dpnmw/agents
1
0
Fork 0
mirror of https://github.com/wshobson/agents.git synced 2026-03-18 09:37:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

style: format all files with prettier

Browse Source
This commit is contained in:
Seth Hobson
2026-01-19 17:07:03 -05:00
parent 8d37048deb
commit 56848874a2
355 changed files with 15215 additions and 10241 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
plugins/cloud-infrastructure/skills/cost-optimization/SKILL.md
View File

@@ -22,24 +22,28 @@ Implement systematic cost optimization strategies to reduce cloud spending while
## Cost Optimization Framework
### 1. Visibility
- Implement cost allocation tags
- Use cloud cost management tools
- Set up budget alerts
- Create cost dashboards
### 2. Right-Sizing
- Analyze resource utilization
- Downsize over-provisioned resources
- Use auto-scaling
- Remove idle resources
### 3. Pricing Models
- Use reserved capacity
- Leverage spot/preemptible instances
- Implement savings plans
- Use committed use discounts
### 4. Architecture Optimization
- Use managed services
- Implement caching
- Optimize data transfer
@@ -48,6 +52,7 @@ Implement systematic cost optimization strategies to reduce cloud spending while
## AWS Cost Optimization
### Reserved Instances
```
Savings: 30-72% vs On-Demand
Term: 1 or 3 years
@@ -56,6 +61,7 @@ Flexibility: Standard or Convertible
```
### Savings Plans
```
Compute Savings Plans: 66% savings
EC2 Instance Savings Plans: 72% savings
@@ -64,6 +70,7 @@ Flexible across: Instance families, regions, OS
```
### Spot Instances
```
Savings: Up to 90% vs On-Demand
Best for: Batch jobs, CI/CD, stateless workloads
@@ -72,6 +79,7 @@ Strategy: Mix with On-Demand for resilience
```
### S3 Cost Optimization
```hcl
resource "aws_s3_bucket_lifecycle_configuration" "example" {
bucket = aws_s3_bucket.example.id
@@ -100,17 +108,20 @@ resource "aws_s3_bucket_lifecycle_configuration" "example" {
## Azure Cost Optimization
### Reserved VM Instances
- 1 or 3 year terms
- Up to 72% savings
- Flexible sizing
- Exchangeable
### Azure Hybrid Benefit
- Use existing Windows Server licenses
- Up to 80% savings with RI
- Available for Windows and SQL Server
### Azure Advisor Recommendations
- Right-size VMs
- Delete unused resources
- Use reserved capacity
@@ -119,18 +130,21 @@ resource "aws_s3_bucket_lifecycle_configuration" "example" {
## GCP Cost Optimization
### Committed Use Discounts
- 1 or 3 year commitment
- Up to 57% savings
- Applies to vCPUs and memory
- Resource-based or spend-based
### Sustained Use Discounts
- Automatic discounts
- Up to 30% for running instances
- No commitment required
- Applies to Compute Engine, GKE
### Preemptible VMs
- Up to 80% savings
- 24-hour maximum runtime
- Best for batch workloads
@@ -138,6 +152,7 @@ resource "aws_s3_bucket_lifecycle_configuration" "example" {
## Tagging Strategy
### AWS Tagging
```hcl
locals {
common_tags = {
@@ -167,6 +182,7 @@ resource "aws_instance" "example" {
## Cost Monitoring
### Budget Alerts
```hcl
# AWS Budget
resource "aws_budgets_budget" "monthly" {
@@ -188,6 +204,7 @@ resource "aws_budgets_budget" "monthly" {
```
### Cost Anomaly Detection
- AWS Cost Anomaly Detection
- Azure Cost Management alerts
- GCP Budget alerts
@@ -195,12 +212,14 @@ resource "aws_budgets_budget" "monthly" {
## Architecture Patterns
### Pattern 1: Serverless First
- Use Lambda/Functions for event-driven
- Pay only for execution time
- Auto-scaling included
- No idle costs
### Pattern 2: Right-Sized Databases
```
Development: t3.small RDS
Staging: t3.large RDS
@@ -208,6 +227,7 @@ Production: r6g.2xlarge RDS with read replicas
```
### Pattern 3: Multi-Tier Storage
```
Hot data: S3 Standard
Warm data: S3 Standard-IA (30 days)
@@ -216,6 +236,7 @@ Archive: S3 Deep Archive (365 days)
```
### Pattern 4: Auto-Scaling
```hcl
resource "aws_autoscaling_policy" "scale_up" {
name = "scale-up"

15
plugins/cloud-infrastructure/skills/hybrid-cloud-networking/SKILL.md
View File

@@ -24,6 +24,7 @@ Establish secure, reliable network connectivity between on-premises data centers
### AWS Connectivity
#### 1. Site-to-Site VPN
- IPSec VPN over internet
- Up to 1.25 Gbps per tunnel
- Cost-effective for moderate bandwidth
@@ -52,6 +53,7 @@ resource "aws_vpn_connection" "main" {
```
#### 2. AWS Direct Connect
- Dedicated network connection
- 1 Gbps to 100 Gbps
- Lower latency, consistent bandwidth
@@ -62,6 +64,7 @@ resource "aws_vpn_connection" "main" {
### Azure Connectivity
#### 1. Site-to-Site VPN
```hcl
resource "azurerm_virtual_network_gateway" "vpn" {
name = "vpn-gateway"
@@ -82,6 +85,7 @@ resource "azurerm_virtual_network_gateway" "vpn" {
```
#### 2. Azure ExpressRoute
- Private connection via connectivity provider
- Up to 100 Gbps
- Low latency, high reliability
@@ -90,11 +94,13 @@ resource "azurerm_virtual_network_gateway" "vpn" {
### GCP Connectivity
#### 1. Cloud VPN
- IPSec VPN (Classic or HA VPN)
- HA VPN: 