---

name: DevOps & Deployment description: Use when setting up CI/CD pipelines, containerizing applications, deploying to Kubernetes, or writing infrastructure as code. DevOps & Deployment covers GitHub Actions, Docker, Helm, and Terraform patterns. tags: [devops, ci-cd, docker, kubernetes, terraform] context: fork agent: data-pipeline-engineer version: 1.0.0 category: Infrastructure & Deployment agents: [backend-system-architect, code-quality-reviewer, studio-coach] keywords: [CI/CD, deployment, Docker, Kubernetes, pipeline, infrastructure, GitOps, container, automation, release] author: OrchestKit user-invocable: false

DevOps & Deployment Skill

Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.

Overview

• Setting up CI/CD pipelines
• Containerizing applications
• Deploying to Kubernetes or cloud platforms
• Implementing GitOps workflows
• Managing infrastructure as code
• Planning release strategies

Pipeline Architecture

Copy┌─────────────┐   ┌─────────────┐   ┌─────────────┐   ┌─────────────┐
│    Code     │──>│    Build    │──>│    Test     │──>│   Deploy    │
│   Commit    │   │   & Lint    │   │   & Scan    │   │  & Release  │
└─────────────┘   └─────────────┘   └─────────────┘   └─────────────┘
       │                 │                 │                 │
       v                 v                 v                 v
   Triggers         Artifacts          Reports          Monitoring

Key Concepts

CI/CD Pipeline Stages

1. Lint & Type Check - Code quality gates
2. Unit Tests - Test coverage with reporting
3. Security Scan - npm audit + Trivy vulnerability scanner
4. Build & Push - Docker image to container registry
5. Deploy Staging - Environment-gated deployment
6. Deploy Production - Manual approval or automated

Container Best Practices

Multi-stage builds minimize image size:

• Stage 1: Install production dependencies only
• Stage 2: Build application with dev dependencies
• Stage 3: Production runtime with minimal footprint

Security hardening:

• Non-root user (uid 1001)
• Read-only filesystem where possible
• Health checks for orchestrator integration

Kubernetes Deployment

Essential manifests:

• Deployment with rolling update strategy
• Service for internal routing
• Ingress for external access with TLS
• HorizontalPodAutoscaler for scaling

Security context:

• runAsNonRoot: true
• allowPrivilegeEscalation: false
• readOnlyRootFilesystem: true
• Drop all capabilities

Deployment Strategies

Rolling Update (Kubernetes default):

Copystrategy:
  type: RollingUpdate
  rollingUpdate:
    maxSurge: 25%
    maxUnavailable: 0  # Zero downtime

Secrets Management

Use External Secrets Operator to sync from cloud providers:

• AWS Secrets Manager
• HashiCorp Vault
• Azure Key Vault
• GCP Secret Manager

---

References

Docker Patterns

See: references/docker-patterns.md

Key topics covered:

• Multi-stage build examples with 78% size reduction
• Layer caching optimization
• Security hardening (non-root, health checks)
• Trivy vulnerability scanning
• Docker Compose development setup

CI/CD Pipelines

See: references/ci-cd-pipelines.md

Key topics covered:

• Branch strategy (Git Flow)
• GitHub Actions caching (85% time savings)
• Artifact management
• Matrix testing
• Complete backend CI/CD example

Kubernetes Basics

See: references/kubernetes-basics.md

Key topics covered:

• Health probes (startup, liveness, readiness)
• Security context configuration
• PodDisruptionBudget
• Resource quotas
• StatefulSets for databases
• Helm chart structure

Environment Management

See: references/environment-management.md

Key topics covered:

• External Secrets Operator
• GitOps with ArgoCD
• Terraform patterns (remote state, modules)
• Zero-downtime database migrations
• Alembic migration workflow
• Rollback procedures

Observability

See: references/observability.md

Key topics covered:

• Prometheus metrics exposition
• Grafana dashboard queries (PromQL)
• Alerting rules for SLOs
• Golden signals (SRE)
• Structured logging
• Distributed tracing (OpenTelemetry)

Deployment Strategies

See: references/deployment-strategies.md

Key topics covered:

• Rolling deployment
• Blue-green deployment
• Canary releases
• Traffic splitting with Istio

---

Deployment Checklist

Pre-Deployment

• All tests passing in CI
• Security scans clean
• Database migrations ready
• Rollback plan documented

During Deployment

• Monitor deployment progress
• Watch error rates
• Verify health checks passing

Post-Deployment

• Verify metrics normal
• Check logs for errors
• Update status page

---

Helm Chart Structure

Copycharts/app/
├── Chart.yaml
├── values.yaml
├── scripts/
│   ├── deployment.yaml
│   ├── service.yaml
│   ├── ingress.yaml
│   ├── configmap.yaml
│   ├── secret.yaml
│   ├── hpa.yaml
│   └── _helpers.tpl
└── values/
    ├── staging.yaml
    └── production.yaml

---

Related Skills

• zero-downtime-migration - Database migration patterns for zero-downtime deployments
• security-scanning - Security scanning integration for CI/CD pipelines
• observability-monitoring - Monitoring and alerting for deployed applications
• alembic-migrations - Python/Alembic migration workflow for backend deployments

Key Decisions

---

Extended Thinking Triggers

Use Opus 4.5 extended thinking for:

• Architecture decisions - Kubernetes vs serverless, multi-region setup
• Migration planning - Moving between cloud providers
• Incident response - Complex deployment failures
• Security design - Zero-trust architecture

---

Templates Reference

---

Capability Details

ci-cd

Keywords: ci, cd, pipeline, github actions, gitlab ci, jenkins, workflow Solves:

• How do I set up CI/CD?
• GitHub Actions workflow patterns
• Pipeline caching strategies
• Matrix testing setup

docker

Keywords: docker, dockerfile, container, image, build, compose, multi-stage Solves:

• How do I containerize my app?
• Multi-stage Dockerfile best practices
• Docker Compose development setup
• Container security hardening

kubernetes

Keywords: kubernetes, k8s, deployment, service, ingress, helm, statefulset, pdb Solves:

• How do I deploy to Kubernetes?
• K8s health probes and resource limits
• Helm chart structure
• StatefulSet for databases

infrastructure-as-code

Keywords: terraform, pulumi, iac, infrastructure, provision, gitops, argocd Solves:

• How do I set up infrastructure as code?
• Terraform AWS patterns (VPC, EKS, RDS)
• GitOps with ArgoCD
• Secrets management patterns

deployment-strategies

Keywords: blue green, canary, rolling, deployment strategy, rollback, zero downtime Solves:

• Which deployment strategy should I use?
• Zero-downtime database migrations
• Blue-green deployment setup
• Canary release with traffic splitting

observability

Keywords: prometheus, grafana, metrics, alerting, monitoring, health check Solves:

• How do I add monitoring to my app?
• Prometheus metrics exposition
• Grafana dashboard queries
• Alerting rules for SLOs