Create top-level AKS folder and SKILL.md

[julia-yin]

Create a top-level folder for organizing Azure Kubernetes Service skills. Create the service-level skill file targeting AKS cluster creation and best practices.

[Copilot]

Pull request overview

Adds a new top-level azure-kubernetes skill to guide agents/users through planning and creating production-ready Azure Kubernetes Service (AKS) clusters, focusing on Day-0/Day-1 decisions and best practices.

Changes:

• Introduces plugin/skills/azure-kubernetes/SKILL.md with AKS planning guidance, decision framework, and step-by-step execution flow.
• Includes public Microsoft Learn references for core AKS topics (networking, identity, governance, observability, upgrades, cost analysis).

[Copilot]

Rule 2 refers to an "AKS MCP server", but repo MCP config only defines a generic azure MCP server (plugin/.mcp.json). This will lead agents to look for a non-existent server; please update the rule to reference the Azure MCP server and the relevant AKS-related MCP tools (or CLI) explicitly.

Suggested change

	2. Use the AKS MCP server for invoking Azure API and kubectl commands when applicable during the cluster setup and operations processes.
	2. Use the `azure` MCP server and its AKS-related MCP tools to invoke Azure APIs and perform AKS and kubectl operations whenever possible during cluster setup and ongoing operations; if required functionality is not available via MCP tools, fall back to Azure CLI and kubectl commands.

[Copilot]

Section header "## When to Use" is inconsistent with the repo’s common "## When to Use This Skill" heading (e.g., plugin/skills/appinsights-instrumentation/SKILL.md:18 and plugin/skills/azure-messaging/SKILL.md:25). Aligning the heading improves consistency and navigation across skills.

Suggested change

	## When to Use
	## When to Use This Skill

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

[tmeschter]

Generally I would expect this sort of information to be part of a service-specific subsection of azure-prepare/azure-validate/azure-deploy rather than an entirely different skill.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

[Copilot]

The "Should NOT Trigger" prompts are mostly non-Azure/unrelated. Since the skill description includes explicit "DO NOT USE FOR" scenarios (e.g., deploying apps to AKS, debugging AKS issues), add a few negative prompts that match those scenarios to verify the trigger heuristics won’t falsely activate this skill in its own anti-trigger cases.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.

[Copilot]

Pull request overview

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

[Copilot]

plugin/skills/**/SKILL.md files are limited to 500 tokens by the repo’s token-limit checks. This SKILL.md is currently 385 lines and will almost certainly exceed that limit, causing the PR token analysis job to fail. Please move most of the detailed guidance (decision framework, step-by-step execution, extended CLI examples, large tables) into plugin/skills/azure-kubernetes/references/*.md and keep SKILL.md as a concise router/summary with links to those references.

