DevOps Engineering — Quick Reference Skill

DevOps Engineering — Quick Reference

This skill equips teams with actionable templates, checklists, and patterns for building self-service platforms, automating infrastructure with GitOps, deploying securely with DevSecOps, scaling with Kubernetes, ensuring reliability through SRE practices, and operating production systems with strong observability.

Modern baseline (2026): IaC (Terraform/OpenTofu/Pulumi), GitOps (Argo CD/Flux), Kubernetes (follow upstream supported releases), OpenTelemetry + Prometheus/Grafana, supply-chain security (SBOM + signing + provenance), policy-as-code (OPA/Gatekeeper or Kyverno), and eBPF-powered networking/security/observability (e.g., Cilium + Tetragon).

Quick Reference

| Task | Tool/Framework | Command | When to Use | |------|----------------|---------|-------------| | Infrastructure as Code | Terraform / OpenTofu | terraform plan && terraform apply | Provision cloud resources declaratively | | GitOps Deployment | Argo CD / Flux | argocd app sync myapp | Continuous reconciliation, declarative deployments | | Container Build | Docker Engine | docker build -t app:v1 . | Package applications with dependencies | | Kubernetes Deployment | kubectl / Helm (Kubernetes) | kubectl apply -f deploy.yaml / helm upgrade app ./chart | Deploy to K8s cluster, manage releases | | CI/CD Pipeline | GitHub Actions | Define workflow in .github/workflows/ci.yml | Automated testing, building, deploying | | Security Scanning | Trivy / Falco / Tetragon | trivy image myapp:latest | Vulnerability scanning, runtime security, eBPF enforcement | | Monitoring & Alerts | Prometheus + Grafana | Configure ServiceMonitor and AlertManager | Observability, SLO tracking, incident alerts | | Load Testing | k6 / Locust | k6 run load-test.js | Performance validation, capacity planning | | Incident Response | PagerDuty / Opsgenie | Configure escalation policies | On-call management, automated escalation | | Platform Engineering | Backstage / Port | Deploy internal developer portal | Self-service infrastructure, golden paths |

Decision Tree: Choosing DevOps Approach

What do you need to accomplish?
    ├─ Infrastructure provisioning?
    │   ├─ Cloud-agnostic → Terraform or OpenTofu (OSS fork)
    │   ├─ Programming-first → Pulumi (TypeScript/Python/Go)
    │   ├─ AWS-specific → CloudFormation or Terraform/OpenTofu
    │   ├─ GCP-specific → Deployment Manager or Terraform/OpenTofu
    │   └─ Azure-specific → ARM/Bicep or Terraform/OpenTofu
    │
    ├─ Application deployment?
    │   ├─ Kubernetes cluster?
    │   │   ├─ Simple deploy → kubectl apply -f manifests/
    │   │   ├─ Complex app → Helm charts
    │   │   └─ GitOps workflow → ArgoCD or FluxCD
    │   └─ Serverless?
    │       ├─ AWS → Lambda + SAM/Serverless Framework
    │       ├─ GCP → Cloud Functions
    │       └─ Azure → Azure Functions
    │
    ├─ CI/CD pipeline setup?
    │   ├─ GitHub-based → GitHub Actions (template-github-actions.md)
    │   ├─ GitLab-based → GitLab CI
    │   ├─ Enterprise → Jenkins or Tekton
    │   └─ Security-first → Add SAST/DAST/SCA scans (template-ci-cd.md)
    │
    ├─ Observability & monitoring?
    │   ├─ Metrics → Prometheus + Grafana
    │   ├─ Distributed tracing → Jaeger or OpenTelemetry
    │   ├─ Logs → Loki or ELK stack
    │   ├─ eBPF-based → Cilium + Hubble (sidecarless)
    │   └─ Unified platform → Datadog or New Relic
    │
    ├─ Incident management?
    │   ├─ On-call rotation → PagerDuty or Opsgenie
    │   ├─ Postmortem → template-postmortem.md
    │   └─ Communication → template-incident-comm.md
    │
    ├─ Platform engineering?
    │   ├─ Self-service → Backstage or Port (internal developer portal)
    │   ├─ Policy enforcement → OPA/Gatekeeper
    │   └─ Golden paths → Template repositories + automation
    │
    └─ Security hardening?
        ├─ Container scanning → Trivy or Grype
        ├─ Runtime security → Falco or Sysdig
        ├─ Secrets management → HashiCorp Vault or cloud-native KMS
        └─ Compliance → CIS Benchmarks, template-security-hardening.md

When to Use This Skill

Claude should invoke this skill when users request:

