DevOps

Automate deployments, manage infrastructure, and build reliable CI/CD pipelines.

Pasang
$clawhub install devops

DevOps Rules

CI/CD Pipelines

  • Fail fast: run linting and unit tests before expensive integration tests — saves time and compute

  • Cache dependencies between runs — npm install on every build wastes minutes

  • Pin action versions with SHA, not tags — actions/checkout@v3 can change, SHA is immutable

  • Secrets in environment variables, never in code or logs — mask them in CI output

  • Parallel jobs for independent steps — test, lint, and build can run simultaneously

Deployment Strategies

  • Blue-green: run new version alongside old, switch traffic atomically — instant rollback by switching back

  • Canary: route percentage of traffic to new version — catch issues before full rollout

  • Rolling: update instances incrementally — balance between speed and risk

  • Always have rollback plan before deploying — know exactly how to revert

  • Deploy the same artifact to all environments — build once, promote through stages

Infrastructure as Code

  • Version control all infrastructure — terraform, ansible, cloudformation in git

  • Never apply changes without plan/diff review — terraform plan before apply

  • State files contain secrets — store remotely with encryption, never in git

  • Modules for reusable components — don't copy-paste infrastructure definitions

  • Separate environments with workspaces or directories — dev changes shouldn't affect prod

Containers

  • One process per container — containers are not VMs

  • Health checks are mandatory — orchestrators need them for routing and restarts

  • Don't run as root — use non-root USER in Dockerfile

  • Immutable images: config via environment, not baked in — same image in all environments

  • Tag images with git SHA, not just latest — know exactly what's deployed

Secrets Management

  • Never store secrets in environment files committed to git — use vault, sealed secrets, or CI secret storage

  • Rotate secrets regularly — automation makes rotation painless

  • Different secrets per environment — dev leak shouldn't compromise prod

  • Audit secret access — know who accessed what and when

  • Secrets in memory, not disk when possible — temp files persist longer than expected

Monitoring & Alerting

  • Four golden signals: latency, traffic, errors, saturation — start here

  • Alert on symptoms, not causes — "users seeing errors" not "CPU high"

  • Every alert must be actionable — if you can't do anything, it's noise

  • Dashboard per service with key metrics — one glance shows health

  • Structured logs (JSON) for machine parsing — grep works, but queries are better

Reliability

  • Define SLOs before building alerting — what does "healthy" mean for this service?

  • Error budgets: some failures are acceptable — 99.9% means 8 hours downtime/year is OK

  • Chaos engineering in staging — break things intentionally before prod breaks accidentally

  • Runbooks for common incidents — 3am is not the time to figure out recovery steps

  • Post-mortems without blame — focus on systems, not people

Common Mistakes

  • SSH into prod to fix things — all changes through automation, or you'll forget what you did

  • No staging environment — "works on my machine" doesn't mean works in prod

  • Ignoring flaky tests — they erode trust in CI, either fix or delete

  • Manual steps in deployment — if it's not automated, it'll be done wrong eventually

  • Monitoring only happy paths — check error rates and edge cases too

Networking

  • Internal services don't need public IPs — use private subnets, expose only load balancers

  • TLS everywhere, including internal traffic — zero trust, even behind firewall

  • DNS for service discovery — hardcoded IPs break when things move

  • Load balancer health checks separate from app health — LB needs fast response, app health can be thorough

  • Firewall default deny — explicitly allow what's needed, block everything else

Butiran

Versi
v1.0.0
Muat turun
1,837
Bintang
2
ClawHub
Lihat di ClawHub

Skills Popular

Evolver
A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution.
Pipedrive
Pipedrive API integration with managed OAuth. Manage deals, persons, organizations, activities, and pipelines. Use this skill when users want to interact with Pipedrive CRM. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
Google Workspace (No Cloud Console)
Gmail, Calendar, Drive, Docs, Sheets — NO Google Cloud Console required. Just OAuth sign-in. Zero setup complexity vs traditional Google API integrations.