231 lines
8.9 KiB
Markdown
231 lines
8.9 KiB
Markdown
# DevOps IaC Engineer Skill for Claude
|
|
|
|
A comprehensive Claude skill designed to help DevOps teams implement infrastructure as code, manage cloud platforms, deploy containerized applications, and maintain reliable production systems.
|
|
|
|
## Overview
|
|
|
|
This skill provides frameworks, templates, and best practices for:
|
|
- **Terraform & IaC** - Infrastructure as Code implementation patterns
|
|
- **Kubernetes & Containers** - Container orchestration and deployment
|
|
- **Cloud Platforms** - AWS, Azure, GCP architecture and services
|
|
- **CI/CD Pipelines** - GitOps, automated testing, and deployment
|
|
- **Observability** - Monitoring, logging, and tracing strategies
|
|
- **Security** - DevSecOps practices and compliance automation
|
|
- **Ready-to-Use Templates** - Production-ready configurations
|
|
|
|
## File Structure
|
|
|
|
```
|
|
DevOps IaC Engineer/
|
|
├── SKILL.md # Main skill file with overview & core workflows
|
|
├── reference/
|
|
│ ├── terraform.md # Terraform best practices and patterns
|
|
│ ├── kubernetes.md # Kubernetes and container orchestration
|
|
│ ├── cloud_platforms.md # AWS, Azure, GCP guidance
|
|
│ ├── cicd.md # CI/CD pipelines and GitOps
|
|
│ ├── observability.md # Monitoring, logging, and tracing
|
|
│ ├── security.md # DevSecOps and compliance
|
|
│ └── templates.md # Ready-to-use templates
|
|
├── scripts/
|
|
│ └── devops_utils.py # Utility scripts for common DevOps tasks
|
|
├── examples/
|
|
│ ├── terraform/ # Example Terraform configurations
|
|
│ ├── kubernetes/ # Example Kubernetes manifests
|
|
│ └── pipelines/ # Example CI/CD pipelines
|
|
└── README.md # This file
|
|
```
|
|
|
|
## Quick Start
|
|
|
|
### 1. For Infrastructure as Code
|
|
Start with [SKILL.md](SKILL.md) → [reference/terraform.md](reference/terraform.md)
|
|
- Use Terraform module templates for reusable infrastructure
|
|
- Implement remote state management with S3 + DynamoDB
|
|
- Follow security best practices for secrets and credentials
|
|
- Apply cost optimization patterns
|
|
|
|
### 2. For Kubernetes Deployments
|
|
[reference/kubernetes.md](reference/kubernetes.md) → [reference/templates.md](reference/templates.md)
|
|
- Deploy production-ready workloads with health checks
|
|
- Implement autoscaling (HPA/VPA)
|
|
- Configure RBAC and network policies
|
|
- Use Helm charts for application packaging
|
|
|
|
### 3. For Cloud Architecture
|
|
[reference/cloud_platforms.md](reference/cloud_platforms.md)
|
|
- Design multi-tier architectures on AWS/Azure/GCP
|
|
- Implement high availability and disaster recovery
|
|
- Optimize costs with right-sizing and spot instances
|
|
- Follow Well-Architected Framework principles
|
|
|
|
### 4. For CI/CD Pipelines
|
|
[reference/cicd.md](reference/cicd.md)
|
|
- Implement GitOps workflows with ArgoCD or Flux
|
|
- Create automated testing pipelines
|
|
- Configure deployment strategies (blue/green, canary)
|
|
- Set up infrastructure validation and security scanning
|
|
|
|
### 5. For Observability
|
|
[reference/observability.md](reference/observability.md)
|
|
- Define SLIs, SLOs, and SLAs
|
|
- Implement structured logging with correlation IDs
|
|
- Set up distributed tracing
|
|
- Create actionable alerts and runbooks
|
|
|
|
### 6. For Security
|
|
[reference/security.md](reference/security.md)
|
|
- Implement least privilege access
|
|
- Automate security scanning and compliance checks
|
|
- Manage secrets with cloud-native solutions
|
|
- Apply zero-trust networking principles
|
|
|
|
## Using the Utility Scripts
|
|
|
|
### Generate Terraform Boilerplate
|
|
```bash
|
|
python scripts/devops_utils.py terraform init-project \
|
|
--name myproject \
|
|
--cloud aws \
|
|
--region us-east-1
|
|
```
|
|
|
|
### Validate Kubernetes Manifests
|
|
```bash
|
|
python scripts/devops_utils.py k8s validate \
|
|
--file deployment.yaml \
|
|
--schema-version 1.28
|
|
```
|
|
|
|
### Generate GitOps Structure
|
|
```bash
|
|
python scripts/devops_utils.py gitops init \
|
|
--tool argocd \
|
|
--environments dev,staging,prod
|
|
```
|
|
|
|
## Key Concepts
|
|
|
|
### Infrastructure as Code Principles
|
|
All infrastructure should be:
|
|
- **Version Controlled**: Track all changes in Git
|
|
- **Declarative**: Define desired state, not imperative steps
|
|
- **Idempotent**: Multiple runs produce same result
|
|
- **Modular**: Reusable components with clear interfaces
|
|
- **Tested**: Automated validation and security scanning
|
|
- **Documented**: Clear README and inline comments
|
|
|
|
### DevOps Best Practices
|
|
This skill follows the DevOps best practices:
|
|
|
|
✓ **Security First** - Never hardcode credentials, use least privilege
|
|
✓ **Immutable Infrastructure** - Replace rather than modify