Platform engineering patterns (self-service developer platforms, internal tools)
GitOps workflows (ArgoCD, FluxCD, declarative infrastructure management)
Infrastructure as Code patterns (Terraform, K8s manifests, policy as code)
CI/CD pipelines with DevSecOps (GitHub Actions, security scanning, SAST/DAST/SCA)
SRE incident management, escalation, and postmortem templates
eBPF-based observability (Cilium, Hubble, kernel-level insights, OpenTelemetry)
Kubernetes operational patterns (day-2 operations, resource management, workload placement)
Cloud-native monitoring (Prometheus, Grafana, unified observability platforms)
Team workflow, communication, handover guides, and runbooks

Resources (Best Practices Guides)

Operational best practices by domain:

DevOps/SRE Operations: references/devops-best-practices.md - Core patterns for safe infrastructure changes, deployments, and incident response
Platform Engineering: references/platform-engineering-patterns.md - Self-service platforms, golden paths, internal developer portals, policy as code
GitOps Workflows: references/gitops-workflows.md - Continuous reconciliation, multi-environment promotion, ArgoCD/FluxCD patterns, progressive delivery
SRE Incident Management: references/sre-incident-management.md - Severity classification, escalation procedures, blameless postmortems, alert correlation, and runbooks
Operational Standards: references/operational-patterns.md - Platform engineering blueprints, CI/CD safety, SLOs, and reliability drills
AIOps: references/aiops-patterns.md - Self-healing systems, automated operations, AI-assisted analysis

Templates (Copy-Paste Ready)

Production templates organized by tech stack:

AWS Cloud

assets/aws/template-aws-ops.md - AWS service operations and best practices
assets/aws/template-aws-terraform.md - Terraform modules for AWS infrastructure
assets/aws/template-cost-optimization.md - AWS cost optimization strategies

Docker

assets/docker/template-docker-ops.md - Container build, security, and operations

Kafka

assets/kafka/template-kafka-ops.md - Kafka cluster operations and streaming

Terraform & IaC

assets/terraform-iac/template-iac-terraform.md - Infrastructure as Code patterns
assets/terraform-iac/template-module.md - Reusable Terraform modules
assets/terraform-iac/template-env-promotion.md - Environment promotion strategies

CI/CD Pipelines

assets/cicd-pipelines/template-ci-cd.md - General CI/CD patterns
assets/cicd-pipelines/template-github-actions.md - GitHub Actions workflows
assets/cicd-pipelines/template-gitops.md - GitOps deployment patterns
assets/cicd-pipelines/template-release-safety.md - Safe release practices

Monitoring & Observability

assets/monitoring-observability/template-slo.md - Service level objectives
assets/monitoring-observability/template-alert-rules.md - Alert configuration
assets/monitoring-observability/template-observability-slo.md - Observability patterns
assets/monitoring-observability/template-loadtest-perf.md - Load testing and performance

Incident Response

assets/incident-response/template-postmortem.md - Incident postmortems
assets/incident-response/template-runbook-starter.md - Runbook starter template
assets/incident-response/template-incident-comm.md - Incident communication
assets/incident-response/template-incident-response.md - Incident response procedures

Security

assets/security/template-security-hardening.md - Security hardening checklists

Shared Utilities

Centralized patterns from software-clean-code-standard — extract, don't duplicate:

config-validation.md — Zod 3.24+, secrets management (Vault, 1Password, Doppler)
resilience-utilities.md — p-retry v6, circuit breaker, OTel spans
logging-utilities.md — pino v9 + OpenTelemetry integration
observability-utilities.md — OpenTelemetry SDK, tracing, metrics

Related Skills

Operations & Infrastructure:

../qa-resilience/SKILL.md — Resilience, chaos engineering, and failure handling patterns
../data-sql-optimization/SKILL.md — Database tuning, high availability, and migrations
../qa-observability/SKILL.md — Monitoring, tracing, profiling, and performance optimization
../qa-debugging/SKILL.md — Production debugging, log analysis, and root cause investigation

Security & Compliance:

../software-security-appsec/SKILL.md — Application-layer security patterns and OWASP best practices

Software Development:

../software-backend/SKILL.md — Service-level design and integration patterns
../software-architecture-design/SKILL.md — System design, scalability, and architectural patterns
../dev-api-design/SKILL.md — RESTful API design and versioning
../dev-git-workflow/SKILL.md — Git branching strategies and CI/CD integration

Optional: AI/Automation (Related Skills):

../ai-mlops/SKILL.md — ML model deployment, monitoring, and lifecycle management

Cost Governance & Capacity Planning

assets/cost-governance/template-cost-governance.md — Production cost control for cloud infrastructure.

