ai-playbook 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +146 -0
- package/agents/README.md +168 -0
- package/agents/SKILL.md +633 -0
- package/agents/architect/AGENT.md +44 -0
- package/agents/architect/README.md +5 -0
- package/agents/coder/AGENT.md +43 -0
- package/agents/coder/README.md +5 -0
- package/agents/debugger/AGENT.md +42 -0
- package/agents/debugger/README.md +6 -0
- package/agents/devops/AGENT.md +43 -0
- package/agents/devops/README.md +5 -0
- package/agents/documentation/AGENT.md +45 -0
- package/agents/documentation/README.md +5 -0
- package/agents/examples.md +550 -0
- package/agents/performance/AGENT.md +45 -0
- package/agents/performance/README.md +6 -0
- package/agents/planner/AGENT.md +44 -0
- package/agents/planner/README.md +6 -0
- package/agents/product-owner/AGENT.md +46 -0
- package/agents/product-owner/README.md +6 -0
- package/agents/refactorer/AGENT.md +44 -0
- package/agents/refactorer/README.md +6 -0
- package/agents/release-manager/AGENT.md +45 -0
- package/agents/release-manager/README.md +6 -0
- package/agents/researcher/AGENT.md +44 -0
- package/agents/researcher/README.md +6 -0
- package/agents/reviewer/AGENT.md +43 -0
- package/agents/reviewer/README.md +6 -0
- package/agents/security/AGENT.md +46 -0
- package/agents/security/README.md +6 -0
- package/agents/support/AGENT.md +45 -0
- package/agents/support/README.md +6 -0
- package/agents/tester/AGENT.md +46 -0
- package/agents/tester/README.md +5 -0
- package/bin/cli.js +186 -0
- package/commands/README.md +266 -0
- package/commands/build.md +135 -0
- package/commands/clean.md +126 -0
- package/commands/deploy-prod.md +171 -0
- package/commands/deploy-staging.md +147 -0
- package/commands/deps.md +169 -0
- package/commands/dev.md +132 -0
- package/commands/format.md +142 -0
- package/commands/lint.md +125 -0
- package/commands/migrate.md +159 -0
- package/commands/release.md +183 -0
- package/commands/rollback.md +152 -0
- package/commands/seed.md +178 -0
- package/commands/setup.md +109 -0
- package/commands/test.md +134 -0
- package/commands/validate.md +147 -0
- package/context/README.md +7 -0
- package/context/aem.md +47 -0
- package/context/architecture.md +51 -0
- package/context/bullminder.md +57 -0
- package/context/coding-style.md +42 -0
- package/context/communication.md +53 -0
- package/context/company.md +46 -0
- package/context/engineering.md +63 -0
- package/context/project-template.md +71 -0
- package/context/trading.md +52 -0
- package/hooks/README.md +326 -0
- package/hooks/code-review/README.md +6 -0
- package/hooks/code-review/check-coverage.md +101 -0
- package/hooks/custom/README.md +6 -0
- package/hooks/custom/project-specific-hooks.md +273 -0
- package/hooks/deployment/README.md +6 -0
- package/hooks/deployment/health-check.md +102 -0
- package/hooks/deployment/pre-deploy-check.md +84 -0
- package/hooks/documentation/README.md +6 -0
- package/hooks/documentation/update-changelog.md +146 -0
- package/hooks/post-task/README.md +5 -0
- package/hooks/post-task/run-tests.md +61 -0
- package/hooks/pre-commit/README.md +6 -0
- package/hooks/pre-commit/format.md +63 -0
- package/hooks/pre-commit/lint.md +62 -0
- package/hooks/pre-commit/type-check.md +78 -0
- package/hooks/pre-task/README.md +6 -0
- package/hooks/pre-task/check-branch.md +48 -0
- package/hooks/pre-task/validate-environment.md +48 -0
- package/hooks/security-check/README.md +6 -0
- package/hooks/security-check/dependency-audit.md +85 -0
- package/hooks/security-check/secrets-scan.md +77 -0
- package/hooks/test-before-finish/README.md +6 -0
- package/hooks/test-before-finish/run-all-tests.md +128 -0
- package/index.js +69 -0
- package/knowledge/README.md +33 -0
- package/knowledge/ai-agents.md +74 -0
- package/knowledge/decision-making.md +73 -0
- package/knowledge/documentation.md +67 -0
- package/knowledge/engineering-principles.md +65 -0
- package/knowledge/product-discovery.md +68 -0
- package/knowledge/security-privacy.md +54 -0
- package/knowledge/testing-quality.md +63 -0
- package/package.json +63 -0
- package/patterns/README.md +7 -0
- package/prompts/README.md +208 -0
- package/prompts/architect/README.md +96 -0
- package/prompts/architect/design-system.md +140 -0
- package/prompts/debugger/README.md +96 -0
- package/prompts/debugger/diagnose-issue.md +141 -0
- package/prompts/developer/README.md +129 -0
- package/prompts/developer/fix-bug.md +136 -0
- package/prompts/developer/implement-feature.md +133 -0
- package/prompts/product-owner/README.md +116 -0
- package/prompts/product-owner/define-feature.md +145 -0
- package/prompts/reviewer/README.md +91 -0
- package/prompts/reviewer/code-review.md +129 -0
- package/prompts/support/README.md +154 -0
- package/prompts/support/resolve-issue.md +124 -0
- package/roles/README.md +6 -0
- package/roles/design-architect/README.md +98 -0
- package/roles/design-architect/accessibility/README.md +33 -0
- package/roles/design-architect/accessibility/checklists.md +29 -0
- package/roles/design-architect/accessibility/examples.md +35 -0
- package/roles/design-architect/checklists.md +76 -0
- package/roles/design-architect/component-library/README.md +35 -0
- package/roles/design-architect/component-library/checklists.md +29 -0
- package/roles/design-architect/component-library/examples.md +35 -0
- package/roles/design-architect/design-system/README.md +35 -0
- package/roles/design-architect/design-system/checklists.md +27 -0
- package/roles/design-architect/design-system/examples.md +41 -0
- package/roles/design-architect/examples/README.md +31 -0
- package/roles/design-architect/examples/checklists.md +26 -0
- package/roles/design-architect/examples/examples.md +46 -0
- package/roles/design-architect/examples.md +90 -0
- package/roles/design-architect/figma/README.md +33 -0
- package/roles/design-architect/figma/checklists.md +27 -0
- package/roles/design-architect/figma/examples.md +38 -0
- package/roles/design-architect/responsibilities.md +73 -0
- package/roles/design-architect/responsive/README.md +34 -0
- package/roles/design-architect/responsive/checklists.md +26 -0
- package/roles/design-architect/responsive/examples.md +39 -0
- package/roles/design-architect/role.md +129 -0
