firefrost-gaming/antigravity-skills-reference
3
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

feat(bundles): add editorial bundle plugins

Browse Source
This commit is contained in:
sickn33
2026-03-27 08:48:03 +01:00
parent 8eff08b706
commit dffac91d3b
1052 changed files with 212282 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
plugins/antigravity-bundle-devops-cloud/.codex-plugin/plugin.json Normal file
View File

@@ -0,0 +1,33 @@
{
"name": "antigravity-bundle-devops-cloud",
"version": "8.10.0",
"description": "Install the \"DevOps & Cloud\" editorial skill bundle from Antigravity Awesome Skills.",
"author": {
"name": "sickn33 and contributors",
"url": "https://github.com/sickn33/antigravity-awesome-skills"
},
"homepage": "https://github.com/sickn33/antigravity-awesome-skills",
"repository": "https://github.com/sickn33/antigravity-awesome-skills",
"license": "MIT",
"keywords": [
"codex",
"skills",
"bundle",
"devops-cloud",
"productivity"
],
"skills": "./skills/",
"interface": {
"displayName": "DevOps & Cloud",
"shortDescription": "DevOps & Infrastructure · 7 curated skills",
"longDescription": "For infrastructure and scaling. Covers Docker Expert, AWS Serverless, and 5 more skills.",
"developerName": "sickn33 and contributors",
"category": "DevOps & Infrastructure",
"capabilities": [
"Interactive",
"Write"
],
"websiteURL": "https://github.com/sickn33/antigravity-awesome-skills",
"brandColor": "#111827"
}
}

328
plugins/antigravity-bundle-devops-cloud/skills/aws-serverless/SKILL.md Normal file
View File

@@ -0,0 +1,328 @@
---
name: aws-serverless
description: "Proper Lambda function structure with error handling"
risk: unknown
source: "vibeship-spawner-skills (Apache 2.0)"
date_added: "2026-02-27"
---
# AWS Serverless
## Patterns
### Lambda Handler Pattern
Proper Lambda function structure with error handling
**When to use**: ['Any Lambda function implementation', 'API handlers, event processors, scheduled tasks']
```python
```javascript
// Node.js Lambda Handler
// handler.js
// Initialize outside handler (reused across invocations)
const { DynamoDBClient } = require('@aws-sdk/client-dynamodb');
const { DynamoDBDocumentClient, GetCommand } = require('@aws-sdk/lib-dynamodb');
const client = new DynamoDBClient({});
const docClient = DynamoDBDocumentClient.from(client);
// Handler function
exports.handler = async (event, context) => {
// Optional: Don't wait for event loop to clear (Node.js)
context.callbackWaitsForEmptyEventLoop = false;
try {
// Parse input based on event source
const body = typeof event.body === 'string'
? JSON.parse(event.body)
: event.body;
// Business logic
const result = await processRequest(body);
// Return API Gateway compatible response
return {
statusCode: 200,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*'
},
body: JSON.stringify(result)
};
} catch (error) {
console.error('Error:', JSON.stringify({
error: error.message,
stack: error.stack,
requestId: context.awsRequestId
}));
return {
statusCode: error.statusCode || 500,
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
error: error.message || 'Internal server error'
})
};
}
};
async function processRequest(data) {
// Your business logic here
const result = await docClient.send(new GetCommand({
TableName: process.env.TABLE_NAME,
Key: { id: data.id }
}));
return result.Item;
}
```
```python
# Python Lambda Handler
# handler.py
import json
import os
import logging
import boto3
from botocore.exceptions import ClientError
# Initialize outside handler (reused across invocations)
logger = logging.getLogger()
logger.setLevel(logging.INFO)
dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table(os.environ['TABLE_NAME'])
def handler(event, context):
try:
# Parse i
```
### API Gateway Integration Pattern
REST API and HTTP API integration with Lambda
**When to use**: ['Building REST APIs backed by Lambda', 'Need HTTP endpoints for functions']
```javascript
```yaml
# template.yaml (SAM)
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Globals:
Function:
Runtime: nodejs20.x
Timeout: 30
MemorySize: 256
Environment:
Variables:
TABLE_NAME: !Ref ItemsTable
Resources:
# HTTP API (recommended for simple use cases)
HttpApi:
Type: AWS::Serverless::HttpApi
Properties:
StageName: prod
CorsConfiguration:
AllowOrigins:
- "*"
AllowMethods:
- GET
- POST
- DELETE
AllowHeaders:
- "*"
# Lambda Functions
GetItemFunction:
Type: AWS::Serverless::Function
Properties:
Handler: src/handlers/get.handler
Events:
GetItem:
Type: HttpApi
Properties:
ApiId: !Ref HttpApi
Path: /items/{id}
Method: GET
Policies:
- DynamoDBReadPolicy:
TableName: !Ref ItemsTable
CreateItemFunction:
Type: AWS::Serverless::Function
Properties:
Handler: src/handlers/create.handler
Events:
CreateItem:
Type: HttpApi
Properties:
ApiId: !Ref HttpApi
Path: /items
Method: POST
Policies:
- DynamoDBCrudPolicy:
TableName: !Ref ItemsTable
# DynamoDB Table
ItemsTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
BillingMode: PAY_PER_REQUEST
Outputs:
ApiUrl:
Value: !Sub "https://${HttpApi}.execute-api.${AWS::Region}.amazonaws.com/prod"
```
```javascript
// src/handlers/get.js
const { getItem } = require('../lib/dynamodb');
exports.handler = async (event) => {
const id = event.pathParameters?.id;
if (!id) {
return {
statusCode: 400,
body: JSON.stringify({ error: 'Missing id parameter' })
};
}
const item =
```
### Event-Driven SQS Pattern
Lambda triggered by SQS for reliable async processing
**When to use**: ['Decoupled, asynchronous processing', 'Need retry logic and DLQ', 'Processing messages in batches']
```python
```yaml
# template.yaml
Resources:
ProcessorFunction:
Type: AWS::Serverless::Function
Properties:
Handler: src/handlers/processor.handler
Events:
SQSEvent:
Type: SQS
Properties:
Queue: !GetAtt ProcessingQueue.Arn
BatchSize: 10
FunctionResponseTypes:
- ReportBatchItemFailures # Partial batch failure handling
ProcessingQueue:
Type: AWS::SQS::Queue
Properties:
VisibilityTimeout: 180 # 6x Lambda timeout
RedrivePolicy:
deadLetterTargetArn: !GetAtt DeadLetterQueue.Arn
maxReceiveCount: 3
DeadLetterQueue:
Type: AWS::SQS::Queue
Properties:
MessageRetentionPeriod: 1209600 # 14 days
```
```javascript
// src/handlers/processor.js
exports.handler = async (event) => {
const batchItemFailures = [];
for (const record of event.Records) {
try {
const body = JSON.parse(record.body);
await processMessage(body);
} catch (error) {
console.error(`Failed to process message ${record.messageId}:`, error);
// Report this item as failed (will be retried)
batchItemFailures.push({
itemIdentifier: record.messageId
});
}
}
// Return failed items for retry
return { batchItemFailures };
};
async function processMessage(message) {
// Your processing logic
console.log('Processing:', message);
// Simulate work
await saveToDatabase(message);
}
```
```python
# Python version
import json
import logging
logger = logging.getLogger()
def handler(event, context):
batch_item_failures = []
for record in event['Records']:
try:
body = json.loads(record['body'])
process_message(body)
except Exception as e:
logger.error(f"Failed to process {record['messageId']}: {e}")
batch_item_failures.append({
'itemIdentifier': record['messageId']
})
return {'batchItemFailures': batch_ite
```
## Anti-Patterns
### ❌ Monolithic Lambda
**Why bad**: Large deployment packages cause slow cold starts.
Hard to scale individual operations.
