dpnmw/agents
1
0
Fork 0
mirror of https://github.com/wshobson/agents.git synced 2026-03-18 09:37:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Add OCI awareness across agents and skills

Browse Source 
Adds awareness of Oracle Cloud Infrastructure to any plugin that referenced
at least two of the major cloud vendors already. Skills updated to include
OCI services. Also updated some of the other cloud references.

Signed-off-by: Avi Miller <me@dje.li>
This commit is contained in:
Avi Miller
2026-03-16 17:49:42 +11:00
parent a6f0f457c4
commit 24df162978
68 changed files with 520 additions and 253 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
plugins/cloud-infrastructure/skills/cost-optimization/SKILL.md
View File

@@ -1,11 +1,11 @@
---
name: cost-optimization
description: Optimize cloud costs through resource rightsizing, tagging strategies, reserved instances, and spending analysis. Use when reducing cloud expenses, analyzing infrastructure costs, or implementing cost governance policies.
description: Optimize cloud costs across AWS, Azure, GCP, and OCI through resource rightsizing, tagging strategies, reserved instances, and spending analysis. Use when reducing cloud expenses, analyzing infrastructure costs, or implementing cost governance policies.
---
# Cloud Cost Optimization
Strategies and patterns for optimizing cloud costs across AWS, Azure, and GCP.
Strategies and patterns for optimizing cloud costs across AWS, Azure, GCP, and OCI.
## Purpose
@@ -149,6 +149,26 @@ resource "aws_s3_bucket_lifecycle_configuration" "example" {
- 24-hour maximum runtime
- Best for batch workloads
## OCI Cost Optimization
### Flexible Shapes
- Scale OCPUs and memory independently
- Match instance sizing to workload demand
- Reduce wasted capacity from fixed VM shapes
### Commitments and Budgets
- Use annual commitments for predictable spend
- Set compartment-level budgets with alerts
- Track monthly forecasts with OCI Cost Analysis
### Preemptible Capacity
- Use preemptible instances for batch and ephemeral workloads
- Keep interruption-tolerant autoscaling groups
- Mix with standard capacity for critical services
## Tagging Strategy
### AWS Tagging
@@ -208,6 +228,7 @@ resource "aws_budgets_budget" "monthly" {
- AWS Cost Anomaly Detection
- Azure Cost Management alerts
- GCP Budget alerts
- OCI Budgets and Cost Analysis
## Architecture Patterns
@@ -282,6 +303,7 @@ resource "aws_cloudwatch_metric_alarm" "cpu_high" {
- **AWS:** Cost Explorer, Cost Anomaly Detection, Compute Optimizer
- **Azure:** Cost Management, Advisor
- **GCP:** Cost Management, Recommender
- **OCI:** Cost Analysis, Budgets, Cloud Advisor
- **Multi-cloud:** CloudHealth, Cloudability, Kubecost

23
plugins/cloud-infrastructure/skills/cost-optimization/references/tagging-standards.md Normal file
View File

@@ -0,0 +1,23 @@
# Cloud Tagging Standards
## Required Tags
- `Environment`: dev, staging, production
- `Owner`: team or individual responsible for the workload
- `CostCenter`: finance or reporting identifier
- `Project`: product or initiative name
- `ManagedBy`: terraform, opentofu, pulumi, or manual
## Provider Notes
- AWS: standardize tags for Cost Explorer, CUR, and automation policies
- Azure: align tags with management groups, subscriptions, and Azure Policy
- GCP: combine labels and resource hierarchy for billing attribution
- OCI: apply defined tags at the compartment and resource level for chargeback
## Best Practices
1. Publish an approved tag dictionary and naming rules.
2. Enforce tags with policy and CI validation.
3. Inherit tags from shared modules whenever possible.
4. Audit for missing or inconsistent tags weekly.