- package/roles/design-architect/skill-map.md +42 -0
- package/roles/design-architect/triggers.md +110 -0
- package/roles/design-architect/ui/README.md +36 -0
- package/roles/design-architect/ui/checklists.md +29 -0
- package/roles/design-architect/ui/examples.md +28 -0
- package/roles/design-architect/usability/README.md +34 -0
- package/roles/design-architect/usability/checklists.md +28 -0
- package/roles/design-architect/usability/examples.md +31 -0
- package/roles/design-architect/ux/README.md +36 -0
- package/roles/design-architect/ux/checklists.md +28 -0
- package/roles/design-architect/ux/examples.md +37 -0
- package/roles/design-architect/wireframes/README.md +34 -0
- package/roles/design-architect/wireframes/checklists.md +25 -0
- package/roles/design-architect/wireframes/examples.md +32 -0
- package/roles/design-architect/workflow.md +80 -0
- package/roles/devops/README.md +101 -0
- package/roles/devops/ansible/README.md +6 -0
- package/roles/devops/checklists.md +413 -0
- package/roles/devops/ci-cd/README.md +169 -0
- package/roles/devops/ci-cd/checklists.md +289 -0
- package/roles/devops/ci-cd/examples.md +429 -0
- package/roles/devops/cloud-platforms/README.md +109 -0
- package/roles/devops/cost-optimization/README.md +131 -0
- package/roles/devops/disaster-recovery/README.md +118 -0
- package/roles/devops/docker/README.md +6 -0
- package/roles/devops/examples/README.md +6 -0
- package/roles/devops/examples.md +775 -0
- package/roles/devops/github-actions/README.md +6 -0
- package/roles/devops/helm/README.md +6 -0
- package/roles/devops/infrastructure-as-code/README.md +160 -0
- package/roles/devops/infrastructure-as-code/checklists.md +124 -0
- package/roles/devops/jenkins/README.md +6 -0
- package/roles/devops/kubernetes/README.md +150 -0
- package/roles/devops/kubernetes/checklists.md +192 -0
- package/roles/devops/kubernetes/examples.md +189 -0
- package/roles/devops/monitoring/README.md +93 -0
- package/roles/devops/networking/README.md +83 -0
- package/roles/devops/performance/README.md +104 -0
- package/roles/devops/responsibilities.md +95 -0
- package/roles/devops/role.md +130 -0
- package/roles/devops/security/README.md +126 -0
- package/roles/devops/skill-map.md +162 -0
- package/roles/devops/terraform/README.md +6 -0
- package/roles/devops/triggers.md +241 -0
- package/roles/devops/workflow.md +197 -0
- package/roles/qa/README.md +16 -0
- package/roles/qa/api-testing/README.md +6 -0
- package/roles/qa/automation/README.md +6 -0
- package/roles/qa/checklists.md +24 -0
- package/roles/qa/examples/README.md +6 -0
- package/roles/qa/examples.md +27 -0
- package/roles/qa/performance/README.md +6 -0
- package/roles/qa/playwright/README.md +6 -0
- package/roles/qa/responsibilities.md +16 -0
- package/roles/qa/role.md +47 -0
- package/roles/qa/selenium/README.md +6 -0
- package/roles/qa/skill-map.md +14 -0
- package/roles/qa/triggers.md +10 -0
- package/roles/qa/workflow.md +9 -0
- package/roles/software-architect/README.md +16 -0
- package/roles/software-architect/agents/README.md +6 -0
- package/roles/software-architect/ai-architecture/README.md +6 -0
- package/roles/software-architect/aws/README.md +6 -0
- package/roles/software-architect/azure/README.md +6 -0
- package/roles/software-architect/caching/README.md +6 -0
- package/roles/software-architect/checklists.md +25 -0
- package/roles/software-architect/cloud/README.md +6 -0
- package/roles/software-architect/database-design/README.md +6 -0
- package/roles/software-architect/diagrams/README.md +6 -0
- package/roles/software-architect/distributed-systems/README.md +7 -0
- package/roles/software-architect/docker/README.md +6 -0
- package/roles/software-architect/event-driven/README.md +7 -0
- package/roles/software-architect/examples/README.md +6 -0
- package/roles/software-architect/examples.md +22 -0
- package/roles/software-architect/gcp/README.md +6 -0
- package/roles/software-architect/kubernetes/README.md +6 -0
- package/roles/software-architect/messaging/README.md +6 -0
- package/roles/software-architect/rag/README.md +7 -0
- package/roles/software-architect/responsibilities.md +17 -0
- package/roles/software-architect/role.md +46 -0
- package/roles/software-architect/scalability/README.md +6 -0
- package/roles/software-architect/security/README.md +6 -0
- package/roles/software-architect/skill-map.md +15 -0
- package/roles/software-architect/system-design/README.md +6 -0
- package/roles/software-architect/triggers.md +10 -0
- package/roles/software-architect/vector-db/README.md +6 -0
- package/roles/software-architect/workflow.md +9 -0
- package/roles/software-developer/README.md +116 -0
- package/roles/software-developer/api/README.md +365 -0
- package/roles/software-developer/api/checklist.md +131 -0
- package/roles/software-developer/api/examples.md +459 -0
- package/roles/software-developer/authentication/README.md +26 -0
- package/roles/software-developer/authentication/checklists.md +22 -0
- package/roles/software-developer/authentication/examples.md +32 -0
- package/roles/software-developer/authorization/README.md +26 -0
- package/roles/software-developer/authorization/checklists.md +21 -0
- package/roles/software-developer/authorization/examples.md +27 -0
- package/roles/software-developer/backend/README.md +26 -0
- package/roles/software-developer/backend/checklists.md +21 -0
- package/roles/software-developer/backend/examples.md +21 -0
- package/roles/software-developer/cache/README.md +25 -0
- package/roles/software-developer/cache/checklists.md +21 -0
- package/roles/software-developer/cache/examples.md +22 -0
- package/roles/software-developer/checklists.md +122 -0
- package/roles/software-developer/code-review/README.md +23 -0
- package/roles/software-developer/code-review/checklists.md +22 -0
- package/roles/software-developer/code-review/examples.md +20 -0
- package/roles/software-developer/database/README.md +27 -0
- package/roles/software-developer/database/checklists.md +21 -0
- package/roles/software-developer/database/examples.md +27 -0
- package/roles/software-developer/debugging/README.md +24 -0
- package/roles/software-developer/debugging/checklists.md +20 -0
- package/roles/software-developer/debugging/examples.md +28 -0
