Files

nvtien 2d31c0a137 Initial commit: antigravity-claudekit

2026-02-16 14:02:42 +09:00

4.0 KiB

Raw Blame History

name, description

name	description
ck-devops	Deploy to Cloudflare Workers/R2/D1, Docker, GCP Cloud Run/GKE, Kubernetes with kubectl and Helm. Use for serverless deployment, container orchestration, CI/CD pipelines, GitOps, security audit, infrastructure management.

ck-devops

Deploy and manage cloud infrastructure across Cloudflare, Docker, Google Cloud, and Kubernetes.

When to Use

Deploy serverless apps to Cloudflare Workers or Pages
Containerize apps with Docker and Docker Compose
Manage GCP with gcloud CLI (Cloud Run, GKE, Cloud SQL)
Kubernetes cluster management (kubectl, Helm)
GitOps workflows (Argo CD, Flux)
CI/CD pipelines and multi-region deployments
Security audits, RBAC, network policies

Don't Use When

Application-level code — use ck-backend-development or ck-frontend-development
Database schema work — use ck-databases
Simple script automation with no infrastructure components

Platform Selection

Need	Choose
Sub-50ms latency globally	Cloudflare Workers
Large file storage (zero egress fees)	Cloudflare R2
SQL database (global reads)	Cloudflare D1
Containerized workloads	Docker + Cloud Run/GKE
Enterprise Kubernetes	GKE
Managed relational DB	Cloud SQL
Static site + API	Cloudflare Pages
Package management for K8s	Helm

Quick Start Commands

# Cloudflare Worker
wrangler init my-worker && wrangler deploy

# Docker
docker build -t myapp . && docker run -p 3000:3000 myapp

# GCP Cloud Run
gcloud run deploy my-service --image gcr.io/project/image --region us-central1

# Kubernetes
kubectl apply -f manifests/ && kubectl get pods

Cloudflare Platform

Workers: Edge compute, sub-50ms globally, V8 isolates
R2: Object storage with S3-compatible API, zero egress costs
D1: Serverless SQLite at the edge
KV: Global key-value store
Pages: Static site hosting + Functions
Browser Rendering: Puppeteer automation at the edge

Docker Best Practices

Multi-stage builds to minimize image size
Non-root user in containers
.dockerignore to exclude dev dependencies
Health checks in Dockerfile
Pin base image versions for reproducibility
Scan images for vulnerabilities before pushing

Kubernetes

Core concepts: Deployments, Services, ConfigMaps, Secrets, Ingress, PersistentVolumes

Essential kubectl workflow:

kubectl get pods -n namespace
kubectl logs pod-name -f
kubectl describe pod pod-name
kubectl exec -it pod-name -- sh
kubectl apply -f manifest.yaml
kubectl rollout status deployment/my-app

Helm:

helm install my-release ./chart
helm upgrade my-release ./chart --set image.tag=v2
helm rollback my-release 1

Security Best Practices

Non-root containers (never run as root)
RBAC: least-privilege service accounts
Secrets in environment variables or secret managers — never in images or config maps
Image scanning in CI pipeline
Network policies to restrict pod-to-pod communication
TLS everywhere, rotate certificates

CI/CD Patterns

Blue-green: Two identical environments, instant switch
Canary: Gradual traffic shift (5% → 25% → 100%)
Feature flags: Decouple deploy from release
GitOps: Argo CD or Flux for declarative infra

Python Utility Scripts

# Automate Cloudflare Worker deployments
python scripts/cloudflare-deploy.py --env production

# Analyze and optimize Dockerfiles
python scripts/docker-optimize.py --path ./Dockerfile

Best Practices Summary

Security: Non-root containers, RBAC, secrets in env vars, image scanning
Performance: Multi-stage builds, edge caching, resource limits
Cost: R2 for large egress, caching, right-size resources
Development: Docker Compose for local dev, wrangler dev, version-control all IaC

Resources

Cloudflare: https://developers.cloudflare.com
Docker: https://docs.docker.com
GCP: https://cloud.google.com/docs
Kubernetes: https://kubernetes.io/docs
Helm: https://helm.sh/docs

4.0 KiB Raw Blame History