33
plugins/cloud-infrastructure/skills/hybrid-cloud-networking/SKILL.md
View File

@@ -5,11 +5,11 @@ description: Configure secure, high-performance connectivity between on-premises
# Hybrid Cloud Networking
Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, and ExpressRoute.
Configure secure, high-performance connectivity between on-premises and cloud environments using VPN, Direct Connect, ExpressRoute, Interconnect, and FastConnect.
## Purpose
Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP).
Establish secure, reliable network connectivity between on-premises data centers and cloud providers (AWS, Azure, GCP, OCI).
## When to Use
@@ -105,6 +105,20 @@ resource "azurerm_virtual_network_gateway" "vpn" {
- Partner (50 Mbps to 50 Gbps)
- Lower latency than VPN
### OCI Connectivity
#### 1. IPSec VPN Connect
- IPSec VPN with redundant tunnels
- Dynamic routing through DRG
- Good fit for branch offices and migration phases
#### 2. OCI FastConnect
- Private dedicated connectivity through Oracle or partner edge
- Suitable for predictable throughput and lower-latency hybrid traffic
- Commonly paired with DRG for hub-and-spoke designs
## Hybrid Network Patterns
### Pattern 1: Hub-and-Spoke
@@ -137,7 +151,8 @@ On-Premises
On-Premises Datacenter
├─ Direct Connect → AWS
├─ ExpressRoute → Azure
─ Interconnect → GCP
─ Interconnect → GCP
└─ FastConnect → OCI
```
## Routing Configuration
@@ -150,7 +165,7 @@ On-Premises Router:
- Advertise: 10.0.0.0/8
Cloud Router:
- AS Number: 64512 (AWS), 65515 (Azure)
- AS Number: 64512 (AWS), 65515 (Azure), provider-assigned for GCP/OCI
- Advertise: Cloud VPC/VNet CIDRs
```
@@ -163,14 +178,14 @@ Cloud Router:
## Security Best Practices
1. **Use private connectivity** (Direct Connect/ExpressRoute)
1. **Use private connectivity** (Direct Connect/ExpressRoute/Interconnect/FastConnect)
2. **Implement encryption** for VPN tunnels
3. **Use VPC endpoints** to avoid internet routing
4. **Configure network ACLs** and security groups
5. **Enable VPC Flow Logs** for monitoring
6. **Implement DDoS protection**
7. **Use PrivateLink/Private Endpoints**
8. **Monitor connections** with CloudWatch/Monitor
8. **Monitor connections** with CloudWatch/Azure Monitor/Cloud Monitoring/OCI Monitoring
9. **Implement redundancy** (dual tunnels)
10. **Regular security audits**
@@ -219,6 +234,10 @@ aws ec2 get-vpn-connection-telemetry
# Azure VPN
az network vpn-connection show
az network vpn-connection show-device-config-script
# OCI IPSec VPN
oci network ip-sec-connection list
oci network cpe list
```
## Cost Optimization
@@ -227,7 +246,7 @@ az network vpn-connection show-device-config-script
2. **Use VPN for low-bandwidth** workloads
3. **Consolidate traffic** through fewer connections
4. **Minimize data transfer** costs
5. **Use Direct Connect** for high bandwidth
5. **Use dedicated private links** for high bandwidth
6. **Implement caching** to reduce traffic

17
plugins/cloud-infrastructure/skills/hybrid-cloud-networking/references/direct-connect.md Normal file
View File

@@ -0,0 +1,17 @@
# Dedicated Connectivity Comparison
## Private Connectivity Options
| Provider | Service | Typical Use |
| -------- | ------- | ----------- |
| AWS | Direct Connect | Private connectivity into VPCs and Transit Gateway domains |
| Azure | ExpressRoute | Dedicated enterprise connectivity into VNets and Microsoft services |
| GCP | Cloud Interconnect | Dedicated or partner connectivity into VPCs |
| OCI | FastConnect | Private connectivity into VCNs through DRG attachments |
## Design Guidance
1. Prefer redundant circuits in separate facilities for production workloads.
2. Terminate private links into central transit or hub networking layers.
3. Use VPN as backup even when dedicated links are primary.
4. Validate BGP advertisements, failover behavior, and MTU assumptions during testing.

54
plugins/cloud-infrastructure/skills/multi-cloud-architecture/SKILL.md
View File

@@ -1,11 +1,11 @@
---
name: multi-cloud-architecture
description: Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, and GCP. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
description: Design multi-cloud architectures using a decision framework to select and integrate services across AWS, Azure, GCP, and OCI. Use when building multi-cloud systems, avoiding vendor lock-in, or leveraging best-of-breed services from multiple providers.