- package/roles/software-developer/examples/README.md +22 -0
- package/roles/software-developer/examples/checklists.md +8 -0
- package/roles/software-developer/examples/examples.md +25 -0
- package/roles/software-developer/examples.md +378 -0
- package/roles/software-developer/frontend/README.md +76 -0
- package/roles/software-developer/frontend/accessibility/README.md +136 -0
- package/roles/software-developer/frontend/accessibility/best-practices.md +368 -0
- package/roles/software-developer/frontend/code-quality/README.md +136 -0
- package/roles/software-developer/frontend/code-quality/best-practices.md +309 -0
- package/roles/software-developer/frontend/components/README.md +65 -0
- package/roles/software-developer/frontend/components/best-practices.md +273 -0
- package/roles/software-developer/frontend/debugging/README.md +149 -0
- package/roles/software-developer/frontend/debugging/best-practices.md +329 -0
- package/roles/software-developer/frontend/examples/README.md +19 -0
- package/roles/software-developer/frontend/examples/checklists.md +8 -0
- package/roles/software-developer/frontend/examples/examples.md +17 -0
- package/roles/software-developer/frontend/logging-observability/README.md +196 -0
- package/roles/software-developer/frontend/logging-observability/best-practices.md +430 -0
- package/roles/software-developer/frontend/performance/README.md +99 -0
- package/roles/software-developer/frontend/performance/best-practices.md +350 -0
- package/roles/software-developer/frontend/state-management/README.md +85 -0
- package/roles/software-developer/frontend/state-management/best-practices.md +344 -0
- package/roles/software-developer/frontend/testing/README.md +114 -0
- package/roles/software-developer/frontend/testing/best-practices.md +272 -0
- package/roles/software-developer/fullstack/README.md +25 -0
- package/roles/software-developer/fullstack/checklists.md +19 -0
- package/roles/software-developer/fullstack/examples.md +14 -0
- package/roles/software-developer/graphql/README.md +24 -0
- package/roles/software-developer/graphql/checklists.md +20 -0
- package/roles/software-developer/graphql/examples.md +24 -0
- package/roles/software-developer/integration-tests/README.md +25 -0
- package/roles/software-developer/integration-tests/checklists.md +20 -0
- package/roles/software-developer/integration-tests/examples.md +18 -0
- package/roles/software-developer/java/README.md +24 -0
- package/roles/software-developer/java/checklists.md +16 -0
- package/roles/software-developer/java/examples.md +22 -0
- package/roles/software-developer/javascript/README.md +24 -0
- package/roles/software-developer/javascript/checklists.md +15 -0
- package/roles/software-developer/javascript/examples.md +18 -0
- package/roles/software-developer/logging/README.md +105 -0
- package/roles/software-developer/logging/checklists.md +48 -0
- package/roles/software-developer/logging/examples.md +135 -0
- package/roles/software-developer/messaging/README.md +24 -0
- package/roles/software-developer/messaging/checklists.md +21 -0
- package/roles/software-developer/messaging/examples.md +26 -0
- package/roles/software-developer/microservices/README.md +25 -0
- package/roles/software-developer/microservices/checklists.md +21 -0
- package/roles/software-developer/microservices/examples.md +21 -0
- package/roles/software-developer/node/README.md +25 -0
- package/roles/software-developer/node/checklists.md +15 -0
- package/roles/software-developer/node/examples.md +15 -0
- package/roles/software-developer/nosql/README.md +24 -0
- package/roles/software-developer/nosql/checklists.md +21 -0
- package/roles/software-developer/nosql/examples.md +20 -0
- package/roles/software-developer/observability/README.md +25 -0
- package/roles/software-developer/observability/checklists.md +21 -0
- package/roles/software-developer/observability/examples.md +22 -0
- package/roles/software-developer/performance/README.md +26 -0
- package/roles/software-developer/performance/checklists.md +20 -0
- package/roles/software-developer/performance/examples.md +20 -0
- package/roles/software-developer/python/README.md +25 -0
- package/roles/software-developer/python/checklists.md +15 -0
- package/roles/software-developer/python/examples.md +17 -0
- package/roles/software-developer/react/README.md +24 -0
- package/roles/software-developer/react/checklists.md +15 -0
- package/roles/software-developer/react/examples.md +22 -0
- package/roles/software-developer/refactoring/README.md +23 -0
- package/roles/software-developer/refactoring/checklists.md +21 -0
- package/roles/software-developer/refactoring/examples.md +11 -0
- package/roles/software-developer/responsibilities.md +58 -0
- package/roles/software-developer/role.md +127 -0
- package/roles/software-developer/skill-map.md +88 -0
- package/roles/software-developer/springboot/README.md +25 -0
- package/roles/software-developer/springboot/checklists.md +15 -0
- package/roles/software-developer/springboot/examples.md +21 -0
- package/roles/software-developer/sql/README.md +24 -0
- package/roles/software-developer/sql/checklists.md +22 -0
- package/roles/software-developer/sql/examples.md +20 -0
- package/roles/software-developer/testing/README.md +25 -0
- package/roles/software-developer/testing/checklists.md +21 -0
- package/roles/software-developer/testing/examples.md +19 -0
- package/roles/software-developer/triggers.md +550 -0
- package/roles/software-developer/typescript/README.md +25 -0
- package/roles/software-developer/typescript/checklists.md +15 -0
- package/roles/software-developer/typescript/examples.md +18 -0
- package/roles/software-developer/unit-tests/README.md +24 -0
- package/roles/software-developer/unit-tests/checklists.md +19 -0
- package/roles/software-developer/unit-tests/examples.md +22 -0
- package/roles/software-developer/workflow.md +196 -0
- package/roles/sre/README.md +16 -0
- package/roles/sre/alerts/README.md +6 -0
- package/roles/sre/availability/README.md +6 -0
- package/roles/sre/chaos/README.md +6 -0
- package/roles/sre/checklists.md +24 -0
- package/roles/sre/examples/README.md +6 -0
- package/roles/sre/examples.md +19 -0
- package/roles/sre/observability/README.md +6 -0
