devops-deployment
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseDevOps & Deployment Skill
DevOps与部署技能
Comprehensive frameworks for CI/CD pipelines, containerization, deployment strategies, and infrastructure automation.
CI/CD流水线、容器化、部署策略及基础设施自动化的综合框架。
Overview
概述
- Setting up CI/CD pipelines
- Containerizing applications
- Deploying to Kubernetes or cloud platforms
- Implementing GitOps workflows
- Managing infrastructure as code
- Planning release strategies
- 搭建CI/CD流水线
- 应用容器化
- 部署至Kubernetes或云平台
- 实施GitOps工作流
- 基础设施即代码管理
- 发布策略规划
Pipeline Architecture
流水线架构
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Code │──>│ Build │──>│ Test │──>│ Deploy │
│ Commit │ │ & Lint │ │ & Scan │ │ & Release │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
│ │ │ │
v v v v
Triggers Artifacts Reports Monitoring┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Code │──>│ Build │──>│ Test │──>│ Deploy │
│ Commit │ │ & Lint │ │ & Scan │ │ & Release │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
│ │ │ │
v v v v
Triggers Artifacts Reports MonitoringKey Concepts
核心概念
CI/CD Pipeline Stages
CI/CD流水线阶段
- Lint & Type Check - Code quality gates
- Unit Tests - Test coverage with reporting
- Security Scan - npm audit + Trivy vulnerability scanner
- Build & Push - Docker image to container registry
- Deploy Staging - Environment-gated deployment
- Deploy Production - Manual approval or automated
- 代码检查与类型校验 - 代码质量门禁
- 单元测试 - 带报告的测试覆盖率统计
- 安全扫描 - npm audit + Trivy漏洞扫描器
- 构建与推送 - 将Docker镜像推送至容器镜像仓库
- 部署至预发布环境 - 环境门禁式部署
- 部署至生产环境 - 手动审批或自动化部署
Container Best Practices
容器化最佳实践
Multi-stage builds minimize image size:
- Stage 1: Install production dependencies only
- Stage 2: Build application with dev dependencies
- Stage 3: Production runtime with minimal footprint
Security hardening:
- Non-root user (uid 1001)
- Read-only filesystem where possible
- Health checks for orchestrator integration
多阶段构建可最小化镜像体积:
- 阶段1:仅安装生产环境依赖
- 阶段2:使用开发依赖构建应用
- 阶段3:生产运行时,保持最小镜像体积
安全加固:
- 非root用户(uid 1001)
- 尽可能使用只读文件系统
- 用于编排器集成的健康检查
Kubernetes Deployment
Kubernetes部署
Essential manifests:
- Deployment with rolling update strategy
- Service for internal routing
- Ingress for external access with TLS
- HorizontalPodAutoscaler for scaling
Security context:
runAsNonRoot: trueallowPrivilegeEscalation: falsereadOnlyRootFilesystem: true- Drop all capabilities
必备清单:
- 采用滚动更新策略的Deployment
- 用于内部路由的Service
- 带TLS的外部访问Ingress
- 用于自动扩缩容的HorizontalPodAutoscaler
安全上下文:
runAsNonRoot: trueallowPrivilegeEscalation: falsereadOnlyRootFilesystem: true- 移除所有权限
Deployment Strategies
部署策略
| Strategy | Use Case | Risk |
|---|---|---|
| Rolling | Default, gradual replacement | Low - automatic rollback |
| Blue-Green | Instant switch, easy rollback | Medium - double resources |
| Canary | Progressive traffic shift | Low - gradual exposure |
Rolling Update (Kubernetes default):
yaml
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 0 # Zero downtime| 策略 | 适用场景 | 风险 |
|---|---|---|
| 滚动部署 | 默认方案,逐步替换实例 | 低风险 - 支持自动回滚 |
| 蓝绿部署 | 即时切换,易于回滚 | 中风险 - 需双倍资源 |
| 金丝雀发布 | 渐进式流量切换 | 低风险 - 逐步暴露新版本 |
滚动更新(Kubernetes默认):
yaml
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 0 # Zero downtimeSecrets Management
密钥管理
Use External Secrets Operator to sync from cloud providers:
- AWS Secrets Manager
- HashiCorp Vault
- Azure Key Vault
- GCP Secret Manager
使用External Secrets Operator与云服务商同步密钥:
- AWS Secrets Manager
- HashiCorp Vault
- Azure Key Vault
- GCP Secret Manager
References
参考资料
Docker Patterns
Docker模式
See:
references/docker-patterns.mdKey topics covered:
- Multi-stage build examples with 78% size reduction
- Layer caching optimization
