🇺🇸English
DevOps & Deployment Skill
Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.
Overview
- Setting up CI/CD pipelines
- Containerizing applications
- Deploying to Kubernetes or cloud platforms
- Implementing GitOps workflows
- Managing infrastructure as code
- Planning release strategies
Pipeline Architecture
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Code │──>│ Build │──>│ Test │──>│ Deploy │
│ Commit │ │ & Lint │ │ & Scan │ │ & Release │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
│ │ │ │
v v v v
Triggers Artifacts Reports Monitoring
Key Concepts
CI/CD Pipeline Stages
- Lint & Type Check - Code quality gates
- Unit Tests - Test coverage with reporting
- Security Scan - npm audit + Trivy vulnerability scanner
- Build & Push - Docker image to container registry
- Deploy Staging - Environment-gated deployment
- Deploy Production - Manual approval or automated
Container Best Practices
Multi-stage builds minimize image size:
- Stage 1: Install production dependencies only
- Stage 2: Build application with dev dependencies
- Stage 3: Production runtime with minimal footprint
Security hardening :
- Non-root user (uid 1001)
- Read-only filesystem where possible
- Health checks for orchestrator integration
Kubernetes Deployment
Essential manifests :
- Deployment with rolling update strategy
- Service for internal routing
- Ingress for external access with TLS
- HorizontalPodAutoscaler for scaling
Security context :
runAsNonRoot: trueallowPrivilegeEscalation: falsereadOnlyRootFilesystem: true- Drop all capabilities
Deployment Strategies
| Strategy | Use Case | Risk |
|---|
| Rolling | Default, gradual replacement | Low - automatic rollback |
| Blue-Green | Instant switch, easy rollback | Medium - double resources |
| Canary | Progressive traffic shift | Low - gradual exposure |
Rolling Update (Kubernetes default):
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 0 # Zero downtime
Secrets Management
Use External Secrets Operator to sync from cloud providers:
- AWS Secrets Manager
- HashiCorp Vault
- Azure Key Vault
- GCP Secret Manager
References
Docker Patterns
Load:Read("${CLAUDE_SKILL_DIR}/references/docker-patterns.md")
Key topics covered:
- Multi-stage build examples with 78% size reduction
- Layer caching optimization
- Security hardening (non-root, health checks)
- Trivy vulnerability scanning
- Docker Compose development setup
CI/CD Pipelines
Load:Read("${CLAUDE_SKILL_DIR}/references/ci-cd-pipelines.md")
Key topics covered:
- Branch strategy (Git Flow)
- GitHub Actions caching (85% time savings)
- Artifact management
- Matrix testing
- Complete backend CI/CD example
Kubernetes Basics
Load:Read("${CLAUDE_SKILL_DIR}/references/kubernetes-basics.md")
Key topics covered:
- Health probes (startup, liveness, readiness)
- Security context configuration
- PodDisruptionBudget
- Resource quotas
- StatefulSets for databases
- Helm chart structure
Environment Management
Load:Read("${CLAUDE_SKILL_DIR}/references/environment-management.md")
Key topics covered:
- External Secrets Operator
- GitOps with ArgoCD
- Terraform patterns (remote state, modules)
- Zero-downtime database migrations
- Alembic migration workflow
- Rollback procedures
Observability
Load:Read("${CLAUDE_SKILL_DIR}/references/observability.md")
Key topics covered:
- Prometheus metrics exposition
- Grafana dashboard queries (PromQL)
- Alerting rules for SLOs
- Golden signals (SRE)
- Structured logging
- Distributed tracing (OpenTelemetry)
Railway Deployment
Load:Read("${CLAUDE_SKILL_DIR}/rules/railway-deployment.md")
Key topics covered:
- railway.json configuration, Nixpacks builds
- Environment variable management, database provisioning
- Multi-service setups, Railway CLI workflows
- References:
${CLAUDE_SKILL_DIR}/references/railway-json-config.md, ${CLAUDE_SKILL_DIR}/references/nixpacks-customization.md, ${CLAUDE_SKILL_DIR}/references/multi-service-setup.md
Deployment Strategies
Load:Read("${CLAUDE_SKILL_DIR}/references/deployment-strategies.md")
Key topics covered:
- Rolling deployment
- Blue-green deployment
- Canary releases
- Traffic splitting with Istio
Deployment Checklist & Templates
Load: Read("${CLAUDE_SKILL_DIR}/references/checklists-and-templates.md") for pre/during/post-deployment checklists, Helm chart structure, template reference table, and extended thinking triggers.
Related Skills
zero-downtime-migration - Database migration patterns for zero-downtime deploymentssecurity-scanning - Security scanning integration for CI/CD pipelinesork:monitoring-observability - Monitoring and alerting for deployed applicationsork:database-patterns - Python/Alembic migration workflow for backend deploymentsportless (upstream) - Named .localhost URLs for multi-service local dev (portless alias api 8080)
Key Decisions
| Decision | Choice | Rationale |
|---|
| Container user | Non-root (uid 1001) | Security best practice, required by many orchestrators |
| Deployment strategy | Rolling update (default) | Zero downtime, automatic rollback, resource efficient |
| Secrets management | External Secrets Operator | Syncs from cloud providers, GitOps compatible |
| Health checks | Separate startup/liveness/readiness | Prevents premature traffic, enables graceful shutdown |
Capability Details
Load: Read("${CLAUDE_SKILL_DIR}/references/capability-details.md") for full keyword index and problem-solution mapping across all 6 capabilities (ci-cd, docker, kubernetes, infrastructure-as-code, deployment-strategies, observability).
Weekly Installs
181
Repository
yonatangross/orchestkit
GitHub Stars
132
First Seen
Feb 6, 2026
Security Audits
Gen Agent Trust HubPassSocketPassSnykPass
Installed on
github-copilot173
gemini-cli173
opencode172
codex171
cursor169
kimi-cli165