- package/roles/sre/reliability/README.md +6 -0
- package/roles/sre/responsibilities.md +16 -0
- package/roles/sre/role.md +46 -0
- package/roles/sre/skill-map.md +14 -0
- package/roles/sre/slos/README.md +6 -0
- package/roles/sre/triggers.md +10 -0
- package/roles/sre/workflow.md +9 -0
- package/roles/support-engineer/README.md +16 -0
- package/roles/support-engineer/checklists.md +24 -0
- package/roles/support-engineer/datadog/README.md +6 -0
- package/roles/support-engineer/examples/README.md +6 -0
- package/roles/support-engineer/examples.md +17 -0
- package/roles/support-engineer/incident-response/README.md +6 -0
- package/roles/support-engineer/kubernetes/README.md +6 -0
- package/roles/support-engineer/linux/README.md +6 -0
- package/roles/support-engineer/logs/README.md +6 -0
- package/roles/support-engineer/monitoring/README.md +6 -0
- package/roles/support-engineer/networking/README.md +6 -0
- package/roles/support-engineer/newrelic/README.md +6 -0
- package/roles/support-engineer/postmortem/README.md +6 -0
- package/roles/support-engineer/production/README.md +6 -0
- package/roles/support-engineer/responsibilities.md +16 -0
- package/roles/support-engineer/role.md +47 -0
- package/roles/support-engineer/root-cause-analysis/README.md +6 -0
- package/roles/support-engineer/runbooks/README.md +6 -0
- package/roles/support-engineer/skill-map.md +14 -0
- package/roles/support-engineer/splunk/README.md +6 -0
- package/roles/support-engineer/triggers.md +10 -0
- package/roles/support-engineer/troubleshooting/README.md +6 -0
- package/roles/support-engineer/workflow.md +9 -0
- package/setup.sh +204 -0
- package/skills/.claude/README.md +7 -0
- package/skills/README.md +21 -0
- package/skills/ai-agents/README.md +207 -0
- package/skills/ai-agents/examples.md +335 -0
- package/skills/ai-agents/skill.md +392 -0
- package/skills/architecture/README.md +198 -0
- package/skills/architecture/examples.md +316 -0
- package/skills/architecture/skill.md +189 -0
- package/skills/design-architecture/README.md +107 -0
- package/skills/design-architecture/examples.md +84 -0
- package/skills/design-architecture/skill.md +192 -0
- package/skills/devops/README.md +177 -0
- package/skills/devops/examples.md +376 -0
- package/skills/devops/skill.md +210 -0
- package/skills/documentation/README.md +182 -0
- package/skills/documentation/examples.md +364 -0
- package/skills/documentation/skill.md +200 -0
- package/skills/performance/README.md +177 -0
- package/skills/performance/examples.md +376 -0
- package/skills/performance/skill.md +199 -0
- package/skills/qa/README.md +106 -0
- package/skills/qa/examples.md +84 -0
- package/skills/qa/skill.md +384 -0
- package/skills/security/README.md +108 -0
- package/skills/security/examples.md +85 -0
- package/skills/security/skill.md +223 -0
- package/skills/software-development/README.md +239 -0
- package/skills/software-development/assessment.md +0 -0
- package/skills/software-development/checklists.md +0 -0
- package/skills/software-development/examples.md +375 -0
- package/skills/software-development/prompts.md +0 -0
- package/skills/software-development/skill.md +390 -0
- package/skills/software-development/templates/README.md +7 -0
- package/skills/software-development/templates/api-development.md +0 -0
- package/skills/software-development/templates/bug-fix.md +0 -0
- package/skills/software-development/templates/code-review.md +0 -0
- package/skills/software-development/templates/feature-implementation.md +0 -0
- package/skills/software-development/templates/llm-integration.md +0 -0
- package/skills/software-development/templates/performance-review.md +0 -0
- package/skills/software-development/templates/security-review.md +0 -0
- package/skills/software-development/templates/test-generation.md +0 -0
- package/skills/software-development/tools.md +0 -0
- package/skills/software-development/workflows.md +0 -0
- package/skills/sre/README.md +107 -0
- package/skills/sre/examples.md +379 -0
- package/skills/sre/skill.md +256 -0
- package/skills/support-engineering/README.md +107 -0
- package/skills/support-engineering/examples.md +85 -0
- package/skills/support-engineering/skill.md +103 -0
|
@@ -0,0 +1,160 @@
|
|
|
1
|
+
# Infrastructure as Code (IaC) Guidance
|
|
2
|
+
|
|
3
|
+
This folder provides guidance for implementing infrastructure using code and automation tools.
|
|
4
|
+
|
|
5
|
+
## Scope
|
|
6
|
+
|
|
7
|
+
Use this guidance when:
|
|
8
|
+
|
|
9
|
+
- Implementing infrastructure using Terraform, CloudFormation, or similar tools
|
|
10
|
+
- Designing Helm charts for Kubernetes deployments
|
|
11
|
+
- Creating reusable infrastructure modules
|
|
12
|
+
- Managing infrastructure versioning and state
|
|
13
|
+
- Automating infrastructure provisioning and deprovisioning
|
|
14
|
+
- Implementing infrastructure testing and validation
|
|
15
|
+
|
|
16
|
+
## Core Principles
|
|
17
|
+
|
|
18
|
+
1. **Version Control** – Infrastructure code stored in git like application code
|
|
19
|
+
2. **Modularity** – Infrastructure components broken into reusable modules
|
|
20
|
+
3. **Documentation** – Clear comments explaining non-obvious decisions
|
|
21
|
+
4. **Testing** – Infrastructure validated before deployment
|
|
22
|
+
5. **Reproducibility** – Same code produces same infrastructure every time
|
|
23
|
+
6. **Safety** – Plan before apply, maintain state securely
|
|
24
|
+
|
|
25
|
+
## Tools
|
|
26
|
+
|
|
27
|
+
### Terraform
|
|
28
|
+
- **Language:** HCL (HashiCorp Configuration Language)
|
|
29
|
+
- **State Management:** Local or remote state file
|
|
30
|
+
- **Providers:** AWS, GCP, Azure, Kubernetes, and many others
|
|
31
|
+
- **Modules:** Reusable infrastructure components
|
|
32
|
+
- **Best for:** Multi-cloud, complex infrastructure
|
|
33
|
+
|
|
34
|
+
### CloudFormation
|
|
35
|
+
- **Language:** JSON or YAML
|
|
36
|
+
- **AWS Native:** Integrated with AWS services
|
|
37
|
+
- **Stack Management:** Templates deployed as stacks
|
|
38
|
+
- **State:** AWS manages state
|
|
39
|
+
- **Best for:** AWS-only infrastructure
|
|
40
|
+
|
|
41
|
+
### Helm
|
|
42
|
+
- **Language:** YAML templates with Helm functions
|
|
43
|
+
- **Kubernetes Native:** Package manager for Kubernetes
