← ClaudeAtlas

devops-best-practiceslisted

Opinionated production-grade DevOps defaults for Terraform, Kubernetes, CI/CD, Docker, cloud security, observability, cost, and disaster recovery. ALWAYS use when generating, reviewing, or modifying any infrastructure code, Kubernetes manifests (Deployment, Service, StatefulSet, Helm, Kustomize), Terraform (.tf, modules, state), Dockerfiles, docker-compose, CI/CD pipelines (.github/workflows, .gitlab-ci.yml, Jenkinsfile), cloud resources (AWS/GCP/Azure), IAM policies, security groups, observability setup (Prometheus, Grafana, OpenTelemetry), or DNS/TLS/CDN config — even if the user does not explicitly ask for best practices. Prevents the failure modes that hurt production teams most often: missing PDBs, single replicas in prod, latest image tags, public S3 buckets, long-lived credentials, missing observability, and CI/CD supply-chain risks. Apply opinionated defaults by default; surface tradeoffs when the user has reason to deviate.
ronalships/claude-devops-skill · ★ 0 · DevOps & Infrastructure · score 72
Install: claude install-skill ronalships/claude-devops-skill
# DevOps Best Practices This skill encodes opinionated, production-grade DevOps defaults. Apply them whenever generating or reviewing infrastructure code. When the user's request conflicts with a default below, surface the conflict and explain the tradeoff — don't silently override. These are **opinionated**. Other valid approaches exist. The opinions here are chosen because they prevent the failure modes that hurt teams most often in real production environments. --- ## When to use this skill Trigger whenever the task involves any of: - Terraform files (`*.tf`, `*.tfvars`), Terragrunt, Pulumi, CDK - Kubernetes manifests (Deployment, Service, Ingress, StatefulSet, etc.), Helm charts, Kustomize overlays - Dockerfiles, `docker-compose.yml` - CI/CD config (`.github/workflows/*.yml`, `.gitlab-ci.yml`, Jenkinsfile, CircleCI, Buildkite) - Cloud provider SDKs or CLIs (AWS, GCP, Azure) - IAM policies, security groups, network ACLs - Observability config (Prometheus, Grafana, OpenTelemetry, Datadog, CloudWatch) - Shell scripts deployed to servers (`/etc/init.d`, systemd units, deploy scripts) - DNS, TLS, CDN configuration If unsure, default to applying the safety and security sections (they almost never hurt). --- ## Foundational principles (apply to everything) 1. **Default to safety over convenience.** A slightly harder UX that prevents production incidents wins. 2. **Default to least privilege.** Start with zero permissions and add only what the workload demonstrably need