Updates affect entire system.
### ❌ Large Dependencies
**Why bad**: Increases deployment package size.
Slows down cold starts significantly.
Most of SDK/library may be unused.
### ❌ Synchronous Calls in VPC
**Why bad**: VPC-attached Lambdas have ENI setup overhead.
Blocking DNS lookups or connections worsen cold starts.
## ⚠️ Sharp Edges
| Issue | Severity | Solution |
|-------|----------|----------|
| Issue | high | ## Measure your INIT phase |
| Issue | high | ## Set appropriate timeout |
| Issue | high | ## Increase memory allocation |
| Issue | medium | ## Verify VPC configuration |
| Issue | medium | ## Tell Lambda not to wait for event loop |
| Issue | medium | ## For large file uploads |
| Issue | high | ## Use different buckets/prefixes |
## When to Use
This skill is applicable to execute the workflow or actions described in the overview.

204
plugins/antigravity-bundle-devops-cloud/skills/bash-linux/SKILL.md Normal file
View File

@@ -0,0 +1,204 @@
---
name: bash-linux
description: "Bash/Linux terminal patterns. Critical commands, piping, error handling, scripting. Use when working on macOS or Linux systems."
risk: unknown
source: community
date_added: "2026-02-27"
---
# Bash Linux Patterns
> Essential patterns for Bash on Linux/macOS.
---
## 1. Operator Syntax
### Chaining Commands
| Operator | Meaning | Example |
|----------|---------|---------|
| `;` | Run sequentially | `cmd1; cmd2` |
| `&&` | Run if previous succeeded | `npm install && npm run dev` |
| `\|\|` | Run if previous failed | `npm test \|\| echo "Tests failed"` |
| `\|` | Pipe output | `ls \| grep ".js"` |
---
## 2. File Operations
### Essential Commands
| Task | Command |
|------|---------|
| List all | `ls -la` |
| Find files | `find . -name "*.js" -type f` |
| File content | `cat file.txt` |
| First N lines | `head -n 20 file.txt` |
| Last N lines | `tail -n 20 file.txt` |
| Follow log | `tail -f log.txt` |
| Search in files | `grep -r "pattern" --include="*.js"` |
| File size | `du -sh *` |
| Disk usage | `df -h` |
---
## 3. Process Management
| Task | Command |
|------|---------|
| List processes | `ps aux` |
| Find by name | `ps aux \| grep node` |
| Kill by PID | `kill -9 <PID>` |
| Find port user | `lsof -i :3000` |
| Kill port | `kill -9 $(lsof -t -i :3000)` |
| Background | `npm run dev &` |
| Jobs | `jobs -l` |
| Bring to front | `fg %1` |
---
## 4. Text Processing
### Core Tools
| Tool | Purpose | Example |
|------|---------|---------|
| `grep` | Search | `grep -rn "TODO" src/` |
| `sed` | Replace | `sed -i 's/old/new/g' file.txt` |
| `awk` | Extract columns | `awk '{print $1}' file.txt` |
| `cut` | Cut fields | `cut -d',' -f1 data.csv` |
| `sort` | Sort lines | `sort -u file.txt` |
| `uniq` | Unique lines | `sort file.txt \| uniq -c` |
| `wc` | Count | `wc -l file.txt` |
---
## 5. Environment Variables
| Task | Command |
|------|---------|
| View all | `env` or `printenv` |
| View one | `echo $PATH` |
| Set temporary | `export VAR="value"` |
| Set in script | `VAR="value" command` |
| Add to PATH | `export PATH="$PATH:/new/path"` |
---
## 6. Network
| Task | Command |
|------|---------|
| Download | `curl -O https://example.com/file` |
| API request | `curl -X GET https://api.example.com` |
| POST JSON | `curl -X POST -H "Content-Type: application/json" -d '{"key":"value"}' URL` |
| Check port | `nc -zv localhost 3000` |
| Network info | `ifconfig` or `ip addr` |
---
## 7. Script Template
```bash
#!/bin/bash
set -euo pipefail # Exit on error, undefined var, pipe fail
# Colors (optional)
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m'
# Script directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# Functions
log_info() { echo -e "${GREEN}[INFO]${NC} $1"; }
log_error() { echo -e "${RED}[ERROR]${NC} $1" >&2; }
# Main
main() {
log_info "Starting..."
# Your logic here
log_info "Done!"
}
main "$@"
```
---
## 8. Common Patterns
### Check if command exists
```bash
if command -v node &> /dev/null; then
echo "Node is installed"
fi
```
### Default variable value
```bash
NAME=${1:-"default_value"}
```
### Read file line by line
```bash
while IFS= read -r line; do
echo "$line"
done < file.txt
```
### Loop over files
```bash
for file in *.js; do
echo "Processing $file"
done
```
---
## 9. Differences from PowerShell
| Task | PowerShell | Bash |
|------|------------|------|
| List files | `Get-ChildItem` | `ls -la` |
| Find files | `Get-ChildItem -Recurse` | `find . -type f` |
| Environment | `$env:VAR` | `$VAR` |
| String concat | `"$a$b"` | `"$a$b"` (same) |
| Null check | `if ($x)` | `if [ -n "$x" ]` |
| Pipeline | Object-based | Text-based |
---
## 10. Error Handling
### Set options
```bash
set -e # Exit on error
set -u # Exit on undefined variable
set -o pipefail # Exit on pipe failure
set -x # Debug: print commands
```
### Trap for cleanup
```bash
cleanup() {
echo "Cleaning up..."
rm -f /tmp/tempfile
}
trap cleanup EXIT
```
---
> **Remember:** Bash is text-based. Use `&&` for success chains, `set -e` for safety, and quote your variables!
## When to Use
This skill is applicable to execute the workflow or actions described in the overview.

246
plugins/antigravity-bundle-devops-cloud/skills/deployment-procedures/SKILL.md Normal file
View File

@@ -0,0 +1,246 @@
---
name: deployment-procedures
description: "Production deployment principles and decision-making. Safe deployment workflows, rollback strategies, and verification. Teaches thinking, not scripts."
risk: unknown
source: community
date_added: "2026-02-27"
---
# Deployment Procedures
> Deployment principles and decision-making for safe production releases.
> **Learn to THINK, not memorize scripts.**
---
## ⚠️ How to Use This Skill
This skill teaches **deployment principles**, not bash scripts to copy.
- Every deployment is unique
- Understand the WHY behind each step
- Adapt procedures to your platform
---
## 1. Platform Selection
### Decision Tree
```
What are you deploying?
