DevOps IaC工程师指南：Terraform、Kubernetes、云平台与CI/CD实践

devops-iac-engineer by davila7/claude-code-templates

385 周安装量

23,500 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/davila7/claude-code-templates --skill devops-iac-engineer

自动化云服务开发运维

🇨🇳中文介绍

DevOps IaC 工程师

此技能帮助 DevOps 团队使用基础设施即代码原则设计、实施和维护云基础设施。在构建云架构、部署容器化应用、设置 CI/CD 流水线或实施可观测性和安全实践时使用此技能。

快速导航

Terraform & IaC : 查看 terraform.md 了解 Terraform 最佳实践和模式
Kubernetes & 容器 : 查看 kubernetes.md 了解容器编排
云平台 : 查看 cloud_platforms.md 了解 AWS、Azure、GCP 指南
CI/CD 流水线 : 查看 cicd.md 了解流水线设计和 GitOps
可观测性 : 查看 observability.md 了解监控和日志记录
安全 : 查看 security.md 了解 DevSecOps 实践
模板与工具 : 查看 templates.md 获取开箱即用的模板

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

关键 DevOps 术语（贯穿始终保持一致）

基础设施即代码 : 通过声明式代码文件管理基础设施
GitOps : 使用 Git 作为基础设施和应用程序的唯一事实来源
不可变基础设施 : 被替换而非修改的基础设施组件
服务网格 : 用于服务间通信的基础设施层
可观测性 : 从外部输出（日志、指标、追踪）理解系统状态的能力
SLI/SLO/SLA : 用于可靠性的服务等级指标/目标/协议
RTO/RPO : 用于灾难恢复的恢复时间目标/恢复点目标

工作流：基础设施实施

实施基础设施时，请遵循以下结构化方法：

理解需求
- 业务需求是什么？（新应用、迁移、扩展、合规性）
- 规模要求是什么？（流量、数据、地理分布）
- 约束条件是什么？（预算、时间线、法规）
- 依赖项是什么？（现有系统、数据源）
设计架构
- 选择合适的云平台和服务
- 为高可用性和容错性设计
- 规划网络拓扑和安全边界
- 识别数据流和存储需求
- 使用图表记录架构
选择 IaC 工具
- Terraform 用于多云基础设施配置
- Kubernetes 清单/Helm 用于容器编排
- 根据团队和需求选择 CI/CD 工具
- 如果需要，使用配置管理工具
实施基础设施
- 创建模块化、可重用的 IaC 代码
- 遵循安全最佳实践（参见 security.md）
- 实施适当的状态管理和版本控制
- 使用一致的命名和标记约定
- 记录代码并创建 README 文件
设置可观测性
- 为关键服务定义 SLI 和 SLO
- 实施日志记录、指标和追踪
- 创建仪表板和告警
- 设置日志聚合和分析
- 规划值班轮换和操作手册
实施 CI/CD
- 设计部署流水线阶段
- 实施自动化测试（单元、集成、端到端）
- 设置 GitOps 工作流
- 配置部署策略（蓝绿、金丝雀）
- 实施回滚程序
测试与验证
- 运行基础设施测试（安全、合规性、成本）
- 执行灾难恢复演练
- 负载测试和性能验证
- 安全扫描和渗透测试
- 记录测试结果和改进措施
部署与监控
- 执行分阶段发布
- 密切监控指标和日志
- 根据 SLO 进行验证
- 记录操作手册和故障排除指南
- 进行部署后审查

决策框架：工具选择

多云需求 → Terraform 或 Pulumi 仅限 AWS → Terraform、AWS CDK 或 CloudFormation 容器编排 → Kubernetes（EKS、GKE、AKS） 简单容器部署 → ECS、Cloud Run 或 App Service 配置管理 → Ansible 或云原生解决方案 GitOps 工作流 → ArgoCD 或 Flux CI/CD 流水线 → GitHub Actions、GitLab CI 或 Jenkins

常见挑战与解决方案

问题 : 代码与实际环境之间的基础设施漂移 解决方案 : 实施自动化漂移检测，在 CI/CD 中使用 terraform plan，启用生产环境只读访问，维护状态文件完整性

问题 : 密钥管理和凭证暴露 解决方案 : 使用云原生密钥管理器（AWS Secrets Manager、HashiCorp Vault），实施 SOPS 用于 Git 中的加密密钥，使用 IRSA/工作负载身份

问题 : 高昂的云成本和意外账单 解决方案 : 实施标记策略，使用成本分配标签，设置预算告警，合理调整资源规模，使用 Spot 实例，实施自动扩缩容

问题 : 复杂的 Kubernetes 配置 解决方案 : 使用 Helm 图表进行模板化，实施 Kustomize 用于环境特定配置，遵循 GitOps 模式，对复杂工作负载使用 Operator

与开发团队协作 : 提供自助服务平台，记录 API，将基础设施作为可重用模块共享
与安全团队协作 : 实施策略即代码，自动化合规性检查，提供审计跟踪
与 SRE 团队协作 : 共同定义 SLI/SLO，分担值班职责，协作进行事件响应
与财务团队协作 : 提供成本可见性，预测支出，实施成本分摊模型

如果您正在实施基础设施即代码，请从 terraform.md 开始
使用 kubernetes.md 进行容器编排
参考 templates.md 获取开箱即用的配置
查看 observability.md 以设置监控

注意 : 在实施更改之前，请务必验证当前基础设施状态、安全要求和合规性需求。此技能提供框架和最佳实践，但应根据您组织的特定需求进行调整。

🇺🇸English

DevOps IaC Engineer

This Skill helps DevOps teams design, implement, and maintain cloud infrastructure using Infrastructure as Code principles. Use this when building cloud architectures, deploying containerized applications, setting up CI/CD pipelines, or implementing observability and security practices.

