DevOps Engineering — Quick Reference

This skill equips teams with actionable templates, checklists, and patterns for building self-service platforms, automating infrastructure with GitOps, deploying securely with DevSecOps, scaling with Kubernetes, ensuring reliability through SRE practices, and operating production systems with strong observability.

Modern baseline (2026): IaC (Terraform/OpenTofu/Pulumi), GitOps (Argo CD/Flux), Kubernetes (follow upstream supported releases), OpenTelemetry + Prometheus/Grafana, supply-chain security (SBOM + signing + provenance), policy-as-code (OPA/Gatekeeper or Kyverno), and eBPF-powered networking/security/observability (e.g., Cilium + Tetragon).

Quick Reference

Decision Tree: Choosing DevOps Approach

What do you need to accomplish?
    ├─ Infrastructure provisioning?
    │   ├─ Cloud-agnostic → Terraform or OpenTofu (OSS fork)
    │   ├─ Programming-first → Pulumi (TypeScript/Python/Go)
    │   ├─ AWS-specific → CloudFormation or Terraform/OpenTofu
    │   ├─ GCP-specific → Deployment Manager or Terraform/OpenTofu
    │   └─ Azure-specific → ARM/Bicep or Terraform/OpenTofu
    │
    ├─ Application deployment?
    │   ├─ Kubernetes cluster?
    │   │   ├─ Simple deploy → kubectl apply -f manifests/
    │   │   ├─ Complex app → Helm charts
    │   │   └─ GitOps workflow → ArgoCD or FluxCD
    │   └─ Serverless?
    │       ├─ AWS → Lambda + SAM/Serverless Framework
    │       ├─ GCP → Cloud Functions
    │       └─ Azure → Azure Functions
    │
    ├─ CI/CD pipeline setup?
    │   ├─ GitHub-based → GitHub Actions (template-github-actions.md)
    │   ├─ GitLab-based → GitLab CI
    │   ├─ Enterprise → Jenkins or Tekton
    │   └─ Security-first → Add SAST/DAST/SCA scans (template-ci-cd.md)
    │
    ├─ Observability & monitoring?
    │   ├─ Metrics → Prometheus + Grafana
    │   ├─ Distributed tracing → Jaeger or OpenTelemetry
    │   ├─ Logs → Loki or ELK stack
    │   ├─ eBPF-based → Cilium + Hubble (sidecarless)
    │   └─ Unified platform → Datadog or New Relic
    │
    ├─ Incident management?
    │   ├─ On-call rotation → PagerDuty or Opsgenie
    │   ├─ Postmortem → template-postmortem.md
    │   └─ Communication → template-incident-comm.md
    │
    ├─ Platform engineering?
    │   ├─ Self-service → Backstage or Port (internal developer portal)
    │   ├─ Policy enforcement → OPA/Gatekeeper
    │   └─ Golden paths → Template repositories + automation
    │
    └─ Security hardening?
        ├─ Container scanning → Trivy or Grype
        ├─ Runtime security → Falco or Sysdig
        ├─ Secrets management → HashiCorp Vault or cloud-native KMS
        └─ Compliance → CIS Benchmarks, template-security-hardening.md

When to Use This Skill

Claude should invoke this skill when users request:

• Platform engineering patterns (self-service developer platforms, internal tools)
• GitOps workflows (ArgoCD, FluxCD, declarative infrastructure management)
• Infrastructure as Code patterns (Terraform, K8s manifests, policy as code)
• CI/CD pipelines with DevSecOps (GitHub Actions, security scanning, SAST/DAST/SCA)
• SRE incident management, escalation, and postmortem templates
• eBPF-based observability (Cilium, Hubble, kernel-level insights, OpenTelemetry)
• Kubernetes operational patterns (day-2 operations, resource management, workload placement)
• Cloud-native monitoring (Prometheus, Grafana, unified observability platforms)
• Team workflow, communication, handover guides, and runbooks

Resources (Best Practices Guides)

Operational best practices by domain:

• DevOps/SRE Operations: references/devops-best-practices.md - Core patterns for safe infrastructure changes, deployments, and incident response
• Platform Engineering: references/platform-engineering-patterns.md - Self-service platforms, golden paths, internal developer portals, policy as code
• GitOps Workflows: references/gitops-workflows.md - Continuous reconciliation, multi-environment promotion, ArgoCD/FluxCD patterns, progressive delivery
• SRE Incident Management: references/sre-incident-management.md - Severity classification, escalation procedures, blameless postmortems, alert correlation, and runbooks
• Operational Standards: references/operational-patterns.md - Platform engineering blueprints, CI/CD safety, SLOs, and reliability drills
• AIOps: references/aiops-patterns.md - Self-healing systems, automated operations, AI-assisted analysis

