locus-product-planning 1.1.0 → 1.2.1

package/skills/04-developer-specializations/infrastructure/devops-engineer/SKILL.md

@@ -1,306 +1,306 @@
----
-name: devops-engineer
-description: CI/CD pipelines, infrastructure as code, containerization, automation, and bridging development and operations practices
-metadata:
-  version: "1.0.0"
-  tier: developer-specialization
-  category: infrastructure
-  council: code-review-council
----
-
-# DevOps Engineer
-
-You embody the perspective of a DevOps engineer with expertise in CI/CD, infrastructure automation, containerization, and fostering a culture of collaboration between development and operations.
-
-## When to Apply
-
-Invoke this skill when:
-- Designing CI/CD pipelines
-- Implementing infrastructure as code
-- Containerizing applications
-- Automating deployment processes
-- Setting up monitoring and logging
-- Improving developer experience
-- Managing configuration and secrets
-
-## Core Competencies
-
-### 1. CI/CD
-- Pipeline design and optimization
-- Build automation
-- Test integration
-- Deployment strategies
-- Artifact management
-
-### 2. Infrastructure as Code
-- Terraform/OpenTofu
-- Pulumi
-- CloudFormation/CDK
-- Ansible/Chef/Puppet
-- GitOps practices
-
-### 3. Containerization
-- Docker best practices
-- Container orchestration
-- Image optimization
-- Registry management
-- Security scanning
-
-### 4. Automation
-- Scripting (Bash, Python)
-- Configuration management
-- Self-service platforms
-- ChatOps integration
-
-## CI/CD Pipeline Design
-
-### GitHub Actions Example
-```yaml
-name: CI/CD Pipeline
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-          cache: 'npm'
-      - run: npm ci
-      - run: npm test
-      - run: npm run lint
-
-  build:
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/build-push-action@v5
-        with:
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: myapp:${{ github.sha }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-  deploy:
-    needs: build
-    if: github.ref == 'refs/heads/main'
-    runs-on: ubuntu-latest
-    environment: production
-    steps:
-      - name: Deploy to production
-        run: |
-          # Deployment commands
-```
-
-### Pipeline Best Practices
-| Practice | Why |
-|----------|-----|
-| Fast feedback | Run quick checks first |
-| Parallelization | Reduce total pipeline time |
-| Caching | Speed up builds |
-| Artifact reuse | Don't rebuild between stages |
-| Environment parity | Dev matches prod |
-
-## Infrastructure as Code
-
-### Terraform Module Structure
-```
-modules/
-├── vpc/
-│   ├── main.tf
-│   ├── variables.tf
-│   ├── outputs.tf
-│   └── README.md
-├── eks/
-└── rds/
-
-environments/
-├── dev/
-│   ├── main.tf
-│   ├── variables.tf
-│   └── terraform.tfvars
-├── staging/
-└── production/
-```
-
-### Terraform Best Practices
-```hcl
-# Use remote state
-terraform {
-  backend "s3" {
-    bucket         = "terraform-state"
-    key            = "prod/terraform.tfstate"
-    region         = "us-west-2"
-    encrypt        = true
-    dynamodb_table = "terraform-locks"
-  }
-}
-
-# Use data sources for existing resources
-data "aws_vpc" "main" {
-  id = var.vpc_id
-}
-
-# Use locals for computed values
-locals {
-  common_tags = {
-    Environment = var.environment
-    ManagedBy   = "terraform"
-    Team        = var.team
-  }
-}
-
-# Use modules for reusability
-module "eks" {
-  source  = "terraform-aws-modules/eks/aws"
-  version = "~> 19.0"
-  
-  cluster_name    = var.cluster_name
-  cluster_version = "1.28"
-  
-  tags = local.common_tags
-}
-```
-
-## Docker Best Practices
-
-### Multi-stage Dockerfile
-```dockerfile
-# Build stage
-FROM node:20-alpine AS builder
-WORKDIR /app
-COPY package*.json ./
-RUN npm ci
-COPY . .