├── Static site / JAMstack
│ └── Vercel, Netlify, Cloudflare Pages
├── Simple web app
│ ├── Managed → Railway, Render, Fly.io
│ └── Control → VPS + PM2/Docker
├── Microservices
│ └── Container orchestration
└── Serverless
└── Edge functions, Lambda
```
### Each Platform Has Different Procedures
| Platform | Deployment Method |
|----------|------------------|
| **Vercel/Netlify** | Git push, auto-deploy |
| **Railway/Render** | Git push or CLI |
| **VPS + PM2** | SSH + manual steps |
| **Docker** | Image push + orchestration |
| **Kubernetes** | kubectl apply |
---
## 2. Pre-Deployment Principles
### The 4 Verification Categories
| Category | What to Check |
|----------|--------------|
| **Code Quality** | Tests passing, linting clean, reviewed |
| **Build** | Production build works, no warnings |
| **Environment** | Env vars set, secrets current |
| **Safety** | Backup done, rollback plan ready |
### Pre-Deployment Checklist
- [ ] All tests passing
- [ ] Code reviewed and approved
- [ ] Production build successful
- [ ] Environment variables verified
- [ ] Database migrations ready (if any)
- [ ] Rollback plan documented
- [ ] Team notified
- [ ] Monitoring ready
---
## 3. Deployment Workflow Principles
### The 5-Phase Process
```
1. PREPARE
└── Verify code, build, env vars
2. BACKUP
└── Save current state before changing
3. DEPLOY
└── Execute with monitoring open
4. VERIFY
└── Health check, logs, key flows
5. CONFIRM or ROLLBACK
└── All good? Confirm. Issues? Rollback.
```
### Phase Principles
| Phase | Principle |
|-------|-----------|
| **Prepare** | Never deploy untested code |
| **Backup** | Can't rollback without backup |
| **Deploy** | Watch it happen, don't walk away |
| **Verify** | Trust but verify |
| **Confirm** | Have rollback trigger ready |
---
## 4. Post-Deployment Verification
### What to Verify
| Check | Why |
|-------|-----|
| **Health endpoint** | Service is running |
| **Error logs** | No new errors |
| **Key user flows** | Critical features work |
| **Performance** | Response times acceptable |
### Verification Window
- **First 5 minutes**: Active monitoring
- **15 minutes**: Confirm stable
- **1 hour**: Final verification
- **Next day**: Review metrics
---
## 5. Rollback Principles
### When to Rollback
| Symptom | Action |
|---------|--------|
| Service down | Rollback immediately |
| Critical errors | Rollback |
| Performance >50% degraded | Consider rollback |
| Minor issues | Fix forward if quick |
### Rollback Strategy by Platform
| Platform | Rollback Method |
|----------|----------------|
| **Vercel/Netlify** | Redeploy previous commit |
| **Railway/Render** | Rollback in dashboard |
| **VPS + PM2** | Restore backup, restart |
| **Docker** | Previous image tag |
| **K8s** | kubectl rollout undo |
### Rollback Principles
1. **Speed over perfection**: Rollback first, debug later
2. **Don't compound errors**: One rollback, not multiple changes
3. **Communicate**: Tell team what happened
4. **Post-mortem**: Understand why after stable
---
## 6. Zero-Downtime Deployment
### Strategies
| Strategy | How It Works |
|----------|--------------|
| **Rolling** | Replace instances one by one |
| **Blue-Green** | Switch traffic between environments |
| **Canary** | Gradual traffic shift |
### Selection Principles
| Scenario | Strategy |
|----------|----------|
| Standard release | Rolling |
| High-risk change | Blue-green (easy rollback) |
| Need validation | Canary (test with real traffic) |
---
## 7. Emergency Procedures
### Service Down Priority
1. **Assess**: What's the symptom?
2. **Quick fix**: Restart if unclear
3. **Rollback**: If restart doesn't help
4. **Investigate**: After stable
### Investigation Order
| Check | Common Issues |
|-------|--------------|
| **Logs** | Errors, exceptions |
| **Resources** | Disk full, memory |
| **Network** | DNS, firewall |
| **Dependencies** | Database, APIs |
---
## 8. Anti-Patterns
| ❌ Don't | ✅ Do |
|----------|-------|
| Deploy on Friday | Deploy early in week |
| Rush deployment | Follow the process |
| Skip staging | Always test first |
| Deploy without backup | Backup before deploy |
| Walk away after deploy | Monitor for 15+ min |
| Multiple changes at once | One change at a time |
---
## 9. Decision Checklist
Before deploying:
- [ ] **Platform-appropriate procedure?**
- [ ] **Backup strategy ready?**
- [ ] **Rollback plan documented?**
- [ ] **Monitoring configured?**
- [ ] **Team notified?**
- [ ] **Time to monitor after?**
---
## 10. Best Practices
1. **Small, frequent deploys** over big releases
2. **Feature flags** for risky changes
3. **Automate** repetitive steps
4. **Document** every deployment
5. **Review** what went wrong after issues
6. **Test rollback** before you need it
---
> **Remember:** Every deployment is a risk. Minimize risk through preparation, not speed.
## When to Use
This skill is applicable to execute the workflow or actions described in the overview.

413
plugins/antigravity-bundle-devops-cloud/skills/docker-expert/SKILL.md Normal file
View File

@@ -0,0 +1,413 @@
---
name: docker-expert
description: "You are an advanced Docker containerization expert with comprehensive, practical knowledge of container optimization, security hardening, multi-stage builds, orchestration patterns, and production deployment strategies based on current industry best practices."
category: devops
risk: unknown
source: community
date_added: "2026-02-27"
---
# Docker Expert
You are an advanced Docker containerization expert with comprehensive, practical knowledge of container optimization, security hardening, multi-stage builds, orchestration patterns, and production deployment strategies based on current industry best practices.
## When invoked:
0. If the issue requires ultra-specific expertise outside Docker, recommend switching and stop:
- Kubernetes orchestration, pods, services, ingress → kubernetes-expert (future)
- GitHub Actions CI/CD with containers → github-actions-expert
- AWS ECS/Fargate or cloud-specific container services → devops-expert
- Database containerization with complex persistence → database-expert
Example to output:
"This requires Kubernetes orchestration expertise. Please invoke: 'Use the kubernetes-expert subagent.' Stopping here."
1. Analyze container setup comprehensively:
**Use internal tools first (Read, Grep, Glob) for better performance. Shell commands are fallbacks.**
```bash
# Docker environment detection
docker --version 2>/dev/null || echo "No Docker installed"
docker info | grep -E "Server Version|Storage Driver|Container Runtime" 2>/dev/null
docker context ls 2>/dev/null | head -3
# Project structure analysis
find . -name "Dockerfile*" -type f | head -10
find . -name "*compose*.yml" -o -name "*compose*.yaml" -type f | head -5
find . -name ".dockerignore" -type f | head -3
# Container status if running
docker ps --format "table {{.Names}}\t{{.Image}}\t{{.Status}}" 2>/dev/null | head -10
docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" 2>/dev/null | head -10
```
**After detection, adapt approach:**
- Match existing Dockerfile patterns and base images
- Respect multi-stage build conventions
- Consider development vs production environments
- Account for existing orchestration setup (Compose/Swarm)
2. Identify the specific problem category and complexity level
3. Apply the appropriate solution strategy from my expertise
4. Validate thoroughly:
```bash
# Build and security validation
docker build --no-cache -t test-build . 2>/dev/null && echo "Build successful"
docker history test-build --no-trunc 2>/dev/null | head -5
docker scout quickview test-build 2>/dev/null || echo "No Docker Scout"
# Runtime validation
docker run --rm -d --name validation-test test-build 2>/dev/null
docker exec validation-test ps aux 2>/dev/null | head -3
docker stop validation-test 2>/dev/null
# Compose validation
docker-compose config 2>/dev/null && echo "Compose config valid"
```
## Core Expertise Areas
### 1. Dockerfile Optimization & Multi-Stage Builds
**High-priority patterns I address:**
- **Layer caching optimization**: Separate dependency installation from source code copying
- **Multi-stage builds**: Minimize production image size while keeping build flexibility
- **Build context efficiency**: Comprehensive .dockerignore and build context management
- **Base image selection**: Alpine vs distroless vs scratch image strategies
**Key techniques:**
```dockerfile
# Optimized multi-stage pattern
FROM node:18-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production && npm cache clean --force
FROM node:18-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build && npm prune --production
FROM node:18-alpine AS runtime
RUN addgroup -g 1001 -S nodejs && adduser -S nextjs -u 1001
WORKDIR /app
COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules
COPY --from=build --chown=nextjs:nodejs /app/dist ./dist
COPY --from=build --chown=nextjs:nodejs /app/package*.json ./
USER nextjs
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD curl -f http://localhost:3000/health || exit 1
CMD ["node", "dist/index.js"]
```
### 2. Container Security Hardening
**Security focus areas:**
- **Non-root user configuration**: Proper user creation with specific UID/GID
- **Secrets management**: Docker secrets, build-time secrets, avoiding env vars
- **Base image security**: Regular updates, minimal attack surface
- **Runtime security**: Capability restrictions, resource limits
**Security patterns:**
```dockerfile
# Security-hardened container
FROM node:18-alpine
RUN addgroup -g 1001 -S appgroup && \
adduser -S appuser -u 1001 -G appgroup
WORKDIR /app
COPY --chown=appuser:appgroup package*.json ./
RUN npm ci --only=production
COPY --chown=appuser:appgroup . .
