devops-deployment
使用 CI/CD 管線與 IaC 範本部署應用程式
從零開始建立部署基礎設施既複雜又容易出錯。此技能提供可投入生產的 Docker、Kubernetes、Terraform 與 GitHub Actions 工作流程範本,並可依你的環境進行客製化。
스킬 ZIP 다운로드
Claude에서 업로드
설정 → 기능 → 스킬 → 스킬 업로드로 이동
토글을 켜고 사용 시작
테스트해 보기
"devops-deployment" 사용 중입니다. Create a Kubernetes deployment for a Node.js API with 3 replicas, rolling updates, and proper security settings
예상 결과:
- 具備 3 個副本與滾動更新策略的 Deployment (maxSurge: 1, maxUnavailable: 0)
- Security context: runAsNonRoot: true, runAsUser: 1001, allowPrivilegeEscalation: false
- 資源限制:cpu 500m、memory 512Mi;requests:cpu 100m、memory 128Mi
- 健康檢查:/health 上的 liveness probe、/ready 上的 readiness probe
- Service 類型為 ClusterIP,路由至 3000 埠
- 使用 nginx controller 的 Ingress 並透過 cert-manager 啟用 TLS
"devops-deployment" 사용 중입니다. Create a GitHub Actions workflow for a Node.js project with security scanning
예상 결과:
- 使用 npm run lint 與 typecheck 的 Lint 階段
- 含 Coverage 回報至 Codecov 的測試階段
- 含 npm audit 與 Trivy 漏洞掃描器的安全階段
- 使用 Docker buildx 並推送到 GitHub container registry 的建置階段
- 套用環境保護規則的 staging 部署
- 需人工審核門檻的 production 部署
보안 감사
안전This skill contains only declarative YAML and Terraform configuration templates for DevOps workflows. The static scanner flagged 66 potential issues, but ALL are false positives. The scanner misidentified markdown code formatting as shell execution, template placeholders as hardcoded secrets, and standard DevOps practices as security risks. Templates use proper security patterns including Kubernetes secrets references and GitHub Actions secrets injection.
위험 요인
🌐 네트워크 접근 (11)
⚙️ 외부 명령어 (26)
품질 점수
만들 수 있는 것
建立 CI/CD 管線
產生完整的 GitHub Actions 工作流程,包含 lint、測試、安全掃描、建置與部署階段
容器化應用程式
建立具備安全最佳實務的生產就緒 Dockerfile 與 Kubernetes 清單
定義基礎設施即程式碼
設定 AWS 雲端資源的 Terraform 模組,包含 VPC、EKS 叢集與 RDS 資料庫
이 프롬프트를 사용해 보세요
Create Kubernetes deployment, service, and ingress manifests for a Node.js application. Include rolling update strategy, security context with non-root user, resource requests and limits, and health checks on port 3000.
Create a multi-stage Dockerfile for a Node.js application using node:20-alpine base. Install production dependencies only in final stage, create non-root user with uid 1001, and include a health check endpoint.
Create a GitHub Actions workflow with lint, test, security scan, build, and deploy stages. Include npm audit, Trivy vulnerability scanning, Docker buildx with cache, and environment-gated deployment to staging and production.
Create Terraform configuration for AWS infrastructure including VPC with public and private subnets, EKS cluster with managed node groups, and RDS PostgreSQL instance with encryption and backup retention.
모범 사례
- 使用前務必檢視並客製化範本占位符,例如映像名稱、網域與環境變數
- 使用 External Secrets Operator 或類似工具,而非在清單中內嵌秘密
- 在上線前,先以相同設定在 staging 環境進行部署測試
피하기
- 在生產環境使用 latest 映像標籤而非固定版本
- 在 Kubernetes pods 以 root 使用者執行容器
- 在 CI/CD 管線中略過安全掃描階段