AI Agent Skill HUB

infrastructure

云原生基础设施。Kubernetes、Helm、Kustomize、Operator、CRD、GitOps、ArgoCD、Flux、IaC、Terraform、Pulumi、CDK。当用户提到 K8s、Helm、GitOps、IaC 时路由到此。

155 stars
bytelagod
View on GitHubInstallation ↓

Best use case

infrastructure is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

云原生基础设施。Kubernetes、Helm、Kustomize、Operator、CRD、GitOps、ArgoCD、Flux、IaC、Terraform、Pulumi、CDK。当用户提到 K8s、Helm、GitOps、IaC 时路由到此。

Teams using infrastructure should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/infrastructure/SKILL.md --create-dirs "https://raw.githubusercontent.com/telagod/code-abyss/main/skills/domains/infrastructure/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/infrastructure/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How infrastructure Compares

Feature / AgentinfrastructureStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

云原生基础设施。Kubernetes、Helm、Kustomize、Operator、CRD、GitOps、ArgoCD、Flux、IaC、Terraform、Pulumi、CDK。当用户提到 K8s、Helm、GitOps、IaC 时路由到此。

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# 云原生基础设施 · Infrastructure

```
GitOps控制平面(ArgoCD/Flux) → Kubernetes(Helm/Kustomize) → IaC(Terraform/Pulumi/CDK)
```

---

## Kubernetes

### Helm

结构:`Chart.yaml` + `values.yaml` + `templates/` + `_helpers.tpl`
- values:image/replicaCount/resources/autoscaling/probes/ingress/persistence
- 配置变更触发滚动:`checksum/config: {{ include | sha256sum }}`
- 安全:`runAsNonRoot: true, runAsUser: 1000`
- 命令:`helm lint` → `template --debug` → `install -f values-prod.yaml` → `upgrade --reuse-values` / `rollback`

### Kustomize

`base/` + `overlays/{dev,staging,production}/`
base:resources/commonLabels/configMapGenerator | overlay:namespace/patches/replicas/images
命令:`kubectl apply -k overlays/production` / `kubectl diff -k`

### Operator

CRD(openAPIV3Schema spec/status) → Controller(Get CR→构建期望态→Create/Update→更新Status) → OwnerReferences 级联删除
初始化:`operator-sdk init` → `create api` → `make manifests install`

### 部署策略

| 策略 | 实现 | 场景 |
|------|------|------|
| 滚动更新 | maxSurge/maxUnavailable | 默认 |
| 蓝绿 | 双 Deployment + Service selector 切换 | 零停机 |
| 金丝雀 | stable(9)+canary(1) 共享 Service | 渐进验证 |
| Flagger | `Canary` CRD + 自动分析指标 | 自动化金丝雀 |

### K8s 检查项

livenessProbe+readinessProbe | requests+limits | HPA | PDB | ResourceQuota | 镜像 Digest | Pod 反亲和 | External Secrets

---

## GitOps

| 特性 | ArgoCD | Flux |
|------|--------|------|
| UI | 强大 | Weave GitOps |
| 多集群 | 原生 | 原生 |
| 镜像自动更新 | Image Updater | 原生 |
| 渐进交付 | Argo Rollouts | Flagger |

ArgoCD:Application(source+destination) + `automated(prune:true, selfHeal:true)` + ApplicationSet(Git 目录生成器) + Rollouts(canary steps+AnalysisTemplate)
Flux:GitRepository → Kustomization(path+prune+healthChecks) + HelmRelease + ImageUpdateAutomation

### 多环境

```
fleet-infra/
├── clusters/{dev,staging,production}/
├── infrastructure/base + overlays/
└── apps/base + overlays/
```

密钥:Sealed Secrets(`kubeseal`加密提交 Git) | External Secrets Operator(AWS SM→自动同步)

---

## IaC

| 工具 | 语言 | 状态管理 | 云支持 |
|------|------|----------|--------|
| Terraform | HCL | S3+DynamoDB | 全平台 |
| Pulumi | Python/TS/Go | Pulumi Cloud | 全平台 |
| AWS CDK | Python/TS | CloudFormation | AWS |

Terraform:`modules/{vpc,eks}/` + `environments/{dev,prod}/` → `init` → `validate` → `plan -out=tfplan` → `apply tfplan`
Pulumi:ComponentResource + `pulumi.Config()` + `preview` → `up`
CDK:L2 Constructs + 跨 Stack 传参 + `synth` → `diff` → `deploy`

### IaC 检查项

模块化复用 | 环境隔离不同 State | 远程状态+锁定 | Provider 版本锁 | Secrets Manager | 统一标签 | Plan 审查再 Apply

## 触发词

Kubernetes、K8s、Helm、Kustomize、Operator、CRD、GitOps、ArgoCD、Flux、IaC、Terraform、Pulumi、CDK

Related Skills

name: parse-error

155
from telagod/code-abyss

this is not frontmatter

multi-script

155
from telagod/code-abyss

too many scripts

missing-description

155
from telagod/code-abyss

No description provided.

invalid-tools

155
from telagod/code-abyss

invalid tool name

clash-skill

155
from telagod/code-abyss

second duplicate

review

155
from telagod/code-abyss

Review skill. Read ~/.claude/skills/gstack/review/checklist.md before acting.

office-hours

155
from telagod/code-abyss

Office hours skill. Uses ~/.claude/skills/gstack/bin/gstack-config.

codex

155
from telagod/code-abyss

Should be skipped for codex host.

gstack

155
from telagod/code-abyss

Root gstack skill. Uses ~/.claude/skills/gstack/bin helpers.

verify-security

155
from telagod/code-abyss

安全校验关卡。自动扫描代码安全漏洞,检测危险模式,确保安全决策有文档记录。当魔尊提到安全扫描、漏洞检测、安全审计、代码安全、OWASP、注入检测、敏感信息泄露时使用。在新建模块、安全相关变更、攻防任务、重构完成时自动触发。

verify-quality

155
from telagod/code-abyss

代码质量校验关卡。检测复杂度、重复代码、命名规范、函数长度等质量指标。当魔尊提到代码质量、复杂度检查、代码异味、重构建议、lint检查、代码规范时使用。在复杂模块、重构完成时自动触发。

verify-module

155
from telagod/code-abyss

模块完整性校验关卡。扫描目录结构、检测缺失文档、验证代码与文档同步。当魔尊提到模块校验、文档检查、结构完整性、README检查、DESIGN检查时使用。在新建模块完成时自动触发。