Suggested change

	# Azure Kubernetes Service
	> **AUTHORITATIVE GUIDANCE — MANDATORY COMPLIANCE**
	>
	> This document is the **official source** for setting up best practice Azure Kubernetes Service clusters. Follow these instructions to create and configure AKS clusters that are aligned with the user's requirements.
	## Triggers
	Activate this skill when user wants to:
	- Create a new AKS cluster
	- Plan AKS cluster configuration for production workloads
	- Design AKS networking (API server access, pod IP model, egress)
	- Set up AKS identity and secrets management
	- Configure AKS governance (Azure Policy, Deployment Safeguards)
	- Enable AKS observability (monitoring, Prometheus, Grafana)
	- Define AKS upgrade and patching strategy
	- Enable AKS cost visibility and analysis
	- Understand AKS Automatic vs Standard SKU differences
	- Get a Day-0 checklist for AKS cluster setup and configuration
	## Rules
	1. Start with the user's requirements for provisioning compute, networking, security, and other settings.
	2. Use the AKS MCP server for invoking Azure API and kubectl commands when applicable during the cluster setup and operations processes.
	3. Determine if AKS Automatic or Standard SKU is more appropriate based on the user's need for control vs convenience. Default to AKS Automatic unless specific customizations are required.
	4. Document decisions and rationale for cluster configuration choices, especially for Day-0 decisions that are hard to change later (networking, API server access).
	---
	## MCP Tools (Preferred)
	When Azure MCP and AKS MCP are enabled, use these tools for AKS operations:
	### Cluster Management
	| Tool | Purpose |
	|------|---------|
	| `mcp_azure_mcp_aks` | Subscription-scoped AKS cluster queries and metadata |
	| `mcp_aks_mcp_az_aks_operations` | Cluster operations: show, list, get-versions, nodepool management |
	# Azure Kubernetes Service (AKS)
	This skill helps you **plan and create production-ready AKS clusters** using Azure and AKS MCP tools. It is a concise router to detailed guidance stored under `plugin/skills/azure-kubernetes/references/`.
	---
	## Quick Reference
	| Aspect | Summary | Details / References |
	|-------------------|-----------------------------------------------------------|----------------------|
	| MCP tools | Prefer Azure and AKS MCP tools over raw CLI commands. | See [MCP tools](#mcp-tools) and `./references/mcp-aks.md`. |
	| Cluster planning | Cover Day-0/Day-1 decisions, SKUs, and networking. | `./references/architecture-and-skus.md` |
	| Security | Identity, workload identity, Key Vault CSI, governance. | `./references/security-and-governance.md` |
	| Operations | Upgrades, autoscaling, observability, cost visibility. | `./references/operations-and-costs.md` |
	| Troubleshooting | Common MCP / AKS failures and recovery steps. | `./references/troubleshooting.md` |
	> ⚠️ **Warning:** Use this skill **only** for AKS cluster planning and configuration. For app deployment, diagnostics, or generic Azure setup, route to the appropriate skills listed in the description frontmatter.
	---
	## When to Use This Skill
	Activate this skill when the user wants to:
	- Create a new AKS cluster (dev, test, or production).
	- Plan AKS cluster configuration for production or business-critical workloads.
	- Design AKS networking (API server access, pod IP model, outbound/egress).
	- Set up AKS identity and secrets management (managed identity, workload identity, Key Vault CSI).
	- Configure AKS governance (Azure Policy, Deployment Safeguards, baseline guardrails).
	- Enable AKS observability (monitoring, Prometheus, Grafana, logging).
	- Define AKS upgrade, node image, and patching strategy.
	- Analyze AKS costs or choose between **AKS Automatic** and **AKS Standard** SKUs.
	Do **not** use this skill for:
	- Debugging AKS runtime issues → use `azure-diagnostics`.
	- Deploying or updating workloads on AKS → use `azure-deploy`.
	- Creating non-AKS Azure resources or generic landing zones → use `azure-prepare`.
	- Platform-wide monitoring or cost optimization → use `azure-observability` or `azure-cost-optimization`.
	---
	## MCP Tools
	When Azure MCP and AKS MCP are enabled, prefer these tools for AKS operations:
	| Tool | Scope / Purpose | Reference |
	|-------------------------------------|-------------------------------------------------------------|------------------------------------|
	| `mcp_azure_mcp_aks` | Subscription-scoped AKS cluster discovery and metadata. | `./references/mcp-aks.md` |
	| `mcp_aks_mcp_az_aks_operations` | Cluster operations (show, list, versions, nodepools). | `./references/mcp-aks.md` |
	| `mcp_aks_mcp_kubectl` | Cluster-level `kubectl` interactions when required. | `./references/mcp-kubectl.md` |
	> 💡 **Tip:** Use AKS MCP tools for **read/write** operations first. Fall back to `az aks` CLI only when an operation is not exposed via MCP, and record this in the reasoning.
	---
	## Workflow/Steps
	1. **Clarify requirements**
	- Capture environment (dev/test/prod), region, availability, scale, and compliance needs.
	- Identify network constraints (private clusters, IP strategy, egress model).
	- See `./references/requirements-and-questionnaire.md`.
	2. **Plan cluster architecture**
	- Choose between **AKS Automatic** and **AKS Standard** SKUs.
	- Decide on network model, API server access, and identity strategy.
	- See `./references/architecture-and-skus.md`.
	3. **Design security and governance**
	- Plan workload identity, Key Vault CSI, RBAC, and Azure Policy baselines.
	- See `./references/security-and-governance.md`.
	4. **Define operations and observability**
	- Configure monitoring, logging, upgrade strategy, autoscaling, and cost visibility.
	- See `./references/operations-and-costs.md`.
	5. **Summarize and validate**
	- Present a concise plan (decisions + rationale) before suggesting any CLI/MCP commands.
	---
	## Error Handling
	Use this table to route common issues to the right remediation steps:
	| Error / Symptom | Likely Cause / Next Step | Reference |
	|------------------------------------------------------|--------------------------------------------------------------|------------------------------------|
	| MCP tool call fails or times out | Check credentials, subscription, and AKS MCP configuration. | `./references/troubleshooting.md` |
	| Cluster creation blocked by policy or quota | Review Azure Policy, quotas, and regional SKU availability. | `./references/troubleshooting.md` |
	| Networking settings conflict (IP exhaustion, egress) | Revisit IP planning and egress design. | `./references/architecture-and-skus.md` |
	| Identity / secrets not working as expected | Validate workload identity and Key Vault CSI configuration. | `./references/security-and-governance.md` |
	For detailed step-by-step remediation flows and CLI examples, see `./references/troubleshooting.md`.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.