|
|
✓ **GitOps Workflows** - Git as single source of truth
|
|
✓ **Observability Built-In** - Logs, metrics, and traces from day one
|
|
✓ **Cost Optimization** - Right-size resources, use spot instances
|
|
✓ **Disaster Recovery** - Automated backups and tested failover
|
|
✓ **CI/CD Automation** - Automated testing and deployment
|
|
✓ **Policy as Code** - Automated compliance and governance
|
|
|
|
## Customization Guide
|
|
|
|
### For Your Organization
|
|
|
|
Before using this skill, customize:
|
|
|
|
1. **Cloud Provider Standards** ([reference/cloud_platforms.md](reference/cloud_platforms.md))
|
|
- Update with your organization's cloud accounts
|
|
- Add your naming conventions and tagging standards
|
|
- Include your cost allocation and budgeting approach
|
|
|
|
2. **Security Requirements** ([reference/security.md](reference/security.md))
|
|
- Define your compliance requirements (HIPAA, PCI-DSS, SOC2)
|
|
- Specify your secrets management solution
|
|
- Add your organization's security policies
|
|
|
|
3. **Naming Conventions** (Throughout all files)
|
|
- Replace generic names with your naming standards
|
|
- Use consistent environment names (dev, staging, prod)
|
|
- Include your resource tagging strategy
|
|
|
|
4. **Observability Tools** ([reference/observability.md](reference/observability.md))
|
|
- Specify your monitoring stack (Prometheus, Datadog, New Relic)
|
|
- Define your logging solution (ELK, Splunk, CloudWatch)
|
|
- Add your alerting and on-call system
|
|
|
|
## Common DevOps Workflows
|
|
|
|
### Workflow: Deploy New Application
|
|
1. Design architecture using [reference/cloud_platforms.md](reference/cloud_platforms.md)
|
|
2. Create infrastructure with [reference/terraform.md](reference/terraform.md)
|
|
3. Containerize application and deploy with [reference/kubernetes.md](reference/kubernetes.md)
|
|
4. Set up CI/CD pipeline using [reference/cicd.md](reference/cicd.md)
|
|
5. Implement monitoring with [reference/observability.md](reference/observability.md)
|
|
6. Apply security controls from [reference/security.md](reference/security.md)
|
|
|
|
### Workflow: Cloud Migration
|
|
1. Assess current architecture and dependencies
|
|
2. Design target cloud architecture
|
|
3. Create infrastructure as code modules
|
|
4. Implement migration pipeline with testing
|
|
5. Execute phased migration
|
|
6. Validate and optimize
|
|
|
|
### Workflow: Implement GitOps
|
|
1. Set up Git repository structure
|
|
2. Install ArgoCD or Flux in cluster
|
|
3. Create application manifests and Helm charts
|
|
4. Configure automated sync policies
|
|
5. Implement progressive delivery
|
|
6. Set up monitoring and alerts
|
|
|
|
## Troubleshooting
|
|
|
|
**Issue**: Terraform state conflicts
|
|
**Solution**: Use remote state with locking (S3 + DynamoDB), implement state file backups, check for concurrent runs
|
|
|
|
**Issue**: Kubernetes pods failing health checks
|
|
**Solution**: Review pod logs, check resource limits, verify network policies, validate environment variables
|
|
|
|
**Issue**: High cloud costs
|
|
**Solution**: Implement tagging strategy, use cost allocation tags, right-size resources, use spot instances, enable auto-scaling
|
|
|
|
**Issue**: Secrets exposed in Git
|
|
**Solution**: Use git-secrets or trufflehog to scan, rotate exposed secrets immediately, implement SOPS or Sealed Secrets
|
|
|
|
## Support & Questions
|
|
|
|
Each reference file includes:
|
|
- Best practices and proven patterns
|
|
- Common mistakes to avoid
|
|
- Production-ready examples
|
|
- Implementation guidance
|
|
|
|
For questions about specific topics:
|
|
- **Terraform & IaC**: See [reference/terraform.md](reference/terraform.md)
|
|
- **Kubernetes**: See [reference/kubernetes.md](reference/kubernetes.md)
|
|
- **Cloud platforms**: See [reference/cloud_platforms.md](reference/cloud_platforms.md)
|
|
- **CI/CD**: See [reference/cicd.md](reference/cicd.md)
|
|
- **Observability**: See [reference/observability.md](reference/observability.md)
|
|
- **Security**: See [reference/security.md](reference/security.md)
|
|
|
|
## Version History
|
|
|
|
- **v1.0** - Initial release with core DevOps functions
|
|
- Terraform best practices and module patterns
|
|
- Kubernetes production-ready configurations
|
|
- Cloud platform guidance (AWS, Azure, GCP)
|
|
- CI/CD pipeline templates
|
|
- Observability frameworks
|
|
- DevSecOps practices
|
|
- Utility scripts for common tasks
|
|
|
|
## License & Usage
|
|
|
|
This skill is designed for use with Claude AI. Adapt and customize for your organization's specific needs.
|
|
|
|
---
|
|
|
|
**Last Updated**: October 2025
|
|
**Skill Version**: 1.0
|
|
**For Claude Models**: Claude Opus 4.1, Claude Sonnet 4.5, Claude Haiku 4.5
|