- Security hardening (non-root, health checks)
- Trivy vulnerability scanning
- Docker Compose development setup
查看:
references/docker-patterns.md涵盖核心主题:
- 多阶段构建示例,可减少78%镜像体积
- 镜像层缓存优化
- 安全加固(非root用户、健康检查)
- Trivy漏洞扫描
- Docker Compose开发环境配置
CI/CD Pipelines
CI/CD流水线
See:
references/ci-cd-pipelines.mdKey topics covered:
- Branch strategy (Git Flow)
- GitHub Actions caching (85% time savings)
- Artifact management
- Matrix testing
- Complete backend CI/CD example
查看:
references/ci-cd-pipelines.md涵盖核心主题:
- 分支策略(Git Flow)
- GitHub Actions缓存(节省85%时间)
- 制品管理
- 矩阵测试
- 完整后端CI/CD示例
Kubernetes Basics
Kubernetes基础
See:
references/kubernetes-basics.mdKey topics covered:
- Health probes (startup, liveness, readiness)
- Security context configuration
- PodDisruptionBudget
- Resource quotas
- StatefulSets for databases
- Helm chart structure
查看:
references/kubernetes-basics.md涵盖核心主题:
- 健康探针(启动探针、存活探针、就绪探针)
- 安全上下文配置
- PodDisruptionBudget
- 资源配额
- 用于数据库的StatefulSets
- Helm Chart结构
Environment Management
环境管理
See:
references/environment-management.mdKey topics covered:
- External Secrets Operator
- GitOps with ArgoCD
- Terraform patterns (remote state, modules)
- Zero-downtime database migrations
- Alembic migration workflow
- Rollback procedures
查看:
references/environment-management.md涵盖核心主题:
- External Secrets Operator
- 基于ArgoCD的GitOps
- Terraform模式(远程状态、模块)
- 零停机数据库迁移
- Alembic迁移工作流
- 回滚流程
Observability
可观测性
See:
references/observability.mdKey topics covered:
- Prometheus metrics exposition
- Grafana dashboard queries (PromQL)
- Alerting rules for SLOs
- Golden signals (SRE)
- Structured logging
- Distributed tracing (OpenTelemetry)
查看:
references/observability.md涵盖核心主题:
- Prometheus指标暴露
- Grafana仪表盘查询(PromQL)
- SLO告警规则
- 黄金信号(SRE)
- 结构化日志
- 分布式追踪(OpenTelemetry)
Deployment Strategies
部署策略
See:
references/deployment-strategies.mdKey topics covered:
- Rolling deployment
- Blue-green deployment
- Canary releases
- Traffic splitting with Istio
查看:
references/deployment-strategies.md涵盖核心主题:
- 滚动部署
- 蓝绿部署
- 金丝雀发布
- 基于Istio的流量拆分
Deployment Checklist
部署检查清单
Pre-Deployment
部署前
- All tests passing in CI
- Security scans clean
- Database migrations ready
- Rollback plan documented
- CI中所有测试已通过
- 安全扫描无问题
- 数据库迁移已准备就绪
- 回滚计划已文档化
During Deployment
部署中
- Monitor deployment progress
- Watch error rates
- Verify health checks passing
- 监控部署进度
- 关注错误率
- 验证健康检查已通过
Post-Deployment
部署后
- Verify metrics normal
- Check logs for errors
- Update status page
- 验证指标正常
- 检查日志是否存在错误
- 更新状态页面
Helm Chart Structure
Helm Chart结构
charts/app/
├── Chart.yaml
├── values.yaml
├── scripts/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ ├── secret.yaml
│ ├── hpa.yaml
│ └── _helpers.tpl
└── values/
├── staging.yaml
└── production.yamlcharts/app/
├── Chart.yaml
├── values.yaml
├── scripts/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ ├── secret.yaml
│ ├── hpa.yaml
│ └── _helpers.tpl
└── values/
├── staging.yaml
└── production.yamlRelated Skills
相关技能
- - Database migration patterns for zero-downtime deployments
zero-downtime-migration - - Security scanning integration for CI/CD pipelines
security-scanning - - Monitoring and alerting for deployed applications
observability-monitoring - - Python/Alembic migration workflow for backend deployments
alembic-migrations
- - 用于零停机部署的数据库迁移模式
zero-downtime-migration - - CI/CD流水线集成安全扫描
security-scanning - - 已部署应用的监控与告警
observability-monitoring - - 后端部署的Python/Alembic迁移工作流
alembic-migrations
Key Decisions
关键决策
| Decision | Choice | Rationale |
|---|---|---|
| Container user | Non-root (uid 1001) | Security best practice, required by many orchestrators |
| Deployment strategy | Rolling update (default) | Zero downtime, automatic rollback, resource efficient |