Key Sections

Cost Governance Framework — Tagging strategy, budget alerts, anomaly detection
Cloud Cost Optimization — Right-sizing, reserved capacity, storage tiering
Kubernetes Cost Control — Resource requests/limits, quotas, autoscaler config
Capacity Planning — Utilization baseline, growth projections, scaling triggers
FinOps Practices — Monthly review agenda, optimization workflow

Do / Avoid

Do

Tag all resources at creation time
Set budget alerts before hitting limits
Review right-sizing recommendations monthly
Use spot/preemptible for fault-tolerant workloads
Set Kubernetes resource requests on all pods
Enable cluster autoscaler with scale-down
Document capacity planning assumptions
Run blameless postmortems after every SEV1/2

Avoid

| Anti-Pattern | Problem | Fix | |--------------|---------|-----| | No cost tags | Can't attribute spend | Enforce tags in CI/CD | | Dev runs 24/7 | ~70% waste | Scheduled shutdown | | Over-provisioned | Paying for idle capacity | Monthly right-sizing review | | No reservations | On-demand premium | 60-70% reserved coverage target | | Alert fatigue | Real issues missed | SLO-based alerting, tuned thresholds | | Snowflake infra | Unreproducible, undocumented | Everything in Terraform/IaC | | Clickops drift | Config outside IaC | Enforce GitOps reconciliation | | No postmortems | Same incidents repeat | Blameless postmortem for SEV1/2 |

Optional: AI/Automation (AIOps)

AI can assist with analysis and triage, but infrastructure/cost/incident decisions require human approval and an audit trail.

See references/aiops-patterns.md for self-healing systems, automated operations, AI-assisted analysis, and bounded claims.

Operational Deep Dives

See references/operational-patterns.md for:

Platform engineering blueprints and GitOps reconciliation checklists
DevSecOps CI/CD gates, SLO/SLI playbooks, and rollout verification steps
Observability patterns (eBPF), incident noise reduction, and reliability drills

External Resources

See data/sources.json for curated sources organized by tech stack:

Cloud Platforms: AWS, GCP, Azure documentation and best practices
Container Orchestration: Kubernetes, Helm, Kustomize, Docker
Infrastructure as Code: Terraform, OpenTofu, Pulumi, CloudFormation, ARM templates
CI/CD & GitOps: GitHub Actions, GitLab CI, Jenkins, ArgoCD, FluxCD
Streaming: Apache Kafka, Confluent, Strimzi
Monitoring: Prometheus, Grafana, Datadog, OpenTelemetry, Jaeger, Cilium/Hubble, Tetragon
SRE: Google SRE books, incident response patterns
Security: OWASP DevSecOps, CIS Benchmarks, Trivy, Falco
Tools: kubectl, k9s, stern, Cosign, Syft, Terragrunt

Use this skill as a hub for safe, modern, and production-grade DevOps patterns. All templates and patterns are operational—no theory or book summaries.

Trend Awareness Protocol

When users ask recommendation questions about DevOps, platform engineering, or cloud infrastructure, validate time-sensitive details (versions, deprecations, licensing, major releases) against primary sources.

Trigger Conditions

"What's the best tool for [Kubernetes/IaC/CI-CD/monitoring]?"
"What should I use for [container orchestration/GitOps/observability]?"
"What's the latest in DevOps/platform engineering?"
"Current best practices for [Terraform/ArgoCD/Prometheus]?"
"Is [tool/approach] still relevant in 2026?"
"[Kubernetes] vs [alternative]?" or "[ArgoCD] vs [FluxCD]?"
"Best cloud provider for [use case]?"
"What orchestration/monitoring tool should I use?"

Minimum Verification (Preferred Order)

Check the official docs + release notes linked in data/sources.json for the specific tools you recommend.
If internet access is available, confirm recent releases, breaking changes, and deprecations from those release pages.
If internet access is not available, state that versions may have changed and focus on stable selection criteria (operational fit, ecosystem, maturity, team skills, compliance).

What to Report

After searching, provide:

Current landscape: What tools/approaches are popular NOW (not 6 months ago)
Emerging trends: New tools, patterns, or practices gaining traction
Deprecated/declining: Tools/approaches losing relevance or support
Recommendation: Based on fresh data, not just static knowledge

Example Topics (verify with fresh search)

Kubernetes versions and ecosystem tools (1.33+, Cilium, Gateway API)
Infrastructure as Code (Terraform, OpenTofu, Pulumi, CDK)
GitOps platforms (ArgoCD, FluxCD, Codefresh)
Observability stacks (OpenTelemetry, Grafana stack, Datadog)
Platform engineering tools (Backstage, Port, Kratix)
CI/CD platforms (GitHub Actions, GitLab CI, Dagger)
Cloud-native security (Falco, Trivy, policy engines)

Fact-Checking

Use web search/web fetch to verify current external facts, versions, pricing, deadlines, regulations, or platform behavior before final answers.
Prefer primary sources; report source links and dates for volatile information.
If web access is unavailable, state the limitation and mark guidance as unverified.

Agent Skills: DevOps Engineering — Quick Reference

Install this agent skill to your local

Skill Files