|
|
44
|
+
- **Charts:** Reusable Kubernetes application packages
|
|
45
|
+
- **Values:** Configuration override mechanism
|
|
46
|
+
- **Best for:** Kubernetes application deployments
|
|
47
|
+
|
|
48
|
+
## Terraform Best Practices
|
|
49
|
+
|
|
50
|
+
### Organization
|
|
51
|
+
- Separate variables, main resources, and outputs
|
|
52
|
+
- Use modules for reusability
|
|
53
|
+
- One resource type per file (optional but recommended)
|
|
54
|
+
- Clear, descriptive naming
|
|
55
|
+
|
|
56
|
+
### State Management
|
|
57
|
+
- Use remote state (S3, Terraform Cloud, Terraform Enterprise)
|
|
58
|
+
- Enable state locking to prevent conflicts
|
|
59
|
+
- Backup state regularly
|
|
60
|
+
- Encrypt state file (especially for production)
|
|
61
|
+
- Restrict access to state file
|
|
62
|
+
|
|
63
|
+
### Variables & Outputs
|
|
64
|
+
- Input variables with descriptions and types
|
|
65
|
+
- Validation rules for correctness
|
|
66
|
+
- Sensitive variables for passwords/keys
|
|
67
|
+
- Clear output descriptions
|
|
68
|
+
- Computed outputs for dependent resources
|
|
69
|
+
|
|
70
|
+
### Modules
|
|
71
|
+
- Reusable, self-contained infrastructure
|
|
72
|
+
- Published to Terraform Registry
|
|
73
|
+
- Version constraints specified
|
|
74
|
+
- Module inputs documented
|
|
75
|
+
- Module outputs used by consumers
|
|
76
|
+
|
|
77
|
+
## CloudFormation Best Practices
|
|
78
|
+
|
|
79
|
+
### Template Organization
|
|
80
|
+
- Structured, readable YAML format
|
|
81
|
+
- Logical grouping of resources
|
|
82
|
+
- Clear resource naming
|
|
83
|
+
- Parameter descriptions
|
|
84
|
+
|
|
85
|
+
### Parameters
|
|
86
|
+
- Type safety (String, Number, List)
|
|
87
|
+
- Default values provided
|
|
88
|
+
- Constraint validation
|
|
89
|
+
- Clear descriptions
|
|
90
|
+
|
|
91
|
+
### Outputs
|
|
92
|
+
- Export values for cross-stack references
|
|
93
|
+
- Clear descriptions
|
|
94
|
+
- Consistent naming
|
|
95
|
+
|
|
96
|
+
## Helm Chart Best Practices
|
|
97
|
+
|
|
98
|
+
### Structure
|
|
99
|
+
- Clear values.yaml with comments
|
|
100
|
+
- Logical template organization
|
|
101
|
+
- Helper templates for reuse
|
|
102
|
+
- README documentation
|
|
103
|
+
|
|
104
|
+
### Values
|
|
105
|
+
- Sensible defaults
|
|
106
|
+
- Configuration grouped logically
|
|
107
|
+
- All configurable values exposed
|
|
108
|
+
- Resource requests/limits included
|
|
109
|
+
|
|
110
|
+
### Templates
|
|
111
|
+
- Uses Helm functions and variables consistently
|
|
112
|
+
- Labels consistent across resources
|
|
113
|
+
- Comments explaining non-obvious logic
|
|
114
|
+
|
|
115
|
+
## Testing & Validation
|
|
116
|
+
|
|
117
|
+
### Terraform
|
|
118
|
+
- `terraform validate` – Syntax checking
|
|
119
|
+
- `terraform plan` – Show changes before apply
|
|
120
|
+
- `terraform fmt` – Code formatting
|
|
121
|
+
- `terraform test` – Testing framework (newer versions)
|
|
122
|
+
- Terratest – Go testing framework for infrastructure
|
|
123
|
+
|
|
124
|
+
### CloudFormation
|
|
125
|
+
- cfn-lint – Template linting
|
|
126
|
+
- AWS CloudFormation validate-template
|
|
127
|
+
|
|
128
|
+
### Helm
|
|
129
|
+
- `helm lint` – Chart validation
|
|
130
|
+
- `helm template` – Render templates
|
|
131
|
+
- `helm test` – Chart tests
|
|
132
|
+
|
|
133
|
+
## Secrets Management
|
|
134
|
+
|
|
135
|
+
- Never commit secrets to git
|
|
136
|
+
- Use secure secret management (Vault, AWS Secrets Manager, Azure Key Vault)
|
|
137
|
+
- Reference secrets in infrastructure code by name/ID
|
|
138
|
+
- Rotate secrets regularly
|
|
139
|
+
- Audit secret access
|
|
140
|
+
|
|
141
|
+
## CI/CD Integration
|
|
142
|
+
|
|
143
|
+
- Run validation on every commit
|
|
144
|
+
- Plan infrastructure changes in PRs
|
|
145
|
+
- Require approval before applying
|
|
146
|
+
- Automatic rollback on failures
|
|
147
|
+
- Track infrastructure changes in audit logs
|
|
148
|
+
|
|
149
|
+
## Related Files
|
|
150
|
+
|
|
151
|
+
- `roles/devops/examples.md` – Terraform module example
|
|
152
|
+
- `roles/devops/checklists.md` – Infrastructure Code Review Checklist
|
|
153
|
+
- `roles/devops/ci-cd/` – CI/CD pipeline guidance for infrastructure
|
|
154
|
+
- `roles/devops/security/` – Security hardening for IaC
|
|
155
|
+
|
|
156
|
+
## Files in This Folder
|
|
157
|
+
|
|
158
|
+
- `README.md` – This file
|
|
159
|
+
- `checklists.md` – IaC implementation checklist
|
|
160
|
+
- `examples.md` – IaC code examples and patterns
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
# Infrastructure as Code Checklists
|
|
2
|
+
|
|
3
|
+
See parent `roles/devops/checklists.md` for Infrastructure Code Review Checklist covering:
|
|
4
|
+
- Correctness
|
|
5
|
+
- Security
|
|
6
|
+
- Cost & optimization
|
|
7
|
+
- Maintainability
|
|
8
|
+
- Operability
|
|
9
|
+
- Documentation
|
|
10
|
+
- Testing
|
|
11
|
+
|
|
12
|
+
---
|
|
13
|
+
|
|
14
|
+
## Terraform Implementation Checklist
|
|
15
|
+
|
|
16
|
+
### Project Setup
|
|
17
|
+
- [ ] Terraform working directory structure created
|
|
18
|
+
- [ ] `.gitignore` configured (terraform.tfvars, *.tfstate, etc.)
|
|
19
|
+
- [ ] Provider configuration specified (AWS, GCP, Azure, etc.)
|
|
20
|
+
- [ ] Remote state configured and locked
|
|
21
|
+
|
|
22
|
+
### Code Organization
|
|
23
|
+
- [ ] `main.tf` contains primary resources
|
|
24
|
+
- [ ] `variables.tf` contains input variable definitions
|
|
25
|
+
- [ ] `outputs.tf` contains output values
|
|
26
|
+
- [ ] `terraform.tfvars` or separate tfvars files for values
|
|
27
|
+
- [ ] Modules created for reusable components
|
|
28
|
+
|
|
29
|
+
### Variables & Validation
|
|
30
|
+
- [ ] All variables have descriptions
|
|
31
|
+
- [ ] Type constraints specified
|
|
32
|
+
- [ ] Default values provided (where appropriate)
|
|
33
|
+
- [ ] Sensitive flag set for passwords/keys
|
|
34
|
+
- [ ] Input validation configured
|
|
35
|
+
|
|
36
|
+
### Outputs
|
|
37
|
+
- [ ] Important values exposed as outputs
|
|
38
|
+
- [ ] Output descriptions clear
|
|
39
|
+
- [ ] Sensitive outputs marked if needed
|
|
40
|
+
|
|
41
|
+
### State Management
|
|
42
|
+
- [ ] Remote state configured (S3, Terraform Cloud, etc.)