---
# Multi-Cloud Architecture
Decision framework and patterns for architecting applications across AWS, Azure, and GCP.
Decision framework and patterns for architecting applications across AWS, Azure, GCP, and OCI.
## Purpose
@@ -23,31 +23,31 @@ Design cloud-agnostic architectures and make informed decisions about service se
### Compute Services
| AWS | Azure | GCP | Use Case |
| ------- | ------------------- | --------------- | ------------------ |
| EC2 | Virtual Machines | Compute Engine | IaaS VMs |
| ECS | Container Instances | Cloud Run | Containers |
| EKS | AKS | GKE | Kubernetes |
| Lambda | Functions | Cloud Functions | Serverless |
| Fargate | Container Apps | Cloud Run | Managed containers |
| AWS | Azure | GCP | OCI | Use Case |
| ------- | ------------------- | --------------- | ------------------- | ------------------ |
| EC2 | Virtual Machines | Compute Engine | Compute | IaaS VMs |
| ECS | Container Instances | Cloud Run | Container Instances | Containers |
| EKS | AKS | GKE | OKE | Kubernetes |
| Lambda | Functions | Cloud Functions | Functions | Serverless |
| Fargate | Container Apps | Cloud Run | Container Instances | Managed containers |
### Storage Services
| AWS | Azure | GCP | Use Case |
| ------- | --------------- | --------------- | -------------- |
| S3 | Blob Storage | Cloud Storage | Object storage |
| EBS | Managed Disks | Persistent Disk | Block storage |
| EFS | Azure Files | Filestore | File storage |
| Glacier | Archive Storage | Archive Storage | Cold storage |
| AWS | Azure | GCP | OCI | Use Case |
| ------- | --------------- | --------------- | -------------- | -------------- |
| S3 | Blob Storage | Cloud Storage | Object Storage | Object storage |
| EBS | Managed Disks | Persistent Disk | Block Volumes | Block storage |
| EFS | Azure Files | Filestore | File Storage | File storage |
| Glacier | Archive Storage | Archive Storage | Archive Storage | Cold storage |
### Database Services
| AWS | Azure | GCP | Use Case |
| ----------- | ---------------- | ------------- | --------------- |
| RDS | SQL Database | Cloud SQL | Managed SQL |
| DynamoDB | Cosmos DB | Firestore | NoSQL |
| Aurora | PostgreSQL/MySQL | Cloud Spanner | Distributed SQL |
| ElastiCache | Cache for Redis | Memorystore | Caching |
| AWS | Azure | GCP | OCI | Use Case |
| ----------- | ---------------- | ------------- | ------------------- | --------------- |
| RDS | SQL Database | Cloud SQL | MySQL HeatWave | Managed SQL |
| DynamoDB | Cosmos DB | Firestore | NoSQL Database | NoSQL |
| Aurora | PostgreSQL/MySQL | Cloud Spanner | Autonomous Database | Distributed SQL |
| ElastiCache | Cache for Redis | Memorystore | OCI Cache | Caching |
**Reference:** See `references/service-comparison.md` for complete comparison
@@ -65,6 +65,7 @@ Design cloud-agnostic architectures and make informed decisions about service se
- Use best service from each provider
- AI/ML on GCP
- Enterprise apps on Azure
- Regulated data platforms on OCI
- General compute on AWS
### Pattern 3: Geographic Distribution
@@ -85,10 +86,10 @@ Design cloud-agnostic architectures and make informed decisions about service se
### Use Cloud-Native Alternatives
- **Compute:** Kubernetes (EKS/AKS/GKE)
- **Database:** PostgreSQL/MySQL (RDS/SQL Database/Cloud SQL)
- **Message Queue:** Apache Kafka (MSK/Event Hubs/Confluent)
- **Cache:** Redis (ElastiCache/Azure Cache/Memorystore)
- **Compute:** Kubernetes (EKS/AKS/GKE/OKE)
- **Database:** PostgreSQL/MySQL (RDS/SQL Database/Cloud SQL/MySQL HeatWave)
- **Message Queue:** Apache Kafka or managed streaming (MSK/Event Hubs/Confluent/OCI Streaming)
- **Cache:** Redis (ElastiCache/Azure Cache/Memorystore/OCI Cache)
- **Object Storage:** S3-compatible API
- **Monitoring:** Prometheus/Grafana
- **Service Mesh:** Istio/Linkerd
@@ -102,7 +103,7 @@ Infrastructure Abstraction (Terraform)
Cloud Provider APIs
AWS / Azure / GCP
AWS / Azure / GCP / OCI
```
## Cost Comparison
@@ -112,6 +113,7 @@ AWS / Azure / GCP
- **AWS:** On-demand, Reserved, Spot, Savings Plans
- **Azure:** Pay-as-you-go, Reserved, Spot
- **GCP:** On-demand, Committed use, Preemptible
- **OCI:** Pay-as-you-go, annual commitments, burstable/flexible shapes, preemptible instances
### Cost Optimization Strategies