Templates (Copy-Paste Ready)

Production templates organized by tech stack:

AWS Cloud

• assets/aws/template-aws-ops.md - AWS service operations and best practices
• assets/aws/template-aws-terraform.md - Terraform modules for AWS infrastructure
• assets/aws/template-cost-optimization.md - AWS cost optimization strategies

GCP Cloud

• assets/gcp/template-gcp-ops.md - GCP service operations
• assets/gcp/template-gcp-terraform.md - Terraform modules for GCP

Azure Cloud

• assets/azure/template-azure-ops.md - Azure service operations

Kubernetes

• assets/kubernetes/template-kubernetes-ops.md - Day-to-day K8s operations
• assets/kubernetes/template-ha-dr.md - High availability and disaster recovery
• assets/kubernetes/template-platform-api.md - Platform API patterns
• assets/kubernetes/template-k8s-deploy.yaml - Deployment manifests

Docker

• assets/docker/template-docker-ops.md - Container build, security, and operations

Kafka

• assets/kafka/template-kafka-ops.md - Kafka cluster operations and streaming

Terraform & IaC

• assets/terraform-iac/template-iac-terraform.md - Infrastructure as Code patterns
• assets/terraform-iac/template-module.md - Reusable Terraform modules
• assets/terraform-iac/template-env-promotion.md - Environment promotion strategies

CI/CD Pipelines

• assets/cicd-pipelines/template-ci-cd.md - General CI/CD patterns
• assets/cicd-pipelines/template-github-actions.md - GitHub Actions workflows
• assets/cicd-pipelines/template-gitops.md - GitOps deployment patterns
• assets/cicd-pipelines/template-release-safety.md - Safe release practices

Monitoring & Observability

• assets/monitoring-observability/template-slo.md - Service level objectives
• assets/monitoring-observability/template-alert-rules.md - Alert configuration
• assets/monitoring-observability/template-observability-slo.md - Observability patterns
• assets/monitoring-observability/template-loadtest-perf.md - Load testing and performance

Incident Response

• assets/incident-response/template-postmortem.md - Incident postmortems
• assets/incident-response/template-runbook-starter.md - Runbook starter template
• assets/incident-response/template-incident-comm.md - Incident communication
• assets/incident-response/template-incident-response.md - Incident response procedures

Security

• assets/security/template-security-hardening.md - Security hardening checklists

Shared Utilities

Centralized patterns from software-clean-code-standard — extract, don't duplicate:

• config-validation.md — Zod 3.24+, secrets management (Vault, 1Password, Doppler)
• resilience-utilities.md — p-retry v6, circuit breaker, OTel spans
• logging-utilities.md — pino v9 + OpenTelemetry integration
• observability-utilities.md — OpenTelemetry SDK, tracing, metrics

Related Skills

Operations & Infrastructure:

• ../qa-resilience/SKILL.md — Resilience, chaos engineering, and failure handling patterns
• ../data-sql-optimization/SKILL.md — Database tuning, high availability, and migrations
• ../qa-observability/SKILL.md — Monitoring, tracing, profiling, and performance optimization
• ../qa-debugging/SKILL.md — Production debugging, log analysis, and root cause investigation

Security & Compliance:

• ../software-security-appsec/SKILL.md — Application-layer security patterns and OWASP best practices

Software Development:

• ../software-backend/SKILL.md — Service-level design and integration patterns
• ../software-architecture-design/SKILL.md — System design, scalability, and architectural patterns
• ../dev-api-design/SKILL.md — RESTful API design and versioning
• ../dev-git-workflow/SKILL.md — Git branching strategies and CI/CD integration

Optional: AI/Automation (Related Skills):

• ../ai-mlops/SKILL.md — ML model deployment, monitoring, and lifecycle management

Cost Governance & Capacity Planning

assets/cost-governance/template-cost-governance.md — Production cost control for cloud infrastructure.

