DevOps与部署技能：CI/CD流水线、Kubernetes容器化、基础设施自动化完整指南

devops-%26-deployment by ariegoldkin/ai-agent-hub

8 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/ariegoldkin/ai-agent-hub --skill 'DevOps & Deployment'

自动化云服务开发运维

🇨🇳中文介绍

DevOps 与部署技能

用于 CI/CD 流水线、容器化、部署策略和基础设施自动化的综合框架。

使用场景

设置 CI/CD 流水线
容器化应用程序
部署到 Kubernetes 或云平台
实施 GitOps 工作流
以代码形式管理基础设施
规划发布策略

流水线架构

┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐
│   代码提交   │──▶│   构建与    │──▶│   测试与    │──▶│   部署与    │
│             │   │   代码检查  │   │   安全扫描  │   │   发布      │
└─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘
       │                 │                 │                 │
       ▼                 ▼                 ▼                 ▼
    触发器             制品              报告              监控

核心概念

CI/CD 流水线阶段

代码检查与类型检查 - 代码质量门禁
单元测试 - 包含报告的测试覆盖率
安全扫描 - npm audit + Trivy 漏洞扫描器
构建与推送 - Docker 镜像到容器仓库
部署到预发布环境 - 环境门控部署
部署到生产环境 - 手动批准或自动执行

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

策略	使用场景	风险
滚动更新	默认，逐步替换	低 - 自动回滚
蓝绿部署	即时切换，易于回滚	中 - 双倍资源
金丝雀发布	渐进式流量切换	低 - 逐步暴露

基础设施即代码

Terraform 模式：

使用 DynamoDB 锁的 S3 远程状态存储
基于模块的架构 (VPC, EKS, RDS)
环境特定的 tfvars 文件

AWS VPC + EKS + RDS 示例请参见 templates/terraform-aws.tf

使用 ArgoCD 的 GitOps

ArgoCD 监控 Git 仓库并同步集群状态：

带修剪的自动同步
自愈（漂移检测）
针对瞬时故障的重试策略

参见 templates/argocd-application.yaml

使用 External Secrets Operator 从云提供商同步：

AWS Secrets Manager
HashiCorp Vault
Azure Key Vault
GCP Secret Manager

参见 templates/external-secrets.yaml

CI 中所有测试通过
安全扫描无问题
数据库迁移准备就绪
回滚计划已记录

监控部署进度
观察错误率
验证健康检查通过

验证指标正常
检查日志是否有错误
更新状态页面

charts/app/
├── Chart.yaml
├── values.yaml
├── templates/
│   ├── deployment.yaml
│   ├── service.yaml
│   ├── ingress.yaml
│   ├── configmap.yaml
│   ├── secret.yaml
│   ├── hpa.yaml
│   └── _helpers.tpl
└── values/
    ├── staging.yaml
    └── production.yaml

扩展思考触发器

使用 Opus 4.5 扩展思考来处理：

架构决策 - Kubernetes 与无服务器，多区域设置
迁移规划 - 在云提供商之间迁移
事件响应 - 复杂的部署故障
安全设计 - 零信任架构

模板	用途
`github-actions-pipeline.yml`	包含 6 个阶段的完整 CI/CD 工作流
`Dockerfile`	多阶段 Node.js 构建
`docker-compose.yml`	开发环境
`k8s-manifests.yaml`	Deployment, Service, Ingress
`helm-values.yaml`	Helm chart 值文件
`terraform-aws.tf`	VPC, EKS, RDS 基础设施
`argocd-application.yaml`	GitOps 应用
`external-secrets.yaml`	Secrets Manager 集成

🇺🇸English

DevOps & Deployment Skill

Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.