[Copilot]

The unit test expects sections ("## When to Use", "## Decision Framework", "## Step-by-Step Execution") that are not present in plugin/skills/azure-kubernetes/SKILL.md, so this test will fail. Update the SKILL.md headings to match what’s being asserted, or adjust the assertions to the actual/required section structure used by skills in this repo.

Suggested change

	expect(skill.content).toContain("## Triggers");
	expect(skill.content).toContain("## When to Use");
	expect(skill.content).toContain("## Decision Framework");
	expect(skill.content).toContain("## Step-by-Step Execution");
	expect(skill.content).toContain("## Quick Reference");
	expect(skill.content).toContain("## When to Use This Skill");
	expect(skill.content).toContain("## MCP Tools");
	expect(skill.content).toContain("## Workflow/Steps");
	expect(skill.content).toContain("## Error Handling");

[Copilot]

This SKILL.md doesn’t follow the repository’s Skill File Authoring Guidelines required section structure (Quick Reference, When to Use This Skill, MCP Tools, Workflow/Steps, Error Handling). Please restructure the document to include those sections/tables so it’s consistent with other plugin skills and easier to scan.

[Copilot]

SKILLS is a bash array here; SKILLS="${SKILLS# }" converts it into a scalar string (first element only), so npm run frontmatter -- "${SKILLS[@]}" will no longer validate all changed skills. Remove this line, or (if you intended to trim) operate on a separate scalar variable and keep SKILLS as an array.

Suggested change

SKILLS="${SKILLS# }"

[Copilot]

This integration test defines 12 separate prompts and runs each 5 times (60 agent runs total). That’s substantially higher than other skills’ integration suites and will increase CI time/cost. Consider reducing the number of prompts, lowering RUNS_PER_PROMPT, or using a smaller representative set plus trigger/unit tests for breadth.

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.

[Copilot]

This integration test repeats the same “run prompt N times + try/catch for copilot-sdk load + softCheckSkill” pattern in every test case. Other skill integration tests factor this into a helper (e.g., defineInvocationTest) to reduce duplication and keep changes consistent. Consider extracting a shared helper in this file for maintainability.

