi-stage builds, minimal base images, vulnerability scanning, security contexts, and readOnlyRootFilesystem
  • Comprehensive app assessment checklist helps users evaluate readiness before containerization
  • References Cloud Native Buildpacks as alternative to Dockerfile for language auto-detection
  • Includes practical checklist for manifests covering replicas, probes, resource requests, and service types
  • Next Steps section appropriately links to complementary skills (scaling, observability, security, reliability)
  • Supporting example files (Dockerfile, deployment.yaml, Node.js app) are well-annotated and follow security best practices
  • Clear scope boundaries: explicitly states not for cluster administration or upgrades
Model: claude-haiku-4-5-20251001Analyzed: Jun 24, 2026

Reviews

Add this skill to your library to leave a review.

No reviews yet

Be the first to share your experience.

Add google/gke-app-onboarding to your library

Get Started Free

Command Palette

Search for a command to run...

google/gke-app-onboarding | SkillRepo