26
plugins/cloud-infrastructure/skills/multi-cloud-architecture/references/multi-cloud-patterns.md Normal file
View File

@@ -0,0 +1,26 @@
# Multi-Cloud Architecture Patterns
## Active-Active Regional Split
- Run customer-facing services in two providers for resiliency
- Use global DNS and traffic steering to shift load during incidents
- Keep shared data replicated asynchronously unless low-latency writes are mandatory
## Best-of-Breed Service Mix
- Analytics and ML on GCP
- Enterprise identity and Microsoft workloads on Azure
- Broad ecosystem integrations on AWS
- Oracle-centric databases and regulated transaction systems on OCI
## Primary / DR Pairing
- Keep primary infrastructure in the provider closest to operational expertise
- Use a second provider for cold or warm disaster recovery
- Validate RPO/RTO assumptions with regular failover exercises
## Portable Platform Baseline
- Standardize on Kubernetes, Terraform/OpenTofu, PostgreSQL, Redis, and OpenTelemetry
- Abstract cloud differences behind modules, golden paths, and service catalogs
- Document provider-specific exceptions such as IAM, networking, and managed database behavior

35
plugins/cloud-infrastructure/skills/multi-cloud-architecture/references/service-comparison.md Normal file
View File

@@ -0,0 +1,35 @@
# Multi-Cloud Service Comparison
## Compute
| Use Case | AWS | Azure | GCP | OCI |
| -------- | --- | ----- | --- | --- |
| General-purpose VMs | EC2 | Virtual Machines | Compute Engine | Compute |
| Managed Kubernetes | EKS | AKS | GKE | OKE |
| Serverless functions | Lambda | Functions | Cloud Functions | Functions |
| Containers without cluster management | ECS/Fargate | Container Apps / Container Instances | Cloud Run | Container Instances |
## Storage
| Use Case | AWS | Azure | GCP | OCI |
| -------- | --- | ----- | --- | --- |
| Object storage | S3 | Blob Storage | Cloud Storage | Object Storage |
| Block storage | EBS | Managed Disks | Persistent Disk | Block Volumes |
| File storage | EFS | Azure Files | Filestore | File Storage |
| Archive storage | Glacier / Deep Archive | Archive Storage | Archive Storage | Archive Storage |
## Data Services
| Use Case | AWS | Azure | GCP | OCI |
| -------- | --- | ----- | --- | --- |
| Managed relational database | RDS | SQL Database | Cloud SQL | MySQL HeatWave |
| Distributed / globally resilient SQL | Aurora Global Database | Cosmos DB for PostgreSQL / SQL patterns | Cloud Spanner | Autonomous Database |
| NoSQL | DynamoDB | Cosmos DB | Firestore | NoSQL Database |
| Streaming | Kinesis / MSK | Event Hubs | Pub/Sub / Confluent | Streaming |
## Platform Selection Notes
1. Prefer provider-native managed services when team expertise and lock-in tolerance are high.
2. Prefer Kubernetes, PostgreSQL, Redis, and open observability stacks when portability matters.
3. Use OCI when Oracle database affinity, predictable networking, or regulated workload isolation are primary drivers.
4. Compare egress, managed service premiums, and support plans before splitting workloads across providers.