Suggested change

	describeIntegration(`${SKILL_NAME}_ - Integration Tests`, () => {
	const agent = useAgentRunner();
	describe("skill-invocation", () => {
	test("invokes azure-kubernetes skill for AKS cluster creation prompt", async () => {
	for (let i = 0; i < RUNS_PER_PROMPT; i++) {
	try {
	const agentMetadata = await agent.run({
	prompt: "Help me create a production-ready AKS cluster with best practices"
	});
	softCheckSkill(agentMetadata, SKILL_NAME);
	} catch (e: unknown) {
	if (e instanceof Error && e.message?.includes("Failed to load @github/copilot-sdk")) {
	console.log("⏭️ SDK not loadable, skipping test");
	return;
	}
	throw e;
	}
	}
	});
	test("invokes azure-kubernetes skill for AKS networking prompt", async () => {
	for (let i = 0; i < RUNS_PER_PROMPT; i++) {
	try {
	const agentMetadata = await agent.run({
	prompt: "What networking options should I choose for my AKS cluster?"
	});
	softCheckSkill(agentMetadata, SKILL_NAME);
	} catch (e: unknown) {
	if (e instanceof Error && e.message?.includes("Failed to load @github/copilot-sdk")) {
	console.log("⏭️ SDK not loadable, skipping test");
	return;
	}
	throw e;
	}
	}
	});
	test("invokes azure-kubernetes skill for AKS Automatic vs Standard", async () => {
	for (let i = 0; i < RUNS_PER_PROMPT; i++) {
	try {
	const agentMetadata = await agent.run({
	prompt: "Should I use AKS Automatic or AKS Standard for my production workloads?"
	});
	softCheckSkill(agentMetadata, SKILL_NAME);
	} catch (e: unknown) {
	if (e instanceof Error && e.message?.includes("Failed to load @github/copilot-sdk")) {
	console.log("⏭️ SDK not loadable, skipping test");
	return;
	}
	throw e;
	}
	}
	async function runSkillInvocationTest(
	agentRunner: ReturnType<typeof useAgentRunner>,
	prompt: string
	): Promise<void> {
	for (let i = 0; i < RUNS_PER_PROMPT; i++) {
	try {
	const agentMetadata = await agentRunner.run({
	prompt
	});
	softCheckSkill(agentMetadata, SKILL_NAME);
	} catch (e: unknown) {
	if (e instanceof Error && e.message?.includes("Failed to load @github/copilot-sdk")) {
	console.log("⏭️ SDK not loadable, skipping test");
	return;
	}
	throw e;
	}
	}
	}
	describeIntegration(`${SKILL_NAME}_ - Integration Tests`, () => {
	const agent = useAgentRunner();
	describe("skill-invocation", () => {
	test("invokes azure-kubernetes skill for AKS cluster creation prompt", async () => {
	await runSkillInvocationTest(
	agent,
	"Help me create a production-ready AKS cluster with best practices"
	);
	});
	test("invokes azure-kubernetes skill for AKS networking prompt", async () => {
	await runSkillInvocationTest(
	agent,
	"What networking options should I choose for my AKS cluster?"
	);
	});
	test("invokes azure-kubernetes skill for AKS Automatic vs Standard", async () => {
	await runSkillInvocationTest(
	agent,
	"Should I use AKS Automatic or AKS Standard for my production workloads?"
	);

[Copilot]

The skill description/WHEN list includes many generic words (e.g., “plan”, “create”, “best”, “practices”, “deploy”). In this repo’s trigger tests, TriggerMatcher adds every description word >3 chars as a keyword and triggers on >=2 matches, which increases the chance of false positives (e.g., unrelated prompts containing “create” + “deploy” + “container”). Consider tightening the description/WHEN phrases to be more AKS-specific so keyword extraction stays discriminative.

[Copilot]

Missing required MCP Tools section: the repo’s skill authoring guidelines require an explicit “MCP Tools” section with a table of commands/parameters (not just listing tool names in Quick Reference). See .github/instructions/skill-files.instructions.md (Required Sections #3).

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.

[Copilot]

The MCP tool name mcp_aks_mcp_az_aks_operations doesn’t match the mcp_azure_mcp_* naming used elsewhere in this repo, and it isn’t referenced anywhere else. If this is meant to be an Azure MCP tool, rename it to the correct tool identifier (or remove it) so the skill doesn’t instruct agents to call a non-existent tool.

Suggested change

	| MCP Tools | `mcp_azure_mcp_aks`, `mcp_aks_mcp_az_aks_operations` |
	| MCP Tools | `mcp_azure_mcp_aks`, `mcp_azure_mcp_az_aks_operations` |

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.

Comments suppressed due to low confidence (1)

.github/workflows/pr.yml:242

• This line trims a variable named SKILLS, but the script is building SKILL_FILES. As written it’s a no-op (and could become an error if the shell enables nounset). It looks like the intent was to trim the leading space from SKILL_FILES before passing it to npm run frontmatter.

            SKILL_FILES="$SKILL_FILES ../$file"
          done
          SKILLS="${SKILLS# }"
          
          # Run frontmatter spec validation
          if OUTPUT=$(npm run frontmatter -- $SKILL_FILES 2>&1); then
            echo "$OUTPUT"

[Copilot]

The MCP tool names in Quick Reference (mcp_azure_mcp_aks, mcp_aks_mcp_az_aks_operations) don’t match the MCP tool naming used elsewhere in this repo (e.g., aks is referenced as the dedicated AKS MCP tool in azure-resource-lookup). These identifiers also aren’t referenced anywhere else in the repo, so they’re likely incorrect. Please align this row with the actual tool name(s) used by the AKS MCP server (or remove the row if tool support isn’t available).