USER 1001
# Drop capabilities, set read-only root filesystem
```
### 3. Docker Compose Orchestration
**Orchestration expertise:**
- **Service dependency management**: Health checks, startup ordering
- **Network configuration**: Custom networks, service discovery
- **Environment management**: Dev/staging/prod configurations
- **Volume strategies**: Named volumes, bind mounts, data persistence
**Production-ready compose pattern:**
```yaml
version: '3.8'
services:
app:
build:
context: .
target: production
depends_on:
db:
condition: service_healthy
networks:
- frontend
- backend
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
deploy:
resources:
limits:
cpus: '0.5'
memory: 512M
reservations:
cpus: '0.25'
memory: 256M
db:
image: postgres:15-alpine
environment:
POSTGRES_DB_FILE: /run/secrets/db_name
POSTGRES_USER_FILE: /run/secrets/db_user
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_name
- db_user
- db_password
volumes:
- postgres_data:/var/lib/postgresql/data
networks:
- backend
healthcheck:
test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER}"]
interval: 10s
timeout: 5s
retries: 5
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true
volumes:
postgres_data:
secrets:
db_name:
external: true
db_user:
external: true
db_password:
external: true
```
### 4. Image Size Optimization
**Size reduction strategies:**
- **Distroless images**: Minimal runtime environments
- **Build artifact optimization**: Remove build tools and cache
- **Layer consolidation**: Combine RUN commands strategically
- **Multi-stage artifact copying**: Only copy necessary files
**Optimization techniques:**
```dockerfile
# Minimal production image
FROM gcr.io/distroless/nodejs18-debian11
COPY --from=build /app/dist /app
COPY --from=build /app/node_modules /app/node_modules
WORKDIR /app
EXPOSE 3000
CMD ["index.js"]
```
### 5. Development Workflow Integration
**Development patterns:**
- **Hot reloading setup**: Volume mounting and file watching
- **Debug configuration**: Port exposure and debugging tools
- **Testing integration**: Test-specific containers and environments
- **Development containers**: Remote development container support via CLI tools
**Development workflow:**
```yaml
# Development override
services:
app:
build:
context: .
target: development
volumes:
- .:/app
- /app/node_modules
- /app/dist
environment:
- NODE_ENV=development
- DEBUG=app:*
ports:
- "9229:9229" # Debug port
command: npm run dev
```
### 6. Performance & Resource Management
**Performance optimization:**
- **Resource limits**: CPU, memory constraints for stability
- **Build performance**: Parallel builds, cache utilization
- **Runtime performance**: Process management, signal handling
- **Monitoring integration**: Health checks, metrics exposure
**Resource management:**
```yaml
services:
app:
deploy:
resources:
limits:
cpus: '1.0'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 3
window: 120s
```
## Advanced Problem-Solving Patterns
### Cross-Platform Builds
```bash
# Multi-architecture builds
docker buildx create --name multiarch-builder --use
docker buildx build --platform linux/amd64,linux/arm64 \
-t myapp:latest --push .
```
### Build Cache Optimization
```dockerfile
# Mount build cache for package managers
FROM node:18-alpine AS deps
WORKDIR /app
COPY package*.json ./
RUN --mount=type=cache,target=/root/.npm \
npm ci --only=production
```
### Secrets Management
```dockerfile
# Build-time secrets (BuildKit)
FROM alpine
RUN --mount=type=secret,id=api_key \
API_KEY=$(cat /run/secrets/api_key) && \
# Use API_KEY for build process
```
### Health Check Strategies
```dockerfile
# Sophisticated health monitoring
COPY health-check.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/health-check.sh
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
CMD ["/usr/local/bin/health-check.sh"]
```
## Code Review Checklist
When reviewing Docker configurations, focus on:
### Dockerfile Optimization & Multi-Stage Builds
- [ ] Dependencies copied before source code for optimal layer caching
- [ ] Multi-stage builds separate build and runtime environments
- [ ] Production stage only includes necessary artifacts
- [ ] Build context optimized with comprehensive .dockerignore
- [ ] Base image selection appropriate (Alpine vs distroless vs scratch)
- [ ] RUN commands consolidated to minimize layers where beneficial
### Container Security Hardening
- [ ] Non-root user created with specific UID/GID (not default)
- [ ] Container runs as non-root user (USER directive)
- [ ] Secrets managed properly (not in ENV vars or layers)
- [ ] Base images kept up-to-date and scanned for vulnerabilities
- [ ] Minimal attack surface (only necessary packages installed)
- [ ] Health checks implemented for container monitoring
### Docker Compose & Orchestration
- [ ] Service dependencies properly defined with health checks
- [ ] Custom networks configured for service isolation
- [ ] Environment-specific configurations separated (dev/prod)
- [ ] Volume strategies appropriate for data persistence needs
- [ ] Resource limits defined to prevent resource exhaustion
- [ ] Restart policies configured for production resilience
### Image Size & Performance
- [ ] Final image size optimized (avoid unnecessary files/tools)
- [ ] Build cache optimization implemented
- [ ] Multi-architecture builds considered if needed
- [ ] Artifact copying selective (only required files)
- [ ] Package manager cache cleaned in same RUN layer
### Development Workflow Integration
- [ ] Development targets separate from production
- [ ] Hot reloading configured properly with volume mounts
- [ ] Debug ports exposed when needed
- [ ] Environment variables properly configured for different stages
- [ ] Testing containers isolated from production builds
### Networking & Service Discovery
- [ ] Port exposure limited to necessary services
- [ ] Service naming follows conventions for discovery
- [ ] Network security implemented (internal networks for backend)
- [ ] Load balancing considerations addressed
- [ ] Health check endpoints implemented and tested
## Common Issue Diagnostics
### Build Performance Issues
**Symptoms**: Slow builds (10+ minutes), frequent cache invalidation
**Root causes**: Poor layer ordering, large build context, no caching strategy
**Solutions**: Multi-stage builds, .dockerignore optimization, dependency caching
### Security Vulnerabilities
**Symptoms**: Security scan failures, exposed secrets, root execution
**Root causes**: Outdated base images, hardcoded secrets, default user
**Solutions**: Regular base updates, secrets management, non-root configuration
### Image Size Problems
**Symptoms**: Images over 1GB, deployment slowness
**Root causes**: Unnecessary files, build tools in production, poor base selection
**Solutions**: Distroless images, multi-stage optimization, artifact selection
### Networking Issues
**Symptoms**: Service communication failures, DNS resolution errors
**Root causes**: Missing networks, port conflicts, service naming
**Solutions**: Custom networks, health checks, proper service discovery
### Development Workflow Problems
**Symptoms**: Hot reload failures, debugging difficulties, slow iteration
**Root causes**: Volume mounting issues, port configuration, environment mismatch
**Solutions**: Development-specific targets, proper volume strategy, debug configuration
## Integration & Handoff Guidelines
**When to recommend other experts:**
- **Kubernetes orchestration** → kubernetes-expert: Pod management, services, ingress
- **CI/CD pipeline issues** → github-actions-expert: Build automation, deployment workflows
- **Database containerization** → database-expert: Complex persistence, backup strategies
- **Application-specific optimization** → Language experts: Code-level performance issues
- **Infrastructure automation** → devops-expert: Terraform, cloud-specific deployments
**Collaboration patterns:**
- Provide Docker foundation for DevOps deployment automation
- Create optimized base images for language-specific experts
- Establish container standards for CI/CD integration
- Define security baselines for production orchestration
I provide comprehensive Docker containerization expertise with focus on practical optimization, security hardening, and production-ready patterns. My solutions emphasize performance, maintainability, and security best practices for modern container workflows.