| Secrets management | External Secrets Operator | Syncs from cloud providers, GitOps compatible |
| Health checks | Separate startup/liveness/readiness | Prevents premature traffic, enables graceful shutdown |
| 决策项 | 选择方案 | 理由 |
|---|---|---|
| 容器用户 | 非root用户(uid 1001) | 安全最佳实践,多数编排器强制要求 |
| 部署策略 | 滚动更新(默认) | 零停机、自动回滚、资源高效 |
| 密钥管理 | External Secrets Operator | 与云服务商同步,兼容GitOps |
| 健康检查 | 分离启动/存活/就绪探针 | 避免过早接入流量,支持优雅停机 |
Extended Thinking Triggers
拓展思考触发点
Use Opus 4.6 adaptive thinking for:
- Architecture decisions - Kubernetes vs serverless, multi-region setup
- Migration planning - Moving between cloud providers
- Incident response - Complex deployment failures
- Security design - Zero-trust architecture
使用Opus 4.6自适应思考解决以下问题:
- 架构决策 - Kubernetes vs 无服务器架构、多区域部署
- 迁移规划 - 跨云服务商迁移
- 事件响应 - 复杂部署故障处理
- 安全设计 - 零信任架构
Templates Reference
模板参考
| Template | Purpose |
|---|---|
| Full CI/CD workflow with 6 stages |
| Multi-stage Node.js build |
| Development environment |
| Deployment, Service, Ingress |
| Helm chart values |
| VPC, EKS, RDS infrastructure |
| GitOps application |
| Secrets Manager integration |
| 模板 | 用途 |
|---|---|
| 包含6个阶段的完整CI/CD工作流 |
| 多阶段Node.js构建 |
| 开发环境配置 |
| Deployment、Service、Ingress配置 |
| Helm Chart配置值 |
| VPC、EKS、RDS基础设施配置 |
| GitOps应用配置 |
| Secrets Manager集成配置 |
Capability Details
能力细节
ci-cd
ci-cd
Keywords: ci, cd, pipeline, github actions, gitlab ci, jenkins, workflow
Solves:
- How do I set up CI/CD?
- GitHub Actions workflow patterns
- Pipeline caching strategies
- Matrix testing setup
关键词: ci, cd, pipeline, github actions, gitlab ci, jenkins, workflow
解决问题:
- 如何搭建CI/CD?
- GitHub Actions工作流模式
- 流水线缓存策略
- 矩阵测试配置
docker
docker
Keywords: docker, dockerfile, container, image, build, compose, multi-stage
Solves:
- How do I containerize my app?
- Multi-stage Dockerfile best practices
- Docker Compose development setup
- Container security hardening
关键词: docker, dockerfile, container, image, build, compose, multi-stage
解决问题:
- 如何将应用容器化?
- 多阶段Dockerfile最佳实践
- Docker Compose开发环境配置
- 容器安全加固
kubernetes
kubernetes
Keywords: kubernetes, k8s, deployment, service, ingress, helm, statefulset, pdb
Solves:
- How do I deploy to Kubernetes?
- K8s health probes and resource limits
- Helm chart structure
- StatefulSet for databases
关键词: kubernetes, k8s, deployment, service, ingress, helm, statefulset, pdb
解决问题:
- 如何部署至Kubernetes?
- K8s健康探针与资源限制
- Helm Chart结构
- 用于数据库的StatefulSet
infrastructure-as-code
infrastructure-as-code
Keywords: terraform, pulumi, iac, infrastructure, provision, gitops, argocd
Solves:
- How do I set up infrastructure as code?
- Terraform AWS patterns (VPC, EKS, RDS)
- GitOps with ArgoCD
- Secrets management patterns
关键词: terraform, pulumi, iac, infrastructure, provision, gitops, argocd
解决问题:
- 如何编写基础设施即代码?
- Terraform AWS模式(VPC、EKS、RDS)
- 基于ArgoCD的GitOps
- 密钥管理模式
deployment-strategies
deployment-strategies
Keywords: blue green, canary, rolling, deployment strategy, rollback, zero downtime
Solves:
- Which deployment strategy should I use?
- Zero-downtime database migrations
- Blue-green deployment setup
- Canary release with traffic splitting
关键词: blue green, canary, rolling, deployment strategy, rollback, zero downtime
解决问题:
- 应选择哪种部署策略?
- 零停机数据库迁移
- 蓝绿部署配置
- 带流量拆分的金丝雀发布
observability
observability
Keywords: prometheus, grafana, metrics, alerting, monitoring, health check
Solves:
- How do I add monitoring to my app?
- Prometheus metrics exposition
- Grafana dashboard queries
- Alerting rules for SLOs
关键词: prometheus, grafana, metrics, alerting, monitoring, health check
解决问题:
- 如何为应用添加监控?
- Prometheus指标暴露
- Grafana仪表盘查询
- SLO告警规则