When to Use

Setting up CI/CD pipelines
Containerizing applications
Deploying to Kubernetes or cloud platforms
Implementing GitOps workflows
Managing infrastructure as code
Planning release strategies

Pipeline Architecture

┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐
│    Code     │──▶│    Build    │──▶│    Test     │──▶│   Deploy    │
│   Commit    │   │   & Lint    │   │   & Scan    │   │  & Release  │
└─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘
       │                 │                 │                 │
       ▼                 ▼                 ▼                 ▼
   Triggers         Artifacts          Reports          Monitoring

Key Concepts

CI/CD Pipeline Stages

Lint & Type Check - Code quality gates
Unit Tests - Test coverage with reporting
Security Scan - npm audit + Trivy vulnerability scanner
Build & Push - Docker image to container registry
Deploy Staging - Environment-gated deployment
Deploy Production - Manual approval or automated

See templates/github-actions-pipeline.yml for complete GitHub Actions workflow

Container Best Practices

Multi-stage builds minimize image size:

Stage 1: Install production dependencies only
Stage 2: Build application with dev dependencies
Stage 3: Production runtime with minimal footprint

Security hardening :

Non-root user (uid 1001)
Read-only filesystem where possible
Health checks for orchestrator integration

See templates/Dockerfile and templates/docker-compose.yml

Kubernetes Deployment

Essential manifests :

Deployment with rolling update strategy
Service for internal routing
Ingress for external access with TLS
HorizontalPodAutoscaler for scaling

Security context :

runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
Drop all capabilities

Resource management :

Always set requests and limits
Use requests for scheduling, limits for throttling

See templates/k8s-manifests.yaml and templates/helm-values.yaml

Deployment Strategies

Strategy	Use Case	Risk
Rolling	Default, gradual replacement	Low - automatic rollback
Blue-Green	Instant switch, easy rollback	Medium - double resources
Canary	Progressive traffic shift	Low - gradual exposure

Rolling Update (Kubernetes default):

strategy:
  type: RollingUpdate
  rollingUpdate:
    maxSurge: 25%
    maxUnavailable: 0  # Zero downtime

Blue-Green : Deploy to standby environment, switch service selector Canary : Use Istio VirtualService for traffic splitting (10% → 50% → 100%)

Infrastructure as Code

Terraform patterns :

Remote state in S3 with DynamoDB locking
Module-based architecture (VPC, EKS, RDS)
Environment-specific tfvars files

See templates/terraform-aws.tf for AWS VPC + EKS + RDS example

GitOps with ArgoCD

ArgoCD watches Git repository and syncs cluster state:

Automated sync with pruning
Self-healing (drift detection)
Retry policies for transient failures

See templates/argocd-application.yaml

Secrets Management

Use External Secrets Operator to sync from cloud providers:

AWS Secrets Manager
HashiCorp Vault
Azure Key Vault
GCP Secret Manager

See templates/external-secrets.yaml

Deployment Checklist

Pre-Deployment

All tests passing in CI
Security scans clean
Database migrations ready
Rollback plan documented

During Deployment

Monitor deployment progress
Watch error rates
Verify health checks passing

Post-Deployment

Verify metrics normal
Check logs for errors
Update status page

Helm Chart Structure

charts/app/
├── Chart.yaml
├── values.yaml
├── templates/
│   ├── deployment.yaml
│   ├── service.yaml
│   ├── ingress.yaml
│   ├── configmap.yaml
│   ├── secret.yaml
│   ├── hpa.yaml
│   └── _helpers.tpl
└── values/
    ├── staging.yaml
    └── production.yaml

Extended Thinking Triggers

Use Opus 4.5 extended thinking for:

Architecture decisions - Kubernetes vs serverless, multi-region setup
Migration planning - Moving between cloud providers
Incident response - Complex deployment failures
Security design - Zero-trust architecture

Templates Reference

Template	Purpose
`github-actions-pipeline.yml`	Full CI/CD workflow with 6 stages
`Dockerfile`	Multi-stage Node.js build
`docker-compose.yml`	Development environment
`k8s-manifests.yaml`	Deployment, Service, Ingress
`helm-values.yaml`	Helm chart values
`terraform-aws.tf`

Weekly Installs

Repository

ariegoldkin/ai-agent-hub

GitHub Stars

First Seen

Jan 1, 1970