## When to Use
This skill is applicable to execute the workflow or actions described in the overview.

482
plugins/antigravity-bundle-devops-cloud/skills/environment-setup-guide/SKILL.md Normal file
View File

@@ -0,0 +1,482 @@
---
name: environment-setup-guide
description: "Guide developers through setting up development environments with proper tools, dependencies, and configurations"
risk: unknown
source: community
date_added: "2026-02-27"
---
# Environment Setup Guide
## Overview
Help developers set up complete development environments from scratch. This skill provides step-by-step guidance for installing tools, configuring dependencies, setting up environment variables, and verifying the setup works correctly.
## When to Use This Skill
- Use when starting a new project and need to set up the development environment
- Use when onboarding new team members to a project
- Use when switching to a new machine or operating system
- Use when troubleshooting environment-related issues
- Use when documenting setup instructions for a project
- Use when creating development environment documentation
## How It Works
### Step 1: Identify Requirements
I'll help you determine what needs to be installed:
- Programming language and version (Node.js, Python, Go, etc.)
- Package managers (npm, pip, cargo, etc.)
- Database systems (PostgreSQL, MongoDB, Redis, etc.)
- Development tools (Git, Docker, IDE extensions, etc.)
- Environment variables and configuration files
### Step 2: Check Current Setup
Before installing anything, I'll help you check what's already installed:
```bash
# Check versions of installed tools
node --version
python --version
git --version
docker --version
```
### Step 3: Provide Installation Instructions
I'll give platform-specific installation commands:
- **macOS:** Using Homebrew
- **Linux:** Using apt, yum, or package manager
- **Windows:** Using Chocolatey, Scoop, or direct installers
### Step 4: Configure the Environment
Help set up:
- Environment variables (.env files)
- Configuration files (.gitconfig, .npmrc, etc.)
- IDE settings (VS Code, IntelliJ, etc.)
- Shell configuration (.bashrc, .zshrc, etc.)
### Step 5: Verify Installation
Provide verification steps to ensure everything works:
- Run version checks
- Test basic commands
- Verify database connections
- Check environment variables are loaded
## Examples
### Example 1: Node.js Project Setup
```markdown
## Setting Up Node.js Development Environment
### Prerequisites
- macOS, Linux, or Windows
- Terminal/Command Prompt access
- Internet connection
### Step 1: Install Node.js
**macOS (using Homebrew):**
\`\`\`bash
# Install Homebrew if not installed
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install Node.js
brew install node
\`\`\`
**Linux (Ubuntu/Debian):**
\`\`\`bash
# Update package list
sudo apt update
# Install Node.js and npm
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt install -y nodejs
\`\`\`
**Windows (using Chocolatey):**
\`\`\`powershell
# Install Chocolatey if not installed
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
# Install Node.js
choco install nodejs
\`\`\`
### Step 2: Verify Installation
\`\`\`bash
node --version # Should show v20.x.x or higher
npm --version # Should show 10.x.x or higher
\`\`\`
### Step 3: Install Project Dependencies
\`\`\`bash
# Clone the repository
git clone https://github.com/your-repo/project.git
cd project
# Install dependencies
npm install
\`\`\`
### Step 4: Set Up Environment Variables
Create a \`.env\` file:
\`\`\`bash
# Copy example environment file
cp .env.example .env
# Edit with your values
nano .env
\`\`\`
Example \`.env\` content:
\`\`\`
NODE_ENV=development
PORT=3000
DATABASE_URL=postgresql://localhost:5432/mydb
API_KEY=your-api-key-here
\`\`\`
### Step 5: Run the Project
\`\`\`bash
# Start development server
npm run dev
# Should see: Server running on http://localhost:3000
\`\`\`
### Troubleshooting
**Problem:** "node: command not found"
**Solution:** Restart your terminal or run \`source ~/.bashrc\` (Linux) or \`source ~/.zshrc\` (macOS)
**Problem:** "Permission denied" errors
**Solution:** Don't use sudo with npm. Fix permissions:
\`\`\`bash
mkdir ~/.npm-global
npm config set prefix '~/.npm-global'
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrc
\`\`\`
```
### Example 2: Python Project Setup
```markdown
## Setting Up Python Development Environment
### Step 1: Install Python
**macOS:**
\`\`\`bash
brew install python@3.11
\`\`\`
**Linux:**
\`\`\`bash
sudo apt update
sudo apt install python3.11 python3.11-venv python3-pip
\`\`\`
**Windows:**
\`\`\`powershell
choco install python --version=3.11
\`\`\`
### Step 2: Verify Installation
\`\`\`bash
python3 --version # Should show Python 3.11.x
pip3 --version # Should show pip 23.x.x
\`\`\`
### Step 3: Create Virtual Environment
\`\`\`bash
# Navigate to project directory
cd my-project
# Create virtual environment
python3 -m venv venv
# Activate virtual environment
# macOS/Linux:
source venv/bin/activate
# Windows:
venv\Scripts\activate
\`\`\`
### Step 4: Install Dependencies
\`\`\`bash
# Install from requirements.txt
pip install -r requirements.txt
# Or install packages individually
pip install flask sqlalchemy python-dotenv
\`\`\`
### Step 5: Set Up Environment Variables
Create \`.env\` file:
\`\`\`
FLASK_APP=app.py
FLASK_ENV=development
DATABASE_URL=sqlite:///app.db
SECRET_KEY=your-secret-key-here
\`\`\`
### Step 6: Run the Application
\`\`\`bash
# Run Flask app
flask run
# Should see: Running on http://127.0.0.1:5000
\`\`\`
```
### Example 3: Docker Development Environment
```markdown
## Setting Up Docker Development Environment
### Step 1: Install Docker
**macOS:**
\`\`\`bash
brew install --cask docker
# Or download Docker Desktop from docker.com
\`\`\`
**Linux:**
\`\`\`bash
# Install Docker
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
# Add user to docker group
sudo usermod -aG docker $USER
newgrp docker
\`\`\`
**Windows:**
Download Docker Desktop from docker.com
### Step 2: Verify Installation
\`\`\`bash
docker --version # Should show Docker version 24.x.x
docker-compose --version # Should show Docker Compose version 2.x.x
\`\`\`
### Step 3: Create docker-compose.yml
\`\`\`yaml
version: '3.8'
services:
app:
build: .
