mit einem Klick
agent-guides
agent-guides enthält 61 gesammelte Skills von sawrus, mit Repository-Berufsabdeckung und Skill-Detailseiten auf SkillsMP.
Skills in diesem Repository
Production-grade GitHub Actions workflows — reusable workflows, OIDC cloud auth, caching, matrix builds, and environment protection rules. Use when the user creates, reviews, or debugs CI/CD pipelines in .github/workflows, or asks about GitHub Actions deployment, OIDC authentication, or workflow optimization.
Systematic diagnosis of Kubernetes pod failures — CrashLoopBackOff, OOMKilled, Pending, ImagePullBackOff, and service connectivity issues. Use when the user encounters pods not starting, container restart loops, scheduling failures, or service unreachability in a K8s cluster.
Implement distributed tracing with OpenTelemetry, Tempo/Jaeger — instrumentation, sampling, and trace-to-log correlation. Use when the user asks about distributed tracing, OpenTelemetry setup, span instrumentation, trace propagation, or connecting traces to logs and metrics.
Design reusable React components with compound patterns, controlled/uncontrolled hybrids, typed prop APIs, async state handling, and ARIA accessibility. Use when the user creates, refactors, or reviews React components, or mentions props, hooks, .tsx files, component APIs, or accessible UI patterns.
Apply STRIDE threat modeling to system designs, identify IDOR and authorization vulnerabilities, and build threat matrices for security reviews. Use when the user designs a new system, reviews an architecture, prepares for a security audit, or asks about common API vulnerabilities like IDOR or broken access control.
Secure CI/CD pipelines with keyless signing, OIDC federation, provenance attestations, policy enforcement, and hardened runners.
Manage container images, Helm charts, and build artifacts — registry organization, retention, promotion between environments.
Optimize CI build speed — Docker layer caching, dependency caching, multi-stage builds, parallelism, and build matrix strategies.
GitLab CI/CD pipelines — include templates, environments, OIDC auth, caching, protected runners, deployment gates.
PostgreSQL backup and restore with pgBackRest — full/incremental/WAL, PITR, K8s CronJob scheduling, and restore verification.
PostgreSQL query performance — EXPLAIN ANALYZE, index design, pg_stat_statements, slow query detection, connection pool tuning.
Safe database migrations in production — expand-and-contract, lock-safe DDL, timing estimation, rollback SQL.
PostgreSQL operational runbooks — health checks, vacuum, bloat, locks, PITR, connection pool management.
Redis operational runbooks — memory management, eviction policy, persistence config, Sentinel/Cluster, K8s-hosted Redis ops.
Harden container images and Kubernetes workload security contexts — distroless, multi-stage, minimal attack surface.
Write OPA/Gatekeeper and Kyverno admission policies for Kubernetes security guardrails.
Generate, attach, and verify SBOMs (CycloneDX/SPDX) for container images; implement SLSA provenance; harden software supply chain.
Detect secrets in code, git history, and running containers — pre-commit hooks, CI scanning, and incident response for exposed credentials.
Sign container images and artifacts with cosign (keyless via OIDC and key-based); verify signatures in CD pipelines and admission policies.
Write idempotent Ansible playbooks and roles for server configuration, K8s node provisioning, and application bootstrap.
Identify and reduce cloud infrastructure costs — right-sizing, reserved capacity, waste detection, tagging for cost attribution.
Detect, classify, and automate Terraform drift detection in CI — scheduled plans, drift metrics, cloud-native audit log correlation.
Manage Terraform remote state — backend setup, state isolation, locking, import, mv, and state surgery.
Design reusable, well-tested Terraform modules with cloud-agnostic interfaces and safe state management.
Day-2 cluster operations — node management, etcd backup/restore, certificate rotation, namespace lifecycle.
Design, structure, and test production-grade Helm charts with multi-environment overlays.
Design and implement Kubernetes NetworkPolicy and Cilium network policies for namespace isolation and service-to-service access control.
Design minimal-privilege RBAC for workloads, operators, and human access in multi-tenant clusters.
Right-size pod resources, configure HPA/VPA/KEDA, and eliminate resource waste in Kubernetes.
DNS management for Kubernetes — CoreDNS tuning, external-dns automation, split-horizon DNS, and bare-metal DNS design.
NGINX Ingress Controller patterns — TLS, rate limiting, CORS, rewrites, path-based routing, and MetalLB for bare-metal.
Implement service mesh for mTLS, traffic management, and observability — Istio and Linkerd patterns for Kubernetes.
Configure TLS termination with cert-manager — Let's Encrypt, internal CA via Vault PKI, wildcard certs, mTLS between services.
Design cloud-agnostic private networks — subnet layout, CIDR allocation, zone redundancy, routing, and bare-metal equivalent.
Design and maintain Grafana dashboards — service overview panels, SLO tracking, variable templates, dashboard-as-code with Grafonnet/Jsonnet.
Set up Loki or ELK log aggregation for K8s workloads — structured logging, log routing, and log-based alerting.
Write production-quality Prometheus alert rules, recording rules, and Alertmanager routing configs.
Implement SLOs end-to-end in Prometheus — recording rules, burn rate alerts, error budget dashboards, and Sloth/pyrra integration.
Forecast infrastructure capacity needs — traffic projection, resource headroom calculations, node pool sizing, K8s cluster capacity.
Design and run chaos experiments in Kubernetes — pod failures, network partitions, resource pressure with LitmusChaos and manual chaos.