managing-infra
Infrastructure Patterns
Safety: Dry-Run Before Apply
NEVER run state-changing commands (kubectl apply, terraform apply, helm upgrade --install) without first presenting the plan/diff to the user.
Always run the read-only equivalent first:
terraform planbeforeterraform applykubectl diffbeforekubectl applyhelm upgrade --dry-runbeforehelm upgrade
If the user explicitly asks to apply, confirm before executing.
When to Use What
| Tool | Use For |
|---|---|
| Raw K8s YAML | Simple deployments, one-off resources |
| Kustomize | Environment variations, overlays without templating |
| Helm | Complex apps, third-party charts, heavy templating |
| Terraform | Cloud resources, infrastructure lifecycle |
| GitHub Actions | CI/CD, automated testing, releases |
| Makefile | Build automation, self-documenting targets |
| Dockerfile | Container builds, multi-stage, multi-arch |
Quick Decisions
Kustomize when: Simple env differences, readable manifests, patching YAML Helm when: Complex templating, third-party charts, release management
K8s Security Defaults
Every workload: non-root user, read-only filesystem, no privilege escalation, dropped capabilities, network policies.
GitHub Actions Patterns
- CI workflow: Lint, test, compile on PRs (run on both x86 + ARM)
- Release workflow: Multi-arch Docker build on tags (native ARM runners)
- Pin actions by SHA, least-privilege permissions
References
- KUBERNETES.md - K8s resource patterns
- TERRAFORM.md - Terraform module patterns
- GITHUB-ACTIONS.md - CI/CD workflow patterns
- MAKEFILE.md - Build automation patterns
- DOCKERFILE.md - Container build patterns
- templates/ - Ready-to-use templates
Commands
kubectl apply -k ./ # Apply kustomize
helm upgrade --install NAME . # Install/upgrade chart
terraform plan && terraform apply
More from alexei-led/cc-thingz
improving-tests
Improve test design and coverage, including TDD/red-green-refactor guidance. Use when user says "improve tests", "refactor tests", "test coverage", "combine tests", "table-driven", "parametrize", "test.each", "test-first", "TDD", "red-green-refactor", or wants to remove test waste.
4refactoring-code
Batch refactoring via MorphLLM edit_file. Use for "refactor across files", "batch rename", "update pattern everywhere", large files (500+ lines), 5+ edits in same file, or applying an approved architecture-deepening refactor.
3debating-ideas
Dialectic thinking — spawn thesis and antithesis agents to stress-test ideas, then synthesize and verify against code. Use when user says "debate", "argue both sides", "devil's advocate", "stress test this idea", "pros and cons of approach", or wants rigorous evaluation of a design decision.
3linting-instructions
Lint plugin agent/skill prompts against rules derived from Anthropic model cards (Opus 4.6, Sonnet 4.6). Use when authoring or reviewing skills and agents — "lint instructions", "audit prompts", "model card rules".
3learning-patterns
Extract learnings and generate project-specific customizations (CLAUDE.md, commands, skills, hooks). Use when user says "learn", "extract learnings", "what did we learn", "save learnings", "adapt config", or wants to improve Claude Code based on conversation patterns.
3documenting-code
Update project documentation based on recent changes. Use when user says "update docs", "document", "add documentation", "update readme", "write docs", or wants to improve documentation.
3