ports:
- "3000:3000"
environment:
- NODE_ENV=development
- DATABASE_URL=postgresql://postgres:password@db:5432/mydb
volumes:
- .:/app
- /app/node_modules
depends_on:
- db
db:
image: postgres:15
environment:
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=password
- POSTGRES_DB=mydb
ports:
- "5432:5432"
volumes:
- postgres_data:/var/lib/postgresql/data
volumes:
postgres_data:
\`\`\`
### Step 4: Start Services
\`\`\`bash
# Build and start containers
docker-compose up -d
# View logs
docker-compose logs -f
# Stop services
docker-compose down
\`\`\`
### Step 5: Verify Services
\`\`\`bash
# Check running containers
docker ps
# Test database connection
docker-compose exec db psql -U postgres -d mydb
\`\`\`
```
## Best Practices
### ✅ Do This
- **Document Everything** - Write clear setup instructions
- **Use Version Managers** - nvm for Node, pyenv for Python
- **Create .env.example** - Show required environment variables
- **Test on Clean System** - Verify instructions work from scratch
- **Include Troubleshooting** - Document common issues and solutions
- **Use Docker** - For consistent environments across machines
- **Pin Versions** - Specify exact versions in package files
- **Automate Setup** - Create setup scripts when possible
- **Check Prerequisites** - List required tools before starting
- **Provide Verification Steps** - Help users confirm setup works
### ❌ Don't Do This
- **Don't Assume Tools Installed** - Always check and provide install instructions
- **Don't Skip Environment Variables** - Document all required variables
- **Don't Use Sudo with npm** - Fix permissions instead
- **Don't Forget Platform Differences** - Provide OS-specific instructions
- **Don't Leave Out Verification** - Always include test steps
- **Don't Use Global Installs** - Prefer local/virtual environments
- **Don't Ignore Errors** - Document how to handle common errors
- **Don't Skip Database Setup** - Include database initialization steps
## Common Pitfalls
### Problem: "Command not found" after installation
**Symptoms:** Installed tool but terminal doesn't recognize it
**Solution:**
- Restart terminal or source shell config
- Check PATH environment variable
- Verify installation location
```bash
# Check PATH
echo $PATH
# Add to PATH (example)
export PATH="/usr/local/bin:$PATH"
```
### Problem: Permission errors with npm/pip
**Symptoms:** "EACCES" or "Permission denied" errors
**Solution:**
- Don't use sudo
- Fix npm permissions or use nvm
- Use virtual environments for Python
```bash
# Fix npm permissions
mkdir ~/.npm-global
npm config set prefix '~/.npm-global'
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
```
### Problem: Port already in use
**Symptoms:** "Port 3000 is already in use"
**Solution:**
- Find and kill process using the port
- Use a different port
```bash
# Find process on port 3000
lsof -i :3000
# Kill process
kill -9 <PID>
# Or use different port
PORT=3001 npm start
```
### Problem: Database connection fails
**Symptoms:** "Connection refused" or "Authentication failed"
**Solution:**
- Verify database is running
- Check connection string
- Verify credentials
```bash
# Check if PostgreSQL is running
sudo systemctl status postgresql
# Test connection
psql -h localhost -U postgres -d mydb
```
## Setup Script Template
Create a `setup.sh` script to automate setup:
```bash
#!/bin/bash
echo "🚀 Setting up development environment..."
# Check prerequisites
command -v node >/dev/null 2>&1 || { echo "❌ Node.js not installed"; exit 1; }
command -v git >/dev/null 2>&1 || { echo "❌ Git not installed"; exit 1; }
echo "✅ Prerequisites check passed"
# Install dependencies
echo "📦 Installing dependencies..."
npm install
# Copy environment file
if [ ! -f .env ]; then
echo "📝 Creating .env file..."
cp .env.example .env
echo "⚠️ Please edit .env with your configuration"
fi
# Run database migrations
echo "🗄️ Running database migrations..."
npm run migrate
# Verify setup
echo "🔍 Verifying setup..."
npm run test:setup
echo "✅ Setup complete! Run 'npm run dev' to start"
```
## Related Skills
- `@brainstorming` - Plan environment requirements before setup
- `@systematic-debugging` - Debug environment issues
- `@doc-coauthoring` - Create setup documentation
- `@git-pushing` - Set up Git configuration
## Additional Resources
- [Node.js Installation Guide](https://nodejs.org/en/download/)
- [Python Virtual Environments](https://docs.python.org/3/tutorial/venv.html)
- [Docker Documentation](https://docs.docker.com/get-started/)
- [Homebrew (macOS)](https://brew.sh/)
- [Chocolatey (Windows)](https://chocolatey.org/)
- [nvm (Node Version Manager)](https://github.com/nvm-sh/nvm)
- [pyenv (Python Version Manager)](https://github.com/pyenv/pyenv)
---
**Pro Tip:** Create a `setup.sh` or `setup.ps1` script to automate the entire setup process. Test it on a clean system to ensure it works!

165
plugins/antigravity-bundle-devops-cloud/skills/kubernetes-architect/SKILL.md Normal file
View File

@@ -0,0 +1,165 @@
---
name: kubernetes-architect
description: Expert Kubernetes architect specializing in cloud-native infrastructure, advanced GitOps workflows (ArgoCD/Flux), and enterprise container orchestration.
risk: unknown
source: community
date_added: '2026-02-27'
---
You are a Kubernetes architect specializing in cloud-native infrastructure, modern GitOps workflows, and enterprise container orchestration at scale.
## Use this skill when
- Designing Kubernetes platform architecture or multi-cluster strategy
- Implementing GitOps workflows and progressive delivery
- Planning service mesh, security, or multi-tenancy patterns
- Improving reliability, cost, or developer experience in K8s
## Do not use this skill when
- You only need a local dev cluster or single-node setup
- You are troubleshooting application code without platform changes
- You are not using Kubernetes or container orchestration
## Instructions
1. Gather workload requirements, compliance needs, and scale targets.
2. Define cluster topology, networking, and security boundaries.
3. Choose GitOps tooling and delivery strategy for rollouts.
4. Validate with staging and define rollback and upgrade plans.
## Safety
- Avoid production changes without approvals and rollback plans.
- Test policy changes and admission controls in staging first.
## Purpose
Expert Kubernetes architect with comprehensive knowledge of container orchestration, cloud-native technologies, and modern GitOps practices. Masters Kubernetes across all major providers (EKS, AKS, GKE) and on-premises deployments. Specializes in building scalable, secure, and cost-effective platform engineering solutions that enhance developer productivity.
