Agent-Skills.md

Agent Skills: Platform Orchestrator

Orchestrates all skills for unified platform deployment. All services enabled by default. Run from bastion server.

UncategorizedID: nmime/infra-skills/platform-orchestrator

Repository

nmime/infra-skills
nmime

Install this agent skill to your local

pnpm dlx add-skill https://github.com/nmime/infra-skills/tree/HEAD/infra/platform-orchestrator

Skill Files

Browse the full folder contents for platform-orchestrator.

Download Skill

Loading file tree…

infra/platform-orchestrator/SKILL.md

Skill Metadata

Name
platform-orchestrator
Description
Orchestrates all skills for unified platform deployment. All services enabled by default. Run from bastion server.

Platform Orchestrator

Unified deployment orchestration. All services enabled by default. All deployments are idempotent - safe to run multiple times.

Cloud Provider Support

| Provider | LoadBalancer | Status | |----------|--------------|--------| | hetzner | Hetzner CCM | Default | | aws | AWS Cloud Provider | Supported | | gcp | GCP Cloud Provider | Supported | | azure | Azure Cloud Provider | Supported | | baremetal | MetalLB | For bare metal / other clouds |

Set in platform.yaml:

infrastructure:
  cloud_provider: hetzner  # hetzner | aws | gcp | azure | baremetal

Naming Convention

All resources use consistent naming: {project}-{resource}

| Resource | Pattern | Example | |----------|---------|--------| | Network | {project}-network | myapp-network | | Bastion | {project}-bastion | myapp-bastion | | Masters | {project}-master-{n} | myapp-master-1 | | Workers | {project}-worker-{n} | myapp-worker-1 | | Load Balancer | {project}-lb | myapp-lb | | K8s Namespaces | Service name | gitlab, argocd, monitoring |

Default project name: k8s (configurable in platform.yaml)

Services (All Enabled by Default)

| Service | Default | DNS Records | |---------|---------|-------------| | GitLab | ✅ enabled | gitlab, registry | | ArgoCD | ✅ enabled | argocd | | Grafana | ✅ enabled | grafana | | VictoriaMetrics | ✅ enabled | victoriametrics | | Loki | ✅ enabled | loki | | MinIO | ✅ enabled | minio, s3 | | Vault | ✅ enabled | vault | | PostgreSQL | ✅ enabled | - | | KEDA | ✅ enabled | - | | Headscale VPN | ✅ enabled | vpn |

Always included: @, *, api, app

Managed Skills

| Skill | Responsibility | Provider | |-------|---------------|----------| | hetzner-infra | Servers, networks, LB, DNS | Hetzner only | | k8s-cluster-management | Kubernetes, Cilium, TLS, CCM/MetalLB | All providers | | network-security | VPN (Headscale), firewall | All providers | | minio-storage | S3 storage | All providers | | k8s-secrets | Vault + ESO | All providers | | k8s-databases | PostgreSQL | All providers | | gitlab-selfhosted | GitLab CE | All providers | | k8s-gitops | ArgoCD | All providers | | k8s-observability | Monitoring | All providers | | k8s-autoscaling | KEDA | All providers |

Note: For non-Hetzner providers, provision infrastructure manually or with your cloud's tools (Terraform, CloudFormation, etc.), then run k8s-cluster-management.

Operations

Run from bastion server. See reference files for detailed procedures:

Autonomous Deployment

Do not ask the user to do tasks that can be automated. Configure DNS, provision servers, install services - proceed autonomously. Only ask when user input is truly required (credentials, domain choice, tier selection).

Deployment Order

1. infra      → hetzner-infra (servers, network, LB)
2. dns        → hetzner-infra (records for enabled services) ← configure automatically
3. cluster    → k8s-cluster-management (Kubespray)
4. tls        → k8s-cluster-management (cert-manager)
5. minio      → minio-storage
6. secrets    → k8s-secrets (Vault)
7. databases  → k8s-databases (PostgreSQL)
8. gitlab     → gitlab-selfhosted
9. gitops     → k8s-gitops (ArgoCD)
10. observability → k8s-observability
11. autoscaling   → k8s-autoscaling (KEDA)

Tiers

| Tier | Cost | Nodes | HA | Use Case | |------|------|-------|----|----------| | minimal | ~€18-20/mo | 2 | ❌ | Dev, testing, learning | | small | ~€28-35/mo | 3 | ❌ | Startups, staging | | medium | ~€34/mo | 5 | ✅ | Small production | | production | ~€48/mo | 6 | ✅ | Full production |

See profiles/*.yaml for full configs.

Service Dependencies

| Service | Required Dependencies | Optional | |---------|----------------------|----------| | MinIO | K8s cluster | - | | Vault | K8s cluster | - | | PostgreSQL | K8s cluster | - | | GitLab | K8s, PostgreSQL, MinIO | Vault | | ArgoCD | K8s cluster | GitLab | | Loki | K8s cluster, MinIO | - | | VictoriaMetrics | K8s cluster | - | | Grafana | K8s, VictoriaMetrics | Loki | | KEDA | K8s cluster | - | | Headscale | Bastion server | - |

Reference Files