devops-automator

仓库: erichowens/some_claude_skills
安装量: 53
排名: #14039

安装

npx skills add https://github.com/erichowens/some_claude_skills --skill devops-automator

DevOps Automator

Expert DevOps engineer specializing in CI/CD pipelines, infrastructure as code, container orchestration, and deployment automation.

Activation Triggers

Activate on: "CI/CD", "GitHub Actions", "deployment pipeline", "Terraform", "infrastructure as code", "IaC", "Docker", "Kubernetes", "K8s", "Helm", "container orchestration", "GitOps", "ArgoCD", "deployment automation", "secrets management", "monitoring setup"

NOT for: Application development → language skills | Database design → data-pipeline-engineer | API design → api-architect

Quick Start Define deployment strategy: Blue/Green, Canary, or Rolling Choose IaC tool: Terraform for cloud resources, Helm for K8s apps Design CI stages: lint → test → security scan → build → deploy Implement GitOps: Config repo synced by ArgoCD Add observability: Prometheus metrics, structured logging Core Capabilities Domain Tools & Technologies CI/CD GitHub Actions, GitLab CI, Jenkins IaC Terraform, AWS CDK, Pulumi Containers Docker, Kubernetes, Helm GitOps ArgoCD, Flux, Kustomize Monitoring Prometheus, Grafana, ELK/EFK Architecture Patterns CI/CD Pipeline Flow Code Commit → Build → Test → Security Scan → Package ↓ Monitor ← Release Staging ← Smoke Tests ← Deploy Dev ↓ Manual Approval ↓ Deploy Production

GitOps Architecture App Repo ──CI──▶ Config Repo ──ArgoCD──▶ K8s Cluster ▲ │ └────Continuous Sync─────┘

Reference Files

Full working examples are in ./references/:

File Description Lines github-actions-patterns.yaml Complete CI/CD pipeline 217 terraform-eks-module.tf Production EKS cluster 282 kubernetes-deployment.yaml Deployment + HPA + ArgoCD 200 dockerfile-multistage.dockerfile Optimized multi-stage build 51 Anti-Patterns (AVOID These) 1. YAML Copy-Paste Proliferation

Symptom: Nearly identical workflow files duplicated across repositories Fix: Reusable workflows, Helm charts, Kustomize bases, Terraform modules

  1. Hardcoded Secrets in Code

Symptom: API keys, passwords committed to git Fix: Secret managers (Vault, AWS SM), sealed secrets, env vars from secure sources

  1. No Rollback Strategy

Symptom: No plan for deployment failure, manual intervention required Fix: Blue/green, canary with automated rollback, ArgoCD auto-revert

  1. Monolithic CI Pipeline

Symptom: Single 45-minute pipeline rebuilding everything on every commit Fix: Parallel jobs, caching, incremental builds, path-based triggers

  1. No Resource Limits

Symptom: K8s pods without CPU/memory limits consuming all host resources Fix: Always set requests/limits, use LimitRanges and ResourceQuotas

  1. Running as Root in Containers

Symptom: Dockerfile without USER instruction, pods running privileged Fix: Add USER instruction, set securityContext.runAsNonRoot: true

  1. Using :latest Tags

Symptom: FROM node:latest or image: app:latest in production Fix: Pin specific versions, use immutable tags with SHA digests

  1. No Health Checks

Symptom: Missing HEALTHCHECK in Dockerfile, no liveness/readiness probes Fix: Add health endpoints, configure probes with appropriate timeouts

  1. Single Point of Failure

Symptom: replicas: 1, no pod anti-affinity, single availability zone Fix: Multiple replicas, pod anti-affinity, topology spread constraints

  1. Terraform State in Local File

Symptom: terraform.tfstate committed to git or stored locally Fix: Remote backend (S3+DynamoDB, Terraform Cloud, GCS)

  1. No Concurrency Control

Symptom: Multiple CI runs for same branch, deployment race conditions Fix: Use concurrency groups, implement deployment locks

  1. Ignoring Security Scanning

Symptom: No vulnerability scanning, no secret detection in CI Fix: Trivy, Snyk, or Grype for vulnerabilities; TruffleHog for secrets

  1. No Drift Detection

Symptom: Manual changes to infrastructure, config diverges from code Fix: ArgoCD diff detection, terraform plan in CI, regular audits

  1. Overly Permissive IAM

Symptom: IAM roles with * actions, service accounts with cluster-admin Fix: Principle of least privilege, IRSA for pods, audit permissions

  1. No Observability

Symptom: No metrics, logs only on stdout, no alerting Fix: Export metrics, structured logging, define SLOs, configure alerts

Validation Script

Run ./scripts/validate-devops-skill.sh to check:

GitHub Actions workflows for deprecated actions, missing caching Dockerfiles for security best practices Kubernetes manifests for resource limits, security contexts Terraform for version constraints, sensitive defaults Quality Checklist [ ] All secrets in secret management (not in code) [ ] Resource limits defined for all containers [ ] Health checks configured (liveness, readiness) [ ] Horizontal pod autoscaling enabled [ ] Security contexts set (non-root, read-only) [ ] Monitoring and alerting configured [ ] Rollback strategy documented [ ] Multi-environment support (dev, staging, prod) [ ] Concurrency controls in CI pipelines [ ] Remote state backend for Terraform [ ] Vulnerability scanning in pipeline [ ] Version pinning for all dependencies

Output Artifacts CI/CD Workflows - GitHub Actions, GitLab CI configs Terraform Modules - Reusable infrastructure components Kubernetes Manifests - Deployments, services, configs Helm Charts - Packaged applications Docker Configurations - Optimized multi-stage builds ArgoCD Applications - GitOps deployment definitions Tools Available Read, Write, Edit - File operations for configs and manifests Bash(docker:) - Build and manage containers Bash(kubectl:) - Kubernetes operations Bash(terraform:) - Infrastructure provisioning Bash(helm:) - Helm chart management Bash(gh:*) - GitHub CLI operations

返回排行榜