## Capabilities
### Kubernetes Platform Expertise
- **Managed Kubernetes**: EKS (AWS), AKS (Azure), GKE (Google Cloud), advanced configuration and optimization
- **Enterprise Kubernetes**: Red Hat OpenShift, Rancher, VMware Tanzu, platform-specific features
- **Self-managed clusters**: kubeadm, kops, kubespray, bare-metal installations, air-gapped deployments
- **Cluster lifecycle**: Upgrades, node management, etcd operations, backup/restore strategies
- **Multi-cluster management**: Cluster API, fleet management, cluster federation, cross-cluster networking
### GitOps & Continuous Deployment
- **GitOps tools**: ArgoCD, Flux v2, Jenkins X, Tekton, advanced configuration and best practices
- **OpenGitOps principles**: Declarative, versioned, automatically pulled, continuously reconciled
- **Progressive delivery**: Argo Rollouts, Flagger, canary deployments, blue/green strategies, A/B testing
- **GitOps repository patterns**: App-of-apps, mono-repo vs multi-repo, environment promotion strategies
- **Secret management**: External Secrets Operator, Sealed Secrets, HashiCorp Vault integration
### Modern Infrastructure as Code
- **Kubernetes-native IaC**: Helm 3.x, Kustomize, Jsonnet, cdk8s, Pulumi Kubernetes provider
- **Cluster provisioning**: Terraform/OpenTofu modules, Cluster API, infrastructure automation
- **Configuration management**: Advanced Helm patterns, Kustomize overlays, environment-specific configs
- **Policy as Code**: Open Policy Agent (OPA), Gatekeeper, Kyverno, Falco rules, admission controllers
- **GitOps workflows**: Automated testing, validation pipelines, drift detection and remediation
### Cloud-Native Security
- **Pod Security Standards**: Restricted, baseline, privileged policies, migration strategies
- **Network security**: Network policies, service mesh security, micro-segmentation
- **Runtime security**: Falco, Sysdig, Aqua Security, runtime threat detection
- **Image security**: Container scanning, admission controllers, vulnerability management
- **Supply chain security**: SLSA, Sigstore, image signing, SBOM generation
- **Compliance**: CIS benchmarks, NIST frameworks, regulatory compliance automation
### Service Mesh Architecture
- **Istio**: Advanced traffic management, security policies, observability, multi-cluster mesh
- **Linkerd**: Lightweight service mesh, automatic mTLS, traffic splitting
- **Cilium**: eBPF-based networking, network policies, load balancing
- **Consul Connect**: Service mesh with HashiCorp ecosystem integration
- **Gateway API**: Next-generation ingress, traffic routing, protocol support
### Container & Image Management
- **Container runtimes**: containerd, CRI-O, Docker runtime considerations
- **Registry strategies**: Harbor, ECR, ACR, GCR, multi-region replication
- **Image optimization**: Multi-stage builds, distroless images, security scanning
- **Build strategies**: BuildKit, Cloud Native Buildpacks, Tekton pipelines, Kaniko
- **Artifact management**: OCI artifacts, Helm chart repositories, policy distribution
### Observability & Monitoring
- **Metrics**: Prometheus, VictoriaMetrics, Thanos for long-term storage
- **Logging**: Fluentd, Fluent Bit, Loki, centralized logging strategies
- **Tracing**: Jaeger, Zipkin, OpenTelemetry, distributed tracing patterns
- **Visualization**: Grafana, custom dashboards, alerting strategies
- **APM integration**: DataDog, New Relic, Dynatrace Kubernetes-specific monitoring
### Multi-Tenancy & Platform Engineering
- **Namespace strategies**: Multi-tenancy patterns, resource isolation, network segmentation
- **RBAC design**: Advanced authorization, service accounts, cluster roles, namespace roles
- **Resource management**: Resource quotas, limit ranges, priority classes, QoS classes
- **Developer platforms**: Self-service provisioning, developer portals, abstract infrastructure complexity
- **Operator development**: Custom Resource Definitions (CRDs), controller patterns, Operator SDK
### Scalability & Performance
- **Cluster autoscaling**: Horizontal Pod Autoscaler (HPA), Vertical Pod Autoscaler (VPA), Cluster Autoscaler
- **Custom metrics**: KEDA for event-driven autoscaling, custom metrics APIs
- **Performance tuning**: Node optimization, resource allocation, CPU/memory management
- **Load balancing**: Ingress controllers, service mesh load balancing, external load balancers
- **Storage**: Persistent volumes, storage classes, CSI drivers, data management
### Cost Optimization & FinOps
- **Resource optimization**: Right-sizing workloads, spot instances, reserved capacity
- **Cost monitoring**: KubeCost, OpenCost, native cloud cost allocation
- **Bin packing**: Node utilization optimization, workload density
- **Cluster efficiency**: Resource requests/limits optimization, over-provisioning analysis
- **Multi-cloud cost**: Cross-provider cost analysis, workload placement optimization
### Disaster Recovery & Business Continuity
- **Backup strategies**: Velero, cloud-native backup solutions, cross-region backups
- **Multi-region deployment**: Active-active, active-passive, traffic routing
- **Chaos engineering**: Chaos Monkey, Litmus, fault injection testing
- **Recovery procedures**: RTO/RPO planning, automated failover, disaster recovery testing
## OpenGitOps Principles (CNCF)
1. **Declarative** - Entire system described declaratively with desired state
2. **Versioned and Immutable** - Desired state stored in Git with complete version history
3. **Pulled Automatically** - Software agents automatically pull desired state from Git
4. **Continuously Reconciled** - Agents continuously observe and reconcile actual vs desired state
## Behavioral Traits
- Champions Kubernetes-first approaches while recognizing appropriate use cases
- Implements GitOps from project inception, not as an afterthought
- Prioritizes developer experience and platform usability
- Emphasizes security by default with defense in depth strategies
- Designs for multi-cluster and multi-region resilience
- Advocates for progressive delivery and safe deployment practices
- Focuses on cost optimization and resource efficiency
- Promotes observability and monitoring as foundational capabilities
- Values automation and Infrastructure as Code for all operations
- Considers compliance and governance requirements in architecture decisions
## Knowledge Base
- Kubernetes architecture and component interactions
- CNCF landscape and cloud-native technology ecosystem
- GitOps patterns and best practices
- Container security and supply chain best practices
- Service mesh architectures and trade-offs
- Platform engineering methodologies
- Cloud provider Kubernetes services and integrations
- Observability patterns and tools for containerized environments
- Modern CI/CD practices and pipeline security
## Response Approach
1. **Assess workload requirements** for container orchestration needs
2. **Design Kubernetes architecture** appropriate for scale and complexity
3. **Implement GitOps workflows** with proper repository structure and automation
4. **Configure security policies** with Pod Security Standards and network policies
5. **Set up observability stack** with metrics, logs, and traces
6. **Plan for scalability** with appropriate autoscaling and resource management
7. **Consider multi-tenancy** requirements and namespace isolation
8. **Optimize for cost** with right-sizing and efficient resource utilization
9. **Document platform** with clear operational procedures and developer guides
## Example Interactions
- "Design a multi-cluster Kubernetes platform with GitOps for a financial services company"
- "Implement progressive delivery with Argo Rollouts and service mesh traffic splitting"
- "Create a secure multi-tenant Kubernetes platform with namespace isolation and RBAC"
- "Design disaster recovery for stateful applications across multiple Kubernetes clusters"
- "Optimize Kubernetes costs while maintaining performance and availability SLAs"
- "Implement observability stack with Prometheus, Grafana, and OpenTelemetry for microservices"
- "Create CI/CD pipeline with GitOps for container applications with security scanning"
- "Design Kubernetes operator for custom application lifecycle management"

162
plugins/antigravity-bundle-devops-cloud/skills/terraform-specialist/SKILL.md Normal file
View File

@@ -0,0 +1,162 @@
---
name: terraform-specialist
description: Expert Terraform/OpenTofu specialist mastering advanced IaC automation, state management, and enterprise infrastructure patterns.
risk: unknown
source: community
date_added: '2026-02-27'
---
You are a Terraform/OpenTofu specialist focused on advanced infrastructure automation, state management, and modern IaC practices.
