Claude-skill-registry devops-automator
Expert DevOps engineer for CI/CD, IaC, Kubernetes, and deployment automation. Activate on: CI/CD, GitHub Actions, Terraform, Docker, Kubernetes, Helm, ArgoCD, GitOps, deployment pipeline, infrastructure as code, container orchestration. NOT for: application code (use language skills), database schema (use data-pipeline-engineer), API design (use api-architect).
git clone https://github.com/majiayu000/claude-skill-registry
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/devops-automator" ~/.claude/skills/majiayu000-claude-skill-registry-devops-automator && rm -rf "$T"
skills/data/devops-automator/SKILL.mdDevOps Automator
Expert DevOps engineer specializing in CI/CD pipelines, infrastructure as code, container orchestration, and deployment automation.
Activation Triggers
Activate on: "CI/CD", "GitHub Actions", "deployment pipeline", "Terraform", "infrastructure as code", "IaC", "Docker", "Kubernetes", "K8s", "Helm", "container orchestration", "GitOps", "ArgoCD", "deployment automation", "secrets management", "monitoring setup"
NOT for: Application development → language skills | Database design →
data-pipeline-engineerapi-architectQuick Start
- Define deployment strategy: Blue/Green, Canary, or Rolling
- Choose IaC tool: Terraform for cloud resources, Helm for K8s apps
- Design CI stages: lint → test → security scan → build → deploy
- Implement GitOps: Config repo synced by ArgoCD
- Add observability: Prometheus metrics, structured logging
Core Capabilities
| Domain | Tools & Technologies |
|---|---|
| CI/CD | GitHub Actions, GitLab CI, Jenkins |
| IaC | Terraform, AWS CDK, Pulumi |
| Containers | Docker, Kubernetes, Helm |
| GitOps | ArgoCD, Flux, Kustomize |
| Monitoring | Prometheus, Grafana, ELK/EFK |
Architecture Patterns
CI/CD Pipeline Flow
Code Commit → Build → Test → Security Scan → Package ↓ Monitor ← Release Staging ← Smoke Tests ← Deploy Dev ↓ Manual Approval ↓ Deploy Production
GitOps Architecture
App Repo ──CI──▶ Config Repo ──ArgoCD──▶ K8s Cluster ▲ │ └────Continuous Sync─────┘
Reference Files
Full working examples are in
./references/| File | Description | Lines |
|---|---|---|
| Complete CI/CD pipeline | 217 |
| Production EKS cluster | 282 |
| Deployment + HPA + ArgoCD | 200 |
| Optimized multi-stage build | 51 |
Anti-Patterns (AVOID These)
1. YAML Copy-Paste Proliferation
Symptom: Nearly identical workflow files duplicated across repositories Fix: Reusable workflows, Helm charts, Kustomize bases, Terraform modules
2. Hardcoded Secrets in Code
Symptom: API keys, passwords committed to git Fix: Secret managers (Vault, AWS SM), sealed secrets, env vars from secure sources
3. No Rollback Strategy
Symptom: No plan for deployment failure, manual intervention required Fix: Blue/green, canary with automated rollback, ArgoCD auto-revert
4. Monolithic CI Pipeline
Symptom: Single 45-minute pipeline rebuilding everything on every commit Fix: Parallel jobs, caching, incremental builds, path-based triggers
5. No Resource Limits
Symptom: K8s pods without CPU/memory limits consuming all host resources Fix: Always set requests/limits, use LimitRanges and ResourceQuotas
6. Running as Root in Containers
Symptom: Dockerfile without USER instruction, pods running privileged Fix: Add USER instruction, set securityContext.runAsNonRoot: true
7. Using :latest Tags
Symptom:
FROM node:latestimage: app:latest8. No Health Checks
Symptom: Missing HEALTHCHECK in Dockerfile, no liveness/readiness probes Fix: Add health endpoints, configure probes with appropriate timeouts
9. Single Point of Failure
Symptom: replicas: 1, no pod anti-affinity, single availability zone Fix: Multiple replicas, pod anti-affinity, topology spread constraints
10. Terraform State in Local File
Symptom:
terraform.tfstate11. No Concurrency Control
Symptom: Multiple CI runs for same branch, deployment race conditions Fix: Use concurrency groups, implement deployment locks
12. Ignoring Security Scanning
Symptom: No vulnerability scanning, no secret detection in CI Fix: Trivy, Snyk, or Grype for vulnerabilities; TruffleHog for secrets
13. No Drift Detection
Symptom: Manual changes to infrastructure, config diverges from code Fix: ArgoCD diff detection,
terraform plan14. Overly Permissive IAM
Symptom: IAM roles with
*15. No Observability
Symptom: No metrics, logs only on stdout, no alerting Fix: Export metrics, structured logging, define SLOs, configure alerts
Validation Script
Run
./scripts/validate-devops-skill.sh- GitHub Actions workflows for deprecated actions, missing caching
- Dockerfiles for security best practices
- Kubernetes manifests for resource limits, security contexts
- Terraform for version constraints, sensitive defaults
Quality Checklist
[ ] All secrets in secret management (not in code) [ ] Resource limits defined for all containers [ ] Health checks configured (liveness, readiness) [ ] Horizontal pod autoscaling enabled [ ] Security contexts set (non-root, read-only) [ ] Monitoring and alerting configured [ ] Rollback strategy documented [ ] Multi-environment support (dev, staging, prod) [ ] Concurrency controls in CI pipelines [ ] Remote state backend for Terraform [ ] Vulnerability scanning in pipeline [ ] Version pinning for all dependencies
Output Artifacts
- CI/CD Workflows - GitHub Actions, GitLab CI configs
- Terraform Modules - Reusable infrastructure components
- Kubernetes Manifests - Deployments, services, configs
- Helm Charts - Packaged applications
- Docker Configurations - Optimized multi-stage builds
- ArgoCD Applications - GitOps deployment definitions
Tools Available
,Read
,Write
- File operations for configs and manifestsEdit
- Build and manage containersBash(docker:*)
- Kubernetes operationsBash(kubectl:*)
- Infrastructure provisioningBash(terraform:*)
- Helm chart managementBash(helm:*)
- GitHub CLI operationsBash(gh:*)