nono/antigravity-claudekit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
antigravity-claudekit/skills/ck-devops/SKILL.md
nvtien 2d31c0a137 Initial commit: antigravity-claudekit
2026-02-16 14:02:42 +09:00

134 lines
4.0 KiB
Markdown
Raw Permalink Blame History

---
name: ck-devops
description: Deploy to Cloudflare Workers/R2/D1, Docker, GCP Cloud Run/GKE, Kubernetes with kubectl and Helm. Use for serverless deployment, container orchestration, CI/CD pipelines, GitOps, security audit, infrastructure management.
---
# ck-devops
Deploy and manage cloud infrastructure across Cloudflare, Docker, Google Cloud, and Kubernetes.
## When to Use
- Deploy serverless apps to Cloudflare Workers or Pages
- Containerize apps with Docker and Docker Compose
- Manage GCP with gcloud CLI (Cloud Run, GKE, Cloud SQL)
- Kubernetes cluster management (kubectl, Helm)
- GitOps workflows (Argo CD, Flux)
- CI/CD pipelines and multi-region deployments
- Security audits, RBAC, network policies
## Don't Use When
- Application-level code — use `ck-backend-development` or `ck-frontend-development`
- Database schema work — use `ck-databases`
- Simple script automation with no infrastructure components
## Platform Selection
| Need | Choose |
|------|--------|
| Sub-50ms latency globally | Cloudflare Workers |
| Large file storage (zero egress fees) | Cloudflare R2 |
| SQL database (global reads) | Cloudflare D1 |
| Containerized workloads | Docker + Cloud Run/GKE |
| Enterprise Kubernetes | GKE |
| Managed relational DB | Cloud SQL |
| Static site + API | Cloudflare Pages |
| Package management for K8s | Helm |
## Quick Start Commands
```bash
# Cloudflare Worker
wrangler init my-worker && wrangler deploy
# Docker
docker build -t myapp . && docker run -p 3000:3000 myapp
# GCP Cloud Run
gcloud run deploy my-service --image gcr.io/project/image --region us-central1
# Kubernetes
kubectl apply -f manifests/ && kubectl get pods
```
## Cloudflare Platform
- **Workers**: Edge compute, sub-50ms globally, V8 isolates
- **R2**: Object storage with S3-compatible API, zero egress costs
- **D1**: Serverless SQLite at the edge
- **KV**: Global key-value store
- **Pages**: Static site hosting + Functions
- **Browser Rendering**: Puppeteer automation at the edge
## Docker Best Practices
- Multi-stage builds to minimize image size
- Non-root user in containers
- `.dockerignore` to exclude dev dependencies
- Health checks in Dockerfile
- Pin base image versions for reproducibility
- Scan images for vulnerabilities before pushing
## Kubernetes
**Core concepts:** Deployments, Services, ConfigMaps, Secrets, Ingress, PersistentVolumes
**Essential kubectl workflow:**
```bash
kubectl get pods -n namespace
kubectl logs pod-name -f
kubectl describe pod pod-name
kubectl exec -it pod-name -- sh
kubectl apply -f manifest.yaml
kubectl rollout status deployment/my-app
```
**Helm:**
```bash
helm install my-release ./chart
helm upgrade my-release ./chart --set image.tag=v2
helm rollback my-release 1
```
## Security Best Practices
- Non-root containers (never run as root)
- RBAC: least-privilege service accounts
- Secrets in environment variables or secret managers — never in images or config maps
- Image scanning in CI pipeline
- Network policies to restrict pod-to-pod communication
- TLS everywhere, rotate certificates
## CI/CD Patterns
- **Blue-green**: Two identical environments, instant switch
- **Canary**: Gradual traffic shift (5% → 25% → 100%)
- **Feature flags**: Decouple deploy from release
- **GitOps**: Argo CD or Flux for declarative infra
## Python Utility Scripts
```bash
# Automate Cloudflare Worker deployments
python scripts/cloudflare-deploy.py --env production
# Analyze and optimize Dockerfiles
python scripts/docker-optimize.py --path ./Dockerfile
```
## Best Practices Summary
- **Security**: Non-root containers, RBAC, secrets in env vars, image scanning
- **Performance**: Multi-stage builds, edge caching, resource limits
- **Cost**: R2 for large egress, caching, right-size resources
- **Development**: Docker Compose for local dev, wrangler dev, version-control all IaC
## Resources
- Cloudflare: https://developers.cloudflare.com
- Docker: https://docs.docker.com
- GCP: https://cloud.google.com/docs
- Kubernetes: https://kubernetes.io/docs
- Helm: https://helm.sh/docs
Reference in New Issue View Git Blame Copy Permalink