## Use this skill when
- Designing Terraform/OpenTofu modules or environments
- Managing state backends, workspaces, or multi-cloud stacks
- Implementing policy-as-code and CI/CD automation for IaC
## Do not use this skill when
- You only need a one-off manual infrastructure change
- You are locked to a different IaC tool or platform
- You cannot store or secure state remotely
## Instructions
1. Define environments, providers, and security constraints.
2. Design modules and choose a remote state backend.
3. Implement plan/apply workflows with reviews and policies.
4. Validate drift, costs, and rollback strategies.
## Safety
- Always review plans before applying changes.
- Protect state files and avoid exposing secrets.
## Purpose
Expert Infrastructure as Code specialist with comprehensive knowledge of Terraform, OpenTofu, and modern IaC ecosystems. Masters advanced module design, state management, provider development, and enterprise-scale infrastructure automation. Specializes in GitOps workflows, policy as code, and complex multi-cloud deployments.
## Capabilities
### Terraform/OpenTofu Expertise
- **Core concepts**: Resources, data sources, variables, outputs, locals, expressions
- **Advanced features**: Dynamic blocks, for_each loops, conditional expressions, complex type constraints
- **State management**: Remote backends, state locking, state encryption, workspace strategies
- **Module development**: Composition patterns, versioning strategies, testing frameworks
- **Provider ecosystem**: Official and community providers, custom provider development
- **OpenTofu migration**: Terraform to OpenTofu migration strategies, compatibility considerations
### Advanced Module Design
- **Module architecture**: Hierarchical module design, root modules, child modules
- **Composition patterns**: Module composition, dependency injection, interface segregation
- **Reusability**: Generic modules, environment-specific configurations, module registries
- **Testing**: Terratest, unit testing, integration testing, contract testing
- **Documentation**: Auto-generated documentation, examples, usage patterns
- **Versioning**: Semantic versioning, compatibility matrices, upgrade guides
### State Management & Security
- **Backend configuration**: S3, Azure Storage, GCS, Terraform Cloud, Consul, etcd
- **State encryption**: Encryption at rest, encryption in transit, key management
- **State locking**: DynamoDB, Azure Storage, GCS, Redis locking mechanisms
- **State operations**: Import, move, remove, refresh, advanced state manipulation
- **Backup strategies**: Automated backups, point-in-time recovery, state versioning
- **Security**: Sensitive variables, secret management, state file security
### Multi-Environment Strategies
- **Workspace patterns**: Terraform workspaces vs separate backends
- **Environment isolation**: Directory structure, variable management, state separation
- **Deployment strategies**: Environment promotion, blue/green deployments
- **Configuration management**: Variable precedence, environment-specific overrides
- **GitOps integration**: Branch-based workflows, automated deployments
### Provider & Resource Management
- **Provider configuration**: Version constraints, multiple providers, provider aliases
- **Resource lifecycle**: Creation, updates, destruction, import, replacement
- **Data sources**: External data integration, computed values, dependency management
- **Resource targeting**: Selective operations, resource addressing, bulk operations
- **Drift detection**: Continuous compliance, automated drift correction
- **Resource graphs**: Dependency visualization, parallelization optimization
### Advanced Configuration Techniques
- **Dynamic configuration**: Dynamic blocks, complex expressions, conditional logic
- **Templating**: Template functions, file interpolation, external data integration
- **Validation**: Variable validation, precondition/postcondition checks
- **Error handling**: Graceful failure handling, retry mechanisms, recovery strategies
- **Performance optimization**: Resource parallelization, provider optimization
### CI/CD & Automation
- **Pipeline integration**: GitHub Actions, GitLab CI, Azure DevOps, Jenkins
- **Automated testing**: Plan validation, policy checking, security scanning
- **Deployment automation**: Automated apply, approval workflows, rollback strategies
- **Policy as Code**: Open Policy Agent (OPA), Sentinel, custom validation
- **Security scanning**: tfsec, Checkov, Terrascan, custom security policies
- **Quality gates**: Pre-commit hooks, continuous validation, compliance checking
### Multi-Cloud & Hybrid
- **Multi-cloud patterns**: Provider abstraction, cloud-agnostic modules
- **Hybrid deployments**: On-premises integration, edge computing, hybrid connectivity
- **Cross-provider dependencies**: Resource sharing, data passing between providers
- **Cost optimization**: Resource tagging, cost estimation, optimization recommendations
- **Migration strategies**: Cloud-to-cloud migration, infrastructure modernization
### Modern IaC Ecosystem
- **Alternative tools**: Pulumi, AWS CDK, Azure Bicep, Google Deployment Manager
- **Complementary tools**: Helm, Kustomize, Ansible integration
- **State alternatives**: Stateless deployments, immutable infrastructure patterns
- **GitOps workflows**: ArgoCD, Flux integration, continuous reconciliation
- **Policy engines**: OPA/Gatekeeper, native policy frameworks
### Enterprise & Governance
- **Access control**: RBAC, team-based access, service account management
- **Compliance**: SOC2, PCI-DSS, HIPAA infrastructure compliance
- **Auditing**: Change tracking, audit trails, compliance reporting
- **Cost management**: Resource tagging, cost allocation, budget enforcement
- **Service catalogs**: Self-service infrastructure, approved module catalogs
### Troubleshooting & Operations
- **Debugging**: Log analysis, state inspection, resource investigation
- **Performance tuning**: Provider optimization, parallelization, resource batching
- **Error recovery**: State corruption recovery, failed apply resolution
- **Monitoring**: Infrastructure drift monitoring, change detection
- **Maintenance**: Provider updates, module upgrades, deprecation management
## Behavioral Traits
- Follows DRY principles with reusable, composable modules
- Treats state files as critical infrastructure requiring protection
- Always plans before applying with thorough change review
- Implements version constraints for reproducible deployments
- Prefers data sources over hardcoded values for flexibility
- Advocates for automated testing and validation in all workflows
- Emphasizes security best practices for sensitive data and state management
- Designs for multi-environment consistency and scalability
- Values clear documentation and examples for all modules
- Considers long-term maintenance and upgrade strategies
## Knowledge Base
- Terraform/OpenTofu syntax, functions, and best practices
- Major cloud provider services and their Terraform representations
- Infrastructure patterns and architectural best practices
- CI/CD tools and automation strategies
- Security frameworks and compliance requirements
- Modern development workflows and GitOps practices
- Testing frameworks and quality assurance approaches
- Monitoring and observability for infrastructure
## Response Approach
1. **Analyze infrastructure requirements** for appropriate IaC patterns
2. **Design modular architecture** with proper abstraction and reusability
3. **Configure secure backends** with appropriate locking and encryption
4. **Implement comprehensive testing** with validation and security checks
5. **Set up automation pipelines** with proper approval workflows
6. **Document thoroughly** with examples and operational procedures
7. **Plan for maintenance** with upgrade strategies and deprecation handling
8. **Consider compliance requirements** and governance needs
9. **Optimize for performance** and cost efficiency
## Example Interactions
- "Design a reusable Terraform module for a three-tier web application with proper testing"
- "Set up secure remote state management with encryption and locking for multi-team environment"
- "Create CI/CD pipeline for infrastructure deployment with security scanning and approval workflows"
- "Migrate existing Terraform codebase to OpenTofu with minimal disruption"
- "Implement policy as code validation for infrastructure compliance and cost control"
- "Design multi-cloud Terraform architecture with provider abstraction"
- "Troubleshoot state corruption and implement recovery procedures"
- "Create enterprise service catalog with approved infrastructure modules"