Introduce AKS review skill#2076
Conversation
Co-authored-by: Copilot <copilot@github.com>
There was a problem hiding this comment.
Pull request overview
Introduces a new azure-kubernetes-review skill under plugin/skills/ to guide an evidence-based AKS posture review and generate a standardized Markdown audit report.
Changes:
- Adds the
azure-kubernetes-reviewskill with an end-to-end workflow and guardrails. - Adds reference documents (checklist matrix, container checks, diagnostics detector mapping) plus a report template.
- Updates
.gitignoreto ignore*.crtfiles.
Reviewed changes
Copilot reviewed 13 out of 14 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| plugin/skills/azure-kubernetes-review/SKILL.md | Skill entrypoint, workflow outline, inputs/outputs, guardrails |
| plugin/skills/azure-kubernetes-review/assets/aks-audit-report-template.md | Report template for audit output |
| plugin/skills/azure-kubernetes-review/references/aks-checklist-matrix.md | Canonical checklist matrix + validation commands |
| plugin/skills/azure-kubernetes-review/references/aks-container-best-practices.md | Container-level best-practice checks and scoring rules |
| plugin/skills/azure-kubernetes-review/references/aks-diagnostics-detectors.md | Diagnostics detector extraction + mapping guidance |
| plugin/skills/azure-kubernetes-review/references/quality-gates.md | Completeness checks and decision logic |
| plugin/skills/azure-kubernetes-review/references/workflow-scope-and-checklist.md | Scope definition + checklist loading workflow |
| plugin/skills/azure-kubernetes-review/references/workflow-diagnostics.md | Diagnostics execution workflow |
| plugin/skills/azure-kubernetes-review/references/workflow-warning-events.md | Warning event collection + correlation workflow |
| plugin/skills/azure-kubernetes-review/references/workflow-container-assessment.md | Container assessment workflow |
| plugin/skills/azure-kubernetes-review/references/workflow-validation-and-findings.md | Validation command execution + findings workflow |
| plugin/skills/azure-kubernetes-review/references/workflow-report.md | Report generation workflow |
| .gitignore | Ignores *.crt files |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
Solid contribution with deep AKS domain knowledge. The progressive disclosure structure (SKILL.md + 11 reference files) is well-suited for a complex audit workflow.
Main concern - echoing @kvenkatrajan's feedback: the existing azure-kubernetes skill handles Day-0 provisioning while this targets Day-2 audit. There's a reasonable case for separation given the 1200+ lines of audit-specific content, but the repo's direction is to minimize skill count. Consider whether this could be a mode or workflow within the existing skill (e.g., triggered by "review AKS", "audit AKS cluster") with the reference files living alongside the existing skill's references.
Additional items below focus on frontmatter compliance and missing required sections per repo conventions.
| name: azure-kubernetes-review | ||
| license: MIT | ||
| metadata: | ||
| author: johnbilliris |
There was a problem hiding this comment.
[MEDIUM] metadata.author should be Microsoft
Per skill-files.instructions.md, the recommended author value is Microsoft for all skills in this repo.
| author: johnbilliris | |
| author: Microsoft |
johnbilliris
requested review from
chandraneel,
gambtho and
saikoumudi
as code owners
There was a problem hiding this comment.
Would it make sense to put more of the review description in more deeply nested files so the azure-kubernetes/SKILL.md file can stay below 1k tokens in size?
There was a problem hiding this comment.
+1 on this. Numbers: SKILL.md goes from ~2600 tokens (Day-0 only) to ~4000 tokens with the Day-2 section. It's under the 5000-token cap in skill-files.instructions.md, but the "Required Inputs" table, "Review Workflow" numbered list, and "Review Decision Logic" section could all move to a reference file. That'd bring the main file back to ~3000 tokens while keeping the Day-2 description and trigger phrases in the frontmatter and a one-liner link to the detail.
jongio
left a comment
jongio
left a comment
There was a problem hiding this comment.
Consolidation into the existing azure-kubernetes skill addresses my previous concerns and @kvenkatrajan's request. All four of my earlier comments (metadata.author, argument-hint, missing Quick Reference, unrelated .gitignore change) are resolved - the separate skill was removed and the .gitignore hunk dropped.
The Day-2 section integrates cleanly alongside the Day-0 content. Progressive disclosure is solid - 10 reference files handle the detail, keeping the workflow steps in SKILL.md as pointers.
One thing worth watching: SKILL.md went from ~2600 to ~4000 tokens. It's under the 5000-token limit from skill-files.instructions.md, but the Day-2 "Required Inputs" table and "Review Decision Logic" subsections could move to a reference file to keep the main file leaner - see @okonech's thread.
Description
Introduce an Azure Kubernetes Review skill
Checklist
cd tests && npm test)npm run test:skills:integration -- <skill>)USE FOR/DO NOT USE FOR/PREFER OVERclauses: confirmed no routing regressions for competing skillsRelated Issues