18
plugins/cloud-infrastructure/skills/terraform-module-library/SKILL.md
View File

@@ -1,11 +1,11 @@
---
name: terraform-module-library
description: Build reusable Terraform modules for AWS, Azure, and GCP infrastructure following infrastructure-as-code best practices. Use when creating infrastructure modules, standardizing cloud provisioning, or implementing reusable IaC components.
description: Build reusable Terraform modules for AWS, Azure, GCP, and OCI infrastructure following infrastructure-as-code best practices. Use when creating infrastructure modules, standardizing cloud provisioning, or implementing reusable IaC components.
---
# Terraform Module Library
Production-ready Terraform module patterns for AWS, Azure, and GCP infrastructure.
Production-ready Terraform module patterns for AWS, Azure, GCP, and OCI infrastructure.
## Purpose
@@ -32,10 +32,14 @@ terraform-modules/
│ ├── vnet/
│ ├── aks/
│ └── storage/
── gcp/
├── vpc/
├── gke/
└── cloud-sql/
── gcp/
├── vpc/
├── gke/
└── cloud-sql/
└── oci/
├── vcn/
├── oke/
└── object-storage/
```
## Standard Module Pattern
@@ -174,6 +178,8 @@ output "vpc_cidr_block" {
9. **Test modules** with Terratest
10. **Tag all resources** consistently
**Reference:** See `references/aws-modules.md` and `references/oci-modules.md`
## Module Composition
```hcl

2
plugins/cloud-infrastructure/skills/terraform-module-library/references/aws-modules.md
View File

@@ -58,7 +58,7 @@
## Best Practices
1. Use AWS provider version ~> 5.0
1. Use AWS provider version `~> 6.31`
2. Enable encryption by default
3. Use least-privilege IAM
4. Tag all resources consistently

52
plugins/cloud-infrastructure/skills/terraform-module-library/references/oci-modules.md Normal file
View File

@@ -0,0 +1,52 @@
# OCI Terraform Module Patterns
## VCN Module
- VCN with public/private subnets
- Dynamic Routing Gateway (DRG) attachments
- Internet Gateway, NAT Gateway, Service Gateway
- Route tables and security lists / NSGs
- VCN Flow Logs
## OKE Module
- OKE cluster and node pools
- IAM policies and dynamic groups
- VCN-native pod networking
- Cluster autoscaling and observability hooks
- OCIR integration
## Autonomous Database Module
- Autonomous Database provisioning
- Network access controls and private endpoints
- Wallet and secret handling
- Backup and maintenance preferences
- Tagging and cost tracking
## Object Storage Module
- Buckets with lifecycle rules
- Versioning and retention
- Customer-managed encryption keys
- Replication policies
- Event rules and service connectors
## Load Balancer Module
- Public or private load balancer
- Backend sets and listeners
- TLS certificates
- Health checks
- Logging and metrics integration
## Best Practices
1. Use the OCI provider version `~> 7.26`
2. Model compartments explicitly and pass them through module interfaces
3. Prefer NSGs over broad security list rules where practical
4. Tag all resources with owner, environment, and cost center metadata
5. Use dynamic groups and least-privilege IAM policies for workload access
6. Keep network, identity, and data modules loosely coupled
7. Expose OCIDs and subnet details for module composition
8. Enable logging, metrics, and backup settings by default