|
|
43
|
+
- [ ] State locking enabled
|
|
44
|
+
- [ ] State file encryption enabled
|
|
45
|
+
- [ ] State file access restricted
|
|
46
|
+
- [ ] State backup configured
|
|
47
|
+
|
|
48
|
+
### Security
|
|
49
|
+
- [ ] No hardcoded secrets in code
|
|
50
|
+
- [ ] Secrets retrieved from secure source
|
|
51
|
+
- [ ] IAM policies follow least privilege
|
|
52
|
+
- [ ] Encryption enabled for sensitive resources
|
|
53
|
+
- [ ] Audit logging configured
|
|
54
|
+
|
|
55
|
+
### Testing & Validation
|
|
56
|
+
- [ ] `terraform validate` passes
|
|
57
|
+
- [ ] `terraform plan` shows expected changes
|
|
58
|
+
- [ ] Code `terraform fmt` formatting applied
|
|
59
|
+
- [ ] Lint checks pass (tflint or similar)
|
|
60
|
+
- [ ] Terratest or other tests pass
|
|
61
|
+
|
|
62
|
+
### Documentation
|
|
63
|
+
- [ ] README explains module purpose
|
|
64
|
+
- [ ] Variables documented with examples
|
|
65
|
+
- [ ] Outputs documented
|
|
66
|
+
- [ ] Architecture diagram included
|
|
67
|
+
- [ ] Usage examples provided
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## Helm Chart Implementation Checklist
|
|
72
|
+
|
|
73
|
+
### Chart Structure
|
|
74
|
+
- [ ] Chart.yaml with correct metadata
|
|
75
|
+
- [ ] values.yaml with sensible defaults
|
|
76
|
+
- [ ] templates/ directory with manifests
|
|
77
|
+
- [ ] .helmignore configured
|
|
78
|
+
- [ ] README with usage instructions
|
|
79
|
+
|
|
80
|
+
### Chart Metadata
|
|
81
|
+
- [ ] Chart name and description accurate
|
|
82
|
+
- [ ] Version follows semantic versioning
|
|
83
|
+
- [ ] AppVersion specified
|
|
84
|
+
- [ ] Keywords specified
|
|
85
|
+
- [ ] Home, sources, maintainers specified
|
|
86
|
+
|
|
87
|
+
### Values
|
|
88
|
+
- [ ] All configurable values in values.yaml
|
|
89
|
+
- [ ] Default values sensible and secure
|
|
90
|
+
- [ ] Values well-commented
|
|
91
|
+
- [ ] Nested structure logical
|
|
92
|
+
- [ ] Resource requests/limits specified
|
|
93
|
+
|
|
94
|
+
### Templates
|
|
95
|
+
- [ ] All values use template variables
|
|
96
|
+
- [ ] Labels consistent across resources
|
|
97
|
+
- [ ] Naming follows convention
|
|
98
|
+
- [ ] Helper templates created for reuse
|
|
99
|
+
- [ ] Non-obvious logic commented
|
|
100
|
+
|
|
101
|
+
### Testing
|
|
102
|
+
- [ ] `helm lint` passes
|
|
103
|
+
- [ ] `helm template` produces valid YAML
|
|
104
|
+
- [ ] Dry-run deployment successful
|
|
105
|
+
- [ ] Actual deployment tested
|
|
106
|
+
- [ ] Upgrade tested
|
|
107
|
+
|
|
108
|
+
### Documentation
|
|
109
|
+
- [ ] README explains chart purpose
|
|
110
|
+
- [ ] CHANGELOG documents versions
|
|
111
|
+
- [ ] Values documented in comments
|
|
112
|
+
- [ ] Example values files provided
|
|
113
|
+
- [ ] Troubleshooting guide included
|
|
114
|
+
|
|
115
|
+
---
|
|
116
|
+
|
|
117
|
+
## Secrets Management Checklist
|
|
118
|
+
|
|
119
|
+
- [ ] No secrets committed to git
|
|
120
|
+
- [ ] Secrets managed externally (Vault, Secrets Manager, etc.)
|
|
121
|
+
- [ ] Secret retrieval configured in code
|
|
122
|
+
- [ ] Secret rotation policy defined
|
|
123
|
+
- [ ] Secret access audited and logged
|
|
124
|
+
- [ ] Secret encryption enabled
|
|
@@ -0,0 +1,150 @@
|
|
|
1
|
+
# Kubernetes Guidance
|
|
2
|
+
|
|
3
|
+
This folder provides guidance for designing, deploying, and operating applications on Kubernetes.
|
|
4
|
+
|
|
5
|
+
## Scope
|
|
6
|
+
|
|
7
|
+
Use this guidance when:
|
|
8
|
+
|
|
9
|
+
- Designing Kubernetes deployments and workloads
|
|
10
|
+
- Configuring container orchestration strategies
|
|
11
|
+
- Implementing Kubernetes networking (services, ingress, network policies)
|
|
12
|
+
- Setting up Kubernetes storage (persistent volumes, storage classes)
|
|
13
|
+
- Configuring security (RBAC, pod security policies, secrets)
|
|
14
|
+
- Scaling applications (horizontal pod autoscaling, vertical pod autoscaling)
|
|
15
|
+
- Implementing Kubernetes monitoring and logging
|
|
16
|
+
- Troubleshooting Kubernetes issues
|
|
17
|
+
|
|
18
|
+
## Core Principles
|
|
19
|
+
|
|
20
|
+
1. **Declarative Configuration** – Define desired state in YAML manifests
|
|
21
|
+
2. **Immutable Infrastructure** – Containers are disposable, redeploy rather than patch
|
|
22
|
+
3. **Automated Recovery** – Kubernetes automatically replaces failed pods
|
|
23
|
+
4. **Resource Limits** – Specify CPU/memory requests and limits
|
|
24
|
+
5. **Health Checks** – Use liveness and readiness probes
|
|
25
|
+
6. **Observability** – Expose metrics, logs, and traces
|
|
26
|
+
|
|
27
|
+
## Kubernetes Cluster Setup
|
|
28
|
+
|
|
29
|
+
### Cluster Architecture
|
|
30
|
+
- Single control plane or high-availability (3+ control planes)
|
|
31
|
+
- Number of worker nodes based on workload requirements
|
|
32
|
+
- CNI (Container Network Interface) plugin for networking
|
|
33
|
+
- Storage solution for persistent data
|
|
34
|
+
- Ingress controller for external access
|
|
35
|
+
|
|
36
|
+
### Cluster Management
|
|
37
|
+
- Regular Kubernetes version upgrades
|
|
38
|
+
- Node pool management and scaling
|
|
39
|
+
- Resource quotas and namespace isolation
|
|
40
|
+
- RBAC (Role-Based Access Control) configuration
|
|
41
|
+
- Network policies for traffic control
|
|
42
|
+
|
|
43
|
+
### Deployment Platforms
|
|
44
|
+
- **EKS (AWS Elastic Kubernetes Service)** – Managed Kubernetes on AWS
|
|
45
|
+
- **GKE (Google Kubernetes Engine)** – Managed Kubernetes on Google Cloud
|
|
46
|
+
- **AKS (Azure Kubernetes Service)** – Managed Kubernetes on Azure
|
|
47
|
+
- **Self-Managed** – Install and manage Kubernetes yourself
|
|
48
|
+
|
|
49
|
+
## Workload Deployment
|
|
50
|
+
|
|
51
|
+
### Deployment Strategies
|
|
52
|
+
- **Rolling Updates** – Gradually replace old replicas with new ones
|
|
53
|
+
- **Recreate** – Stop all pods and start new ones (downtime)
|
|
54
|
+
- **Blue-Green** – Switch between two complete versions
|
|
55
|
+
- **Canary** – Route small percentage of traffic to new version
|
|
56
|
+
|
|
57
|
+
### Pod Configuration
|
|
58
|
+
- Set resource requests (CPU, memory) based on typical usage
|
|
59
|
+
- Set resource limits to prevent resource hogging
|
|
60
|
+
- Configure liveness and readiness probes
|
|
61
|
+
- Set appropriate restart policies
|
|
62
|
+
- Use security contexts (non-root user, read-only filesystem)
|
|
63
|
+
|
|
64
|
+
### Scaling
|
|
65
|
+
- **Horizontal Pod Autoscaling (HPA)** – Scale pods based on metrics (CPU, custom)
|
|
66
|
+
- **Vertical Pod Autoscaling (VPA)** – Adjust pod resource requests based on usage
|
|
67
|
+
- **Cluster Autoscaling** – Add/remove nodes based on pod requirements
|
|
68
|
+
- **Manual Scaling** – Adjust replica count manually
|
|
69
|
+
|
|
70
|
+
## Networking
|
|
71
|
+
|
|
72
|
+
### Services
|
|
73
|
+
- **ClusterIP** – Expose within cluster only
|
|
74
|
+
- **NodePort** – Expose on specific port on each node
|
|
75
|
+
- **LoadBalancer** – Expose via cloud provider load balancer
|
|
76
|
+
- **ExternalName** – Map to external DNS name
|
|
77
|
+
|
|
78
|
+
### Ingress
|
|
79
|
+
- Use Ingress controller (NGINX, Istio, etc.)
