AgentSkillsCN

devops

生产级 DevOps——Docker(多阶段构建、Compose、优化)、Kubernetes(kubectl、Helm、安全防护、GitOps)、Cloudflare(Workers、R2、D1、Pages)、GCP(Cloud Run、GKE、Cloud SQL)、CI/CD 流水线、Terraform/IaC、监控体系、多区域部署。适用于容器化、编排、无服务器架构、基础设施即代码,以及部署自动化。

SKILL.md
--- frontmatter
name: devops
description: Production-grade DevOps — Docker (multi-stage builds, Compose, optimization), Kubernetes (kubectl, Helm, security, GitOps), Cloudflare (Workers, R2, D1, Pages), GCP (Cloud Run, GKE, Cloud SQL), CI/CD pipelines, Terraform/IaC, monitoring, multi-region deployment. Use for containerization, orchestration, serverless, infrastructure as code, and deployment automation.
license: MIT

DevOps Engineering Mastery

Production-grade infrastructure, deployment, and operations across Docker, Kubernetes, Cloudflare, and Google Cloud Platform.

Platform Selection

NeedChooseWhy
Sub-50ms latency globallyCloudflare WorkersEdge computing, 300+ PoPs
Large file storage (zero egress)Cloudflare R2S3-compatible, no egress fees
SQL database (global reads)Cloudflare D1SQLite at the edge
Static site + APICloudflare PagesGit-based, auto-deploy
Containerized workloadsDocker + Cloud RunAuto-scaling, pay-per-use
Enterprise KubernetesGKEManaged K8s, Autopilot
Managed relational DBCloud SQLPostgreSQL/MySQL managed
Infrastructure as CodeTerraformMulti-cloud, declarative
CI/CD pipelinesGitHub ActionsNative Git integration

Quick Start

bash
# Docker: build + run
docker build -t myapp . && docker run -p 3000:3000 myapp

# Docker Compose: multi-service
docker compose up -d

# Cloudflare Worker
npx wrangler init my-worker && cd my-worker && npx wrangler deploy

# GCP Cloud Run
gcloud run deploy my-service --image gcr.io/project/image --region us-central1

# Kubernetes
kubectl apply -f manifests/ && kubectl get pods

# Terraform
terraform init && terraform plan && terraform apply

Reference Navigation

Containerization

  • Docker Fundamentals — Dockerfile best practices, multi-stage builds, layer caching, security
  • Docker Compose — Multi-service apps, networks, volumes, health checks, profiles
  • Container Optimization — Image size reduction, build caching, security scanning, distroless

Orchestration

  • Kubernetes Core — Pods, Deployments, Services, ConfigMaps, Secrets, Namespaces
  • Kubernetes Operations — kubectl mastery, debugging, resource management, scaling
  • Helm Charts — Chart structure, templates, values, hooks, repositories
  • Kubernetes Security — RBAC, NetworkPolicies, PodSecurityStandards, secrets management
  • GitOps & CI/CD — ArgoCD, Flux, GitHub Actions, progressive delivery

Cloud Platforms

Infrastructure as Code

Monitoring & Observability

  • Monitoring Stack — Prometheus, Grafana, alerting, SLIs/SLOs, log aggregation

Architecture Patterns

Development → Staging → Production

code
Local Dev:     Docker Compose (all services locally)
CI/CD:         GitHub Actions → build → test → push image
Staging:       Cloud Run (auto-deploy on PR merge to staging)
Production:    Cloud Run / GKE (deploy on release tag)

Cost Optimization

StrategySavings
Multi-stage Docker builds50-80% image size reduction
Cloudflare R2 over S3Zero egress fees
Spot/preemptible instances60-80% compute savings
Cloud Run vs always-onPay only for requests
Resource limits on K8sPrevent over-provisioning

Best Practices

Containers: Non-root user, multi-stage builds, .dockerignore, health checks, security scanning Kubernetes: Resource limits, PDB, HPA, NetworkPolicies, secrets encryption, namespace isolation CI/CD: Fast feedback (lint → unit → build → integration → deploy), cache dependencies, parallel jobs Security: Image scanning, RBAC, secrets in vault, TLS everywhere, audit logging Monitoring: RED metrics (Rate, Errors, Duration), SLIs/SLOs, alerting on symptoms not causes

Related Skills

SkillWhen to Use
rust-backend-advanceContainerizing Rust apps, deployment configs
databasesDatabase hosting, replication, backups
testingCI/CD test pipeline integration
debuggingProduction incident investigation