AgentSkillsCN

managing-infra

针对 Kubernetes、Terraform、Helm、Kustomize 以及 GitHub Actions 的基础设施模式。在制定 K8s 架构决策、权衡 Helm 与 Kustomize 的优劣、规划 Terraform 模块结构、编写 CI/CD 流水线,或落实安全最佳实践时,可参考相关指南。

SKILL.md
--- frontmatter
name: managing-infra
description: Infrastructure patterns for Kubernetes, Terraform, Helm, Kustomize, and GitHub Actions. Use when making K8s architectural decisions, choosing between Helm vs Kustomize, structuring Terraform modules, writing CI/CD workflows, or applying security best practices.
user-invocable: false
context: fork
agent: infra-engineer
allowed-tools:
  - Read
  - Bash
  - Grep
  - Glob
  - Bash(kubectl:*)

Infrastructure Patterns

When to Use What

ToolUse For
Raw K8s YAMLSimple deployments, one-off resources
KustomizeEnvironment variations, overlays without templating
HelmComplex apps, third-party charts, heavy templating
TerraformCloud resources, infrastructure lifecycle
GitHub ActionsCI/CD, automated testing, releases
MakefileBuild automation, self-documenting targets
DockerfileContainer builds, multi-stage, multi-arch

Quick Decisions

Kustomize when: Simple env differences, readable manifests, patching YAML Helm when: Complex templating, third-party charts, release management

K8s Security Defaults

Every workload: non-root user, read-only filesystem, no privilege escalation, dropped capabilities, network policies.

GitHub Actions Patterns

  • CI workflow: Lint, test, compile on PRs (run on both x86 + ARM)
  • Release workflow: Multi-arch Docker build on tags (native ARM runners)
  • Pin actions by SHA, least-privilege permissions

References

Commands

bash
kubectl apply -k ./              # Apply kustomize
helm upgrade --install NAME .    # Install/upgrade chart
terraform plan && terraform apply