Quick Navigation

Terraform & IaC: See terraform.md for Terraform best practices and patterns
Kubernetes & Containers: See kubernetes.md for container orchestration
Cloud Platforms : See cloud_platforms.md for AWS, Azure, GCP guidance
CI/CD Pipelines : See cicd.md for pipeline design and GitOps
Observability : See observability.md for monitoring and logging
Security : See security.md for DevSecOps practices
Templates & Tools: See templates.md for ready-to-use templates

Core Principles

Key DevOps Terminology (Consistent Throughout)

Infrastructure as Code (IaC) : Managing infrastructure through declarative code files
GitOps : Using Git as the single source of truth for infrastructure and applications
Immutable Infrastructure : Infrastructure components that are replaced rather than modified
Service Mesh : Infrastructure layer for service-to-service communication
Observability : Ability to understand system state from external outputs (logs, metrics, traces)
SLI/SLO/SLA : Service Level Indicators/Objectives/Agreements for reliability
RTO/RPO : Recovery Time Objective/Recovery Point Objective for disaster recovery

Workflow: Infrastructure Implementation

When implementing infrastructure, follow this structured approach:

Understand Requirements
- What is the business need? (new application, migration, scaling, compliance)
- What are the scale requirements? (traffic, data, geographic distribution)
- What are the constraints? (budget, timeline, regulatory)
- What are the dependencies? (existing systems, data sources)
Design Architecture
- Choose appropriate cloud platform(s) and services
- Design for high availability and fault tolerance
- Plan network topology and security boundaries
- Identify data flows and storage requirements
- Document architecture with diagrams
Select IaC Tools
- Terraform for multi-cloud infrastructure provisioning
- Kubernetes manifests/Helm for container orchestration
- CI/CD tool selection based on team and requirements
- Configuration management tools if needed
Implement Infrastructure
- Create modular, reusable IaC code
- Follow security best practices (see security.md)
- Implement proper state management and versioning
- Use consistent naming and tagging conventions
- Document code and create README files
Set Up Observability

Decision Framework: Tool Selection

Multi-Cloud Requirements → Terraform or Pulumi AWS-Only → Terraform, AWS CDK, or CloudFormation Container Orchestration → Kubernetes (EKS, GKE, AKS) Simple Container Deployment → ECS, Cloud Run, or App Service Configuration Management → Ansible or cloud-native solutions GitOps Workflows → ArgoCD or Flux CI/CD Pipelines → GitHub Actions, GitLab CI, or Jenkins

Common Challenges & Solutions

Problem : Infrastructure drift between code and reality Solution : Implement automated drift detection, use terraform plan in CI/CD, enable read-only production access, maintain state file integrity

Problem : Secrets management and credential exposure Solution : Use cloud-native secret managers (AWS Secrets Manager, HashiCorp Vault), implement SOPS for encrypted secrets in Git, use IRSA/workload identity

Problem : High cloud costs and unexpected bills Solution : Implement tagging strategy, use cost allocation tags, set up budget alerts, right-size resources, use spot instances, implement auto-scaling

Problem : Complex Kubernetes configurations Solution : Use Helm charts for templating, implement Kustomize for environment-specific configs, follow GitOps patterns, use operators for complex workloads

Collaboration Tips

With Development Teams : Provide self-service platforms, document APIs, share infrastructure as reusable modules
With Security Teams : Implement policy as code, automate compliance checks, provide audit trails
With SRE Teams : Define SLIs/SLOs together, share on-call responsibilities, collaborate on incident response
With Finance Teams : Provide cost visibility, forecast expenses, implement chargeback models

Next Steps

Start with terraform.md if you're implementing infrastructure as code
Use kubernetes.md for container orchestration
Reference templates.md for ready-to-use configurations
Check observability.md to set up monitoring

Note : Always verify current infrastructure state, security requirements, and compliance needs before implementing changes. This Skill provides frameworks and best practices but should be adapted to your organization's specific requirements.

Weekly Installs

326

Repository

davila7/claude-…emplates

GitHub Stars

22.6K

First Seen

Jan 21, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

opencode253

claude-code243

gemini-cli240

codex224

cursor212

github-copilot203

Azure Data Explorer (Kusto) 查询技能：KQL数据分析、日志遥测与时间序列处理

100,500 周安装

Define SLIs and SLOs for critical services

Implement logging, metrics, and tracing

Create dashboards and alerts

Set up log aggregation and analysis

Plan on-call rotation and runbooks

Implement CI/CD

Design deployment pipeline stages
Implement automated testing (unit, integration, e2e)
Set up GitOps workflows
Configure deployment strategies (blue/green, canary)
Implement rollback procedures

Test & Validate

Run infrastructure tests (security, compliance, cost)
Perform disaster recovery drills
Load testing and performance validation
Security scanning and penetration testing
Document test results and improvements

Deploy & Monitor

Execute phased rollout
Monitor metrics and logs closely
Validate against SLOs
Document runbooks and troubleshooting guides
Conduct post-deployment review