|
|
80
|
+
- Configure routing rules for external access
|
|
81
|
+
- TLS/SSL termination at ingress
|
|
82
|
+
- Multiple domains on single ingress
|
|
83
|
+
|
|
84
|
+
### Network Policies
|
|
85
|
+
- Restrict traffic between pods
|
|
86
|
+
- Default deny all incoming traffic, allow specific connections
|
|
87
|
+
- Egress policies for outbound traffic control
|
|
88
|
+
|
|
89
|
+
## Storage
|
|
90
|
+
|
|
91
|
+
### Persistent Volumes
|
|
92
|
+
- Choose appropriate storage class (fast, standard, archive)
|
|
93
|
+
- Use persistent volume claims for applications
|
|
94
|
+
- Define backup and snapshot procedures
|
|
95
|
+
- Configure retention policies
|
|
96
|
+
|
|
97
|
+
### StatefulSets
|
|
98
|
+
- For applications requiring persistent storage
|
|
99
|
+
- Maintain stable pod identities
|
|
100
|
+
- Ordered startup/shutdown
|
|
101
|
+
|
|
102
|
+
## Security
|
|
103
|
+
|
|
104
|
+
### RBAC (Role-Based Access Control)
|
|
105
|
+
- Create roles for specific responsibilities
|
|
106
|
+
- Bind roles to users/groups/service accounts
|
|
107
|
+
- Follow principle of least privilege
|
|
108
|
+
|
|
109
|
+
### Pod Security
|
|
110
|
+
- Use pod security policies or pod security standards
|
|
111
|
+
- Run as non-root user
|
|
112
|
+
- Use read-only root filesystem
|
|
113
|
+
- Drop unnecessary Linux capabilities
|
|
114
|
+
|
|
115
|
+
### Secrets
|
|
116
|
+
- Never hardcode secrets in manifests
|
|
117
|
+
- Use Kubernetes secrets for sensitive data
|
|
118
|
+
- Consider external secret management (Vault, AWS Secrets Manager)
|
|
119
|
+
|
|
120
|
+
## Monitoring & Logging
|
|
121
|
+
|
|
122
|
+
### Metrics
|
|
123
|
+
- Kubernetes API server metrics
|
|
124
|
+
- kubelet metrics for node health
|
|
125
|
+
- Container runtime metrics
|
|
126
|
+
- Application metrics (instrumented in code)
|
|
127
|
+
|
|
128
|
+
### Logging
|
|
129
|
+
- Container logs accessible via `kubectl logs`
|
|
130
|
+
- Centralized logging solution (ELK, Splunk, Cloud Logging)
|
|
131
|
+
- Structure logs for easier searching and analysis
|
|
132
|
+
|
|
133
|
+
## Best Practices
|
|
134
|
+
|
|
135
|
+
- [ ] Namespace isolation for multi-tenant deployments
|
|
136
|
+
- [ ] Resource quotas per namespace
|
|
137
|
+
- [ ] Network policies restrict traffic
|
|
138
|
+
- [ ] Pod disruption budgets for voluntary disruptions
|
|
139
|
+
- [ ] Health checks (liveness, readiness) configured
|
|
140
|
+
- [ ] Resource requests/limits specified
|
|
141
|
+
- [ ] Security context enforces non-root
|
|
142
|
+
- [ ] Monitoring and alerting configured
|
|
143
|
+
- [ ] Backup and disaster recovery tested
|
|
144
|
+
- [ ] Documentation and runbooks maintained
|
|
145
|
+
|
|
146
|
+
## Files in This Folder
|
|
147
|
+
|
|
148
|
+
- `README.md` – This file
|
|
149
|
+
- `checklists.md` – Kubernetes implementation checklist
|
|
150
|
+
- `examples.md` – Kubernetes deployment examples
|
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
# Kubernetes Checklists
|
|
2
|
+
|
|
3
|
+
Kubernetes-specific implementation checklists. See parent `roles/devops/checklists.md` for the full Kubernetes Deployment Checklist.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Kubernetes Cluster Setup Checklist
|
|
8
|
+
|
|
9
|
+
### Prerequisites
|
|
10
|
+
- [ ] Kubernetes version chosen and supported
|
|
11
|
+
- [ ] Cluster platform selected (EKS, GKE, AKS, self-managed)
|
|
12
|
+
- [ ] High availability requirements defined (1 or 3+ control planes)
|
|
13
|
+
- [ ] CNI plugin selected and planned
|
|
14
|
+
- [ ] Storage solution selected (EBS, GCP persistent disks, etc.)
|
|
15
|
+
|
|
16
|
+
### Control Plane
|
|
17
|
+
- [ ] Control plane nodes provisioned with appropriate resources
|
|
18
|
+
- [ ] etcd backup strategy defined and automated
|
|
19
|
+
- [ ] API server authenticated and authorized
|
|
20
|
+
- [ ] Audit logging enabled
|
|
21
|
+
|
|
22
|
+
### Worker Nodes
|
|
23
|
+
- [ ] Worker nodes provisioned with correct sizing
|
|
24
|
+
- [ ] Node labels and taints configured
|
|
25
|
+
- [ ] Container runtime configured (Docker, containerd, etc.)
|
|
26
|
+
- [ ] kubelet configured and monitoring
|
|
27
|
+
|
|
28
|
+
### Networking
|
|
29
|
+
- [ ] CNI plugin installed and working
|
|
30
|
+
- [ ] Pod network CIDR configured
|
|
31
|
+
- [ ] Service network CIDR configured
|
|
32
|
+
- [ ] Cluster DNS working
|
|
33
|
+
- [ ] Ingress controller installed
|
|
34
|
+
|
|
35
|
+
### RBAC
|
|
36
|
+
- [ ] Service accounts created for applications
|
|
37
|
+
- [ ] Roles defined for required permissions
|
|
38
|
+
- [ ] RoleBindings created
|
|
39
|
+
- [ ] Cluster admin access restricted
|
|
40
|
+
|
|
41
|
+
### Storage
|
|
42
|
+
- [ ] Storage classes defined
|
|
43
|
+
- [ ] Persistent volume provisioning working
|
|
44
|
+
- [ ] Backup solution configured
|
|
45
|
+
|
|
46
|
+
### Monitoring
|
|
47
|
+
- [ ] Prometheus/metrics server installed
|
|
48
|
+
- [ ] Monitoring dashboards created
|
|
49
|
+
- [ ] Alerting rules configured
|
|
50
|
+
- [ ] Logging solution configured
|
|
51
|
+
|
|
52
|
+
---
|
|
53
|
+
|
|
54
|
+
## Workload Deployment Checklist
|
|
55
|
+
|
|
56
|
+
See parent `roles/devops/checklists.md` for detailed Kubernetes Deployment Checklist covering:
|
|
57
|
+
- Container images
|
|
58
|
+
- Deployment manifests
|
|
59
|
+
- Resource limits
|
|
60
|
+
- Health checks
|
|
61
|
+
- Auto-scaling
|
|
62
|
+
- Networking
|
|
63
|
+
- Storage
|
|
64
|
+
- Secrets
|
|
65
|
+
- Monitoring
|
|
66
|
+
- Security
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Helm Chart Development Checklist
|
|
71
|
+
|
|
72
|
+
### Chart Structure
|
|
73
|
+
- [ ] Chart.yaml with correct metadata
|
|
74
|
+
- [ ] values.yaml with sensible defaults
|
|
75
|
+
- [ ] templates/ directory with YAML manifests
|
|
76
|
+
- [ ] README.md with usage instructions
|
|
77
|
+
- [ ] LICENSE file
|
|
78
|
+
|
|
79
|
+
### Templates
|
|
80
|
+
- [ ] All configurable values use Helm variables
|
|
81
|
+
- [ ] Labels consistent across resources
|
|
82
|
+
- [ ] Naming follows convention (release-name-service)
|
|
83
|
+
- [ ] Helper templates created for reuse
|
|
84
|
+
|
|
85
|
+
### Values
|
|
86
|
+
- [ ] Default values specified for all settings
|
|
87
|
+
- [ ] Values documented with comments
|
|
88
|
+
- [ ] Nested structure logical and easy to override
|
|
89
|
+
- [ ] Resource requests/limits specified
|
|
90
|
+
|
|
91
|
+
### Testing
|
|
92
|
+
- [ ] `helm lint` passes
|
|
93
|
+
- [ ] `helm template` produces valid YAML
|
|
94
|
+
- [ ] Dry-run deploy (`helm install --dry-run`) works
|
|
95
|
+
- [ ] Actual deployment tested and working
|
|
96
|
+
- [ ] Upgrade from previous chart version tested
|
|
97
|
+
|
|
98
|
+
### Documentation
|
|
99
|
+
- [ ] README explains chart purpose
|
|
100
|
+
- [ ] CHANGELOG documents versions
|
|
101
|
+
- [ ] Values documented in values.yaml
|
|
102
|
+
- [ ] Example values files provided
|
|
103
|
+
|
|
104
|
+
---
|
|
105
|
+
|
|
106
|
+
## Kubernetes Upgrade Checklist
|
|
107
|
+
|
|
108
|
+
### Planning
|
|
109
|
+
- [ ] Current version documented
|
|
110
|
+
- [ ] Target version identified and supported
|
|
111
|
+
- [ ] Release notes reviewed for breaking changes
|
|
112
|
+
- [ ] Upgrade path verified
|
|
113
|
+
|
|
114
|
+
### Pre-Upgrade
|
|
115
|
+
- [ ] Cluster backup created
|
|
116
|
+
- [ ] Workload backups created
|
|
117
|
+
- [ ] Monitoring verified working
|
|
118
|
+
- [ ] Communication sent to stakeholders
|
|
119
|
+
|
|
120
|
+
### Upgrade
|
|
121
|
+
- [ ] Control plane upgraded first
|
|
122
|
+
- [ ] Node upgrades coordinated with PDBs
|
|
123
|
+
- [ ] Each component upgrade verified
|
|
124
|
+
- [ ] API deprecations handled
|
|
125
|
+
|
|
126
|
+
### Validation
|
|
127
|
+
- [ ] All nodes healthy
|
|
128
|
+
- [ ] All pods running
|
|
129
|
+
- [ ] Applications functioning
|
|
130
|
+
- [ ] Monitoring data flowing
|
|
131
|
+
- [ ] Previous version no longer supported by us
|
|
132
|
+
|
|
133
|
+
### Post-Upgrade
|
|
134
|
+
- [ ] Documentation updated
|
|
135
|
+
- [ ] Team trained on new features
|
|
136
|
+
- [ ] Old manifests updated for deprecations
|
|
137
|
+
|
|
138
|
+
---
|
|
139
|
+
|
|
140
|
+
## Kubernetes Security Checklist
|
|
141
|
+
|
|
142
|
+
### Access Control
|
|
143
|
+
- [ ] RBAC roles follow least privilege
|
|
144
|
+
- [ ] Service accounts have minimal permissions
|
|
145
|
+
- [ ] Service account token auto-mounting disabled where unnecessary
|
|
146
|
+
- [ ] User/group access reviewed quarterly
|
|
147
|
+
|
|
148
|
+
### Pod Security
|
|
149
|
+
- [ ] Pod security policies or standards enforced
|
|
150
|
+
- [ ] Containers run as non-root
|
|
151
|
+
- [ ] Read-only root filesystem enforced
|
|
152
|
+
- [ ] Unnecessary capabilities dropped
|
|
153
|
+
- [ ] Privileged containers justified and minimal
|
|
154
|
+
|
|
155
|
+
### Network Security
|
|
156
|
+
- [ ] Network policies restrict pod traffic
|
|
157
|
+
- [ ] Ingress traffic authenticated/authorized
|
|
158
|
+
- [ ] Egress filtered to necessary endpoints only
|
|
159
|
+
- [ ] East-west traffic encrypted (mTLS, service mesh)
|
|
160
|
+
|
|
161
|
+
### Secrets
|
|
162
|
+
- [ ] Secrets never stored in ConfigMaps
|
|
163
|
+
- [ ] Secrets encrypted at rest
|
|
164
|
+
- [ ] Secret access logged and audited
|
|
165
|
+
- [ ] External secret manager considered (Vault)
|
|
166
|
+
|
|
167
|
+
### Image Security
|
|
168
|
+
- [ ] Container images scanned for vulnerabilities
|
|
169
|
+
- [ ] Only signed images used
|
|
170
|
+
- [ ] Image pull secrets configured
|
|
171
|
+
- [ ] Registry access controlled
|
|
172
|
+
|
|
173
|
+
### Compliance
|
|
174
|
+
- [ ] Audit logging enabled
|
|
175
|
+
- [ ] PCI-DSS, HIPAA, SOC2 controls implemented
|
|
176
|
+
- [ ] Compliance scanning automated
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## Kubernetes Troubleshooting Checklist
|
|
181
|
+
|
|
182
|
+
When debugging pod issues:
|
|
183
|
+
|
|
184
|
+
- [ ] `kubectl describe pod` – Shows events and status
|
|
185
|
+
- [ ] `kubectl logs` – Check container logs
|
|
186
|
+
- [ ] `kubectl exec` – Execute command in pod
|
|
187
|
+
- [ ] `kubectl top` – Check resource usage
|
|
188
|
+
- [ ] Check events: `kubectl get events`
|
|
189
|
+
- [ ] Check node status: `kubectl get nodes`
|
|
190
|
+
- [ ] Check resource quotas: `kubectl describe quota`
|
|
191
|
+
- [ ] Check PVC status: `kubectl get pvc`
|
|
192
|
+
- [ ] Check networking: `kubectl get svc`
|