Key Sections

• Cost Governance Framework — Tagging strategy, budget alerts, anomaly detection
• Cloud Cost Optimization — Right-sizing, reserved capacity, storage tiering
• Kubernetes Cost Control — Resource requests/limits, quotas, autoscaler config
• Capacity Planning — Utilization baseline, growth projections, scaling triggers
• FinOps Practices — Monthly review agenda, optimization workflow

Do / Avoid

Do

• Tag all resources at creation time
• Set budget alerts before hitting limits
• Review right-sizing recommendations monthly
• Use spot/preemptible for fault-tolerant workloads
• Set Kubernetes resource requests on all pods
• Enable cluster autoscaler with scale-down
• Document capacity planning assumptions
• Run blameless postmortems after every SEV1/2

Avoid

Optional: AI/Automation (AIOps)

AI can assist with analysis and triage, but infrastructure/cost/incident decisions require human approval and an audit trail.

See references/aiops-patterns.md for self-healing systems, automated operations, AI-assisted analysis, and bounded claims.

Operational Deep Dives

See references/operational-patterns.md for:

• Platform engineering blueprints and GitOps reconciliation checklists
• DevSecOps CI/CD gates, SLO/SLI playbooks, and rollout verification steps
• Observability patterns (eBPF), incident noise reduction, and reliability drills

External Resources

See data/sources.json for curated sources organized by tech stack:

• Cloud Platforms: AWS, GCP, Azure documentation and best practices
• Container Orchestration: Kubernetes, Helm, Kustomize, Docker
• Infrastructure as Code: Terraform, OpenTofu, Pulumi, CloudFormation, ARM templates
• CI/CD & GitOps: GitHub Actions, GitLab CI, Jenkins, ArgoCD, FluxCD
• Streaming: Apache Kafka, Confluent, Strimzi
• Monitoring: Prometheus, Grafana, Datadog, OpenTelemetry, Jaeger, Cilium/Hubble, Tetragon
• SRE: Google SRE books, incident response patterns
• Security: OWASP DevSecOps, CIS Benchmarks, Trivy, Falco
• Tools: kubectl, k9s, stern, Cosign, Syft, Terragrunt

Use this skill as a hub for safe, modern, and production-grade DevOps patterns. All templates and patterns are operational—no theory or book summaries.

Trend Awareness Protocol

When users ask recommendation questions about DevOps, platform engineering, or cloud infrastructure, validate time-sensitive details (versions, deprecations, licensing, major releases) against primary sources.

Trigger Conditions

• "What's the best tool for [Kubernetes/IaC/CI-CD/monitoring]?"
• "What should I use for [container orchestration/GitOps/observability]?"
• "What's the latest in DevOps/platform engineering?"
• "Current best practices for [Terraform/ArgoCD/Prometheus]?"
• "Is [tool/approach] still relevant in 2026?"
• "[Kubernetes] vs [alternative]?" or "[ArgoCD] vs [FluxCD]?"
• "Best cloud provider for [use case]?"
• "What orchestration/monitoring tool should I use?"

Minimum Verification (Preferred Order)

1. Check the official docs + release notes linked in data/sources.json for the specific tools you recommend.
2. If internet access is available, confirm recent releases, breaking changes, and deprecations from those release pages.
3. If internet access is not available, state that versions may have changed and focus on stable selection criteria (operational fit, ecosystem, maturity, team skills, compliance).

What to Report

After searching, provide:

• Current landscape: What tools/approaches are popular NOW (not 6 months ago)
• Emerging trends: New tools, patterns, or practices gaining traction
• Deprecated/declining: Tools/approaches losing relevance or support
• Recommendation: Based on fresh data, not just static knowledge

Example Topics (verify with fresh search)

• Kubernetes versions and ecosystem tools (1.33+, Cilium, Gateway API)
• Infrastructure as Code (Terraform, OpenTofu, Pulumi, CDK)
• GitOps platforms (ArgoCD, FluxCD, Codefresh)
• Observability stacks (OpenTelemetry, Grafana stack, Datadog)
• Platform engineering tools (Backstage, Port, Kratix)
• CI/CD platforms (GitHub Actions, GitLab CI, Dagger)
• Cloud-native security (Falco, Trivy, policy engines)

Fact-Checking

• Use web search/web fetch to verify current external facts, versions, pricing, deadlines, regulations, or platform behavior before final answers.
• Prefer primary sources; report source links and dates for volatile information.
• If web access is unavailable, state the limitation and mark guidance as unverified.