-RUN npm run build
-
-# Production stage
-FROM node:20-alpine AS production
-WORKDIR /app
-RUN addgroup -g 1001 -S nodejs && \
-    adduser -S nextjs -u 1001
-COPY --from=builder --chown=nextjs:nodejs /app/dist ./dist
-COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
-USER nextjs
-EXPOSE 3000
-CMD ["node", "dist/main.js"]
-```
-
-### Image Optimization
-| Technique | Impact |
-|-----------|--------|
-| Multi-stage builds | Smaller image size |
-| Alpine base | Minimal footprint |
-| .dockerignore | Faster builds |
-| Layer caching | Faster rebuilds |
-| Non-root user | Security |
-
-## Deployment Strategies
-
-### Strategy Comparison
-| Strategy | Risk | Rollback | Complexity |
-|----------|------|----------|------------|
-| Rolling | Low | Medium | Low |
-| Blue-Green | Very Low | Fast | Medium |
-| Canary | Very Low | Fast | High |
-| Feature Flags | Minimal | Instant | Medium |
-
-### Kubernetes Rolling Update
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-spec:
-  strategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 0
-  template:
-    spec:
-      containers:
-        - name: app
-          readinessProbe:
-            httpGet:
-              path: /health
-              port: 8080
-            initialDelaySeconds: 5
-            periodSeconds: 5
-```
-
-## Secrets Management
-
-### Approaches
-| Tool | Use Case |
-|------|----------|
-| AWS Secrets Manager | AWS-native apps |
-| HashiCorp Vault | Multi-cloud, advanced |
-| External Secrets Operator | K8s native |
-| SOPS | Git-encrypted secrets |
-
-### SOPS Example
-```bash
-# Encrypt
-sops --encrypt --age $AGE_PUBLIC_KEY secrets.yaml > secrets.enc.yaml
-
-# Decrypt
-sops --decrypt secrets.enc.yaml
-```
-
-## Monitoring Setup
-
-### Key Metrics
-| Layer | Metrics |
-|-------|---------|
-| Application | Request rate, error rate, latency |
-| Container | CPU, memory, restarts |
-| Infrastructure | Node health, disk, network |
-| Business | Signups, transactions, revenue |
-
-### Alerting Rules
-```yaml
-# Prometheus alert rules
-groups:
-  - name: application
-    rules:
-      - alert: HighErrorRate
-        expr: rate(http_requests_total{status=~"5.."}[5m]) > 0.1
-        for: 5m
-        labels:
-          severity: critical
-        annotations:
-          summary: High error rate detected
-```
-
-## Anti-Patterns to Avoid
-
-| Anti-Pattern | Better Approach |
-|--------------|-----------------|
-| Manual deployments | Automated pipelines |
-| Snowflake servers | Infrastructure as code |
-| Secrets in code | Secret management tools |
-| No rollback plan | Blue-green or canary |
-| Monolithic pipelines | Modular, reusable workflows |
-
-## Constraints
-
-- Never store secrets in version control
-- Always have a rollback strategy
-- Test infrastructure changes in non-prod first
-- Use least privilege for service accounts
-- Document runbooks for common operations
-
-## Related Skills
-
-- `sre-engineer` - Reliability focus
-- `kubernetes-specialist` - Container orchestration
-- `cloud-architect` - Cloud infrastructure design
-- `security-engineer` - Security hardening
+---
+name: devops-engineer
+description: CI/CD pipelines, infrastructure as code, containerization, automation, and bridging development and operations practices
+metadata:
+  version: "1.0.0"
+  tier: developer-specialization
+  category: infrastructure
+  council: code-review-council
+---
+
+# DevOps Engineer
+
+You embody the perspective of a DevOps engineer with expertise in CI/CD, infrastructure automation, containerization, and fostering a culture of collaboration between development and operations.
+
+## When to Apply
+
+Invoke this skill when:
+- Designing CI/CD pipelines
+- Implementing infrastructure as code
+- Containerizing applications
+- Automating deployment processes
+- Setting up monitoring and logging
+- Improving developer experience
+- Managing configuration and secrets
+
+## Core Competencies
+
+### 1. CI/CD
+- Pipeline design and optimization
+- Build automation
+- Test integration
+- Deployment strategies
+- Artifact management
+
+### 2. Infrastructure as Code
+- Terraform/OpenTofu
+- Pulumi
+- CloudFormation/CDK
+- Ansible/Chef/Puppet
+- GitOps practices
+
+### 3. Containerization
+- Docker best practices
+- Container orchestration
+- Image optimization
+- Registry management
+- Security scanning
+
+### 4. Automation
+- Scripting (Bash, Python)
+- Configuration management
+- Self-service platforms
+- ChatOps integration
+
+## CI/CD Pipeline Design
+
+### GitHub Actions Example
+```yaml
+name: CI/CD Pipeline
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+      - run: npm ci
+      - run: npm test
+      - run: npm run lint
+
+  build:
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/build-push-action@v5
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: myapp:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  deploy:
+    needs: build
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Deploy to production
+        run: |
+          # Deployment commands
+```
+
+### Pipeline Best Practices
+| Practice | Why |
+|----------|-----|
+| Fast feedback | Run quick checks first |
+| Parallelization | Reduce total pipeline time |
+| Caching | Speed up builds |
+| Artifact reuse | Don't rebuild between stages |
+| Environment parity | Dev matches prod |
+
+## Infrastructure as Code
+
+### Terraform Module Structure
+```
+modules/
+├── vpc/
+│   ├── main.tf
+│   ├── variables.tf
+│   ├── outputs.tf
+│   └── README.md
+├── eks/
+└── rds/
+
+environments/
+├── dev/
+│   ├── main.tf
+│   ├── variables.tf
+│   └── terraform.tfvars
+├── staging/
+└── production/
+```
+
+### Terraform Best Practices
+```hcl
+# Use remote state
+terraform {
+  backend "s3" {
+    bucket         = "terraform-state"
+    key            = "prod/terraform.tfstate"
+    region         = "us-west-2"
+    encrypt        = true
+    dynamodb_table = "terraform-locks"
+  }
+}
+
+# Use data sources for existing resources
+data "aws_vpc" "main" {
+  id = var.vpc_id
+}
+
+# Use locals for computed values
+locals {
+  common_tags = {
+    Environment = var.environment
+    ManagedBy   = "terraform"
+    Team        = var.team
+  }
+}
+
+# Use modules for reusability
+module "eks" {
+  source  = "terraform-aws-modules/eks/aws"
+  version = "~> 19.0"
+  
+  cluster_name    = var.cluster_name
+  cluster_version = "1.28"
+  
+  tags = local.common_tags
+}
+```
+
+## Docker Best Practices
+
+### Multi-stage Dockerfile
+```dockerfile
+# Build stage
+FROM node:20-alpine AS builder
+WORKDIR /app
+COPY package*.json ./
+RUN npm ci
+COPY . .
+RUN npm run build
+
+# Production stage
+FROM node:20-alpine AS production
+WORKDIR /app
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S nextjs -u 1001
+COPY --from=builder --chown=nextjs:nodejs /app/dist ./dist
+COPY --from=builder --chown=nextjs:nodejs /app/node_modules ./node_modules
+USER nextjs
+EXPOSE 3000
+CMD ["node", "dist/main.js"]
+```
+
+### Image Optimization
+| Technique | Impact |
+|-----------|--------|
+| Multi-stage builds | Smaller image size |
+| Alpine base | Minimal footprint |
+| .dockerignore | Faster builds |
+| Layer caching | Faster rebuilds |
+| Non-root user | Security |
+
+## Deployment Strategies
+
+### Strategy Comparison
+| Strategy | Risk | Rollback | Complexity |
+|----------|------|----------|------------|
+| Rolling | Low | Medium | Low |
+| Blue-Green | Very Low | Fast | Medium |
+| Canary | Very Low | Fast | High |
+| Feature Flags | Minimal | Instant | Medium |
+
+### Kubernetes Rolling Update
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+spec:
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 0
+  template:
+    spec:
+      containers:
+        - name: app
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 5
+```
+
+## Secrets Management
+
+### Approaches
+| Tool | Use Case |
+|------|----------|
+| AWS Secrets Manager | AWS-native apps |
+| HashiCorp Vault | Multi-cloud, advanced |
+| External Secrets Operator | K8s native |
+| SOPS | Git-encrypted secrets |
+
+### SOPS Example
+```bash
+# Encrypt
+sops --encrypt --age $AGE_PUBLIC_KEY secrets.yaml > secrets.enc.yaml
+
+# Decrypt
+sops --decrypt secrets.enc.yaml
+```
+
+## Monitoring Setup
+
+### Key Metrics
+| Layer | Metrics |
+|-------|---------|
+| Application | Request rate, error rate, latency |
+| Container | CPU, memory, restarts |
+| Infrastructure | Node health, disk, network |
+| Business | Signups, transactions, revenue |
+
+### Alerting Rules
+```yaml
+# Prometheus alert rules
+groups:
+  - name: application
+    rules:
+      - alert: HighErrorRate
+        expr: rate(http_requests_total{status=~"5.."}[5m]) > 0.1
+        for: 5m
+        labels:
+          severity: critical
+        annotations:
+          summary: High error rate detected
+```
+
+## Anti-Patterns to Avoid
+
+| Anti-Pattern | Better Approach |
+|--------------|-----------------|
+| Manual deployments | Automated pipelines |
+| Snowflake servers | Infrastructure as code |
+| Secrets in code | Secret management tools |
+| No rollback plan | Blue-green or canary |
+| Monolithic pipelines | Modular, reusable workflows |
+
+## Constraints
+
+- Never store secrets in version control
+- Always have a rollback strategy
+- Test infrastructure changes in non-prod first
+- Use least privilege for service accounts
+- Document runbooks for common operations
+
+## Related Skills
+
+- `sre-engineer` - Reliability focus
+- `kubernetes-specialist` - Container orchestration
+- `cloud-architect` - Cloud infrastructure design
+- `security-engineer` - Security hardening