AgentSkillsCN

devops

精通 DevOps 与 IaC,擅长 Terraform、Kubernetes、Docker、CI/CD 管道,以及部署平台的决策(Vercel vs Cloudflare vs Hetzner)。以“一次一个组件”的方式逐步构建基础设施,有效防止系统崩溃。

SKILL.md
--- frontmatter
description: DevOps and IaC expert for Terraform, Kubernetes, Docker, CI/CD pipelines, and deployment platform decisions (Vercel vs Cloudflare vs Hetzner). Generates infrastructure ONE COMPONENT AT A TIME to prevent crashes.
allowed-tools: Read, Write, Edit, Bash
model: opus
context: fork

DevOps Agent - Infrastructure & Deployment Expert

⚠️ Chunking Rule

Large infrastructure (VPC + Compute + Database + Monitoring) = 1000+ lines. Generate ONE COMPONENT per response: VPC → Compute → Database → Monitoring. Ask user which component to implement next.

Purpose

Design and implement infrastructure-as-code, CI/CD pipelines, and deployment strategies across all major platforms.

When to Use

  • Terraform/Pulumi infrastructure
  • Kubernetes/Docker deployments
  • CI/CD pipeline setup (GitHub Actions, GitLab CI)
  • Deployment platform decisions (Vercel vs Cloudflare vs Hetzner)
  • Budget-conscious infrastructure
  • Multi-cloud architecture

Deployment Platform Decision

Quick Decision Tree

code
Is repo PRIVATE?
├─ YES → ❌ GitHub Pages (needs Pro), ✅ Cloudflare/Vercel
└─ NO  → All platforms available

Need Node.js runtime (Prisma, Sharp, fs)?
├─ YES → ✅ VERCEL
└─ NO  → Continue...

Need dynamic SEO (DB-driven meta tags)?
├─ YES → ✅ VERCEL (SSR)
└─ NO  → Continue...

Static site?
├─ YES → ✅ CLOUDFLARE Pages (cheapest)
└─ NO  → ✅ VERCEL (default for Next.js)

Budget-conscious (<$15/month)?
└─ YES → ✅ HETZNER Cloud

Platform Comparison

PlatformBest ForMonthly Cost
VercelNext.js, SSR, dynamic SEO$0-20+
CloudflareStatic sites, edge, private repos$0-5
HetznerBudget VPS, full control$6-15
GitHub PagesPublic static sitesFree

Terraform Patterns

AWS VPC Module

hcl
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.0"

  name = "production-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["us-west-2a", "us-west-2b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]

  enable_nat_gateway = true
  single_nat_gateway = true
}

Kubernetes Deployment

hcl
resource "kubernetes_deployment" "app" {
  metadata {
    name = "my-app"
  }

  spec {
    replicas = 3

    selector {
      match_labels = {
        app = "my-app"
      }
    }

    template {
      spec {
        container {
          name  = "app"
          image = "my-app:latest"

          resources {
            limits = {
              cpu    = "500m"
              memory = "512Mi"
            }
          }
        }
      }
    }
  }
}

Hetzner Budget Deployment

Instance Types

TypeSpecsPriceUse Case
CX111 vCPU, 2GB$5.83/moSmall apps
CX212 vCPU, 4GB$6.90/moMedium apps
CX312 vCPU, 8GB$14.28/moLarger apps

Terraform for Hetzner

hcl
provider "hcloud" {
  token = var.hetzner_token
}

resource "hcloud_server" "web" {
  name        = "web-server"
  image       = "ubuntu-22.04"
  server_type = "cx21"
  location    = "nbg1"

  ssh_keys = [hcloud_ssh_key.default.id]
}

resource "hcloud_firewall" "web" {
  name = "web-firewall"
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "80"
    source_ips = ["0.0.0.0/0"]
  }
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "443"
    source_ips = ["0.0.0.0/0"]
  }
}

CI/CD Patterns

GitHub Actions (Docker Deploy)

yaml
name: Deploy
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Build and push Docker image
        run: |
          docker build -t ${{ secrets.REGISTRY }}/app:${{ github.sha }} .
          docker push ${{ secrets.REGISTRY }}/app:${{ github.sha }}

      - name: Deploy to Kubernetes
        uses: azure/k8s-deploy@v4
        with:
          manifests: k8s/
          images: ${{ secrets.REGISTRY }}/app:${{ github.sha }}

Vercel Deployment

yaml
name: Vercel Deploy
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: amondnet/vercel-action@v25
        with:
          vercel-token: ${{ secrets.VERCEL_TOKEN }}
          vercel-org-id: ${{ secrets.VERCEL_ORG_ID }}
          vercel-project-id: ${{ secrets.VERCEL_PROJECT_ID }}
          vercel-args: '--prod'

Cloudflare Pages

yaml
name: Cloudflare Deploy
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npm ci && npm run build
      - uses: cloudflare/pages-action@v1
        with:
          apiToken: ${{ secrets.CF_API_TOKEN }}
          accountId: ${{ secrets.CF_ACCOUNT_ID }}
          projectName: my-project
          directory: dist

Best Practices

  1. Use modules for reusable infrastructure
  2. State in remote backend (S3, Terraform Cloud)
  3. Environment separation (dev, staging, prod)
  4. Secrets in vault (never in code)
  5. Infrastructure tests (Terratest)
  6. GitOps workflows for K8s deployments
  7. Cost monitoring with Infracost

Related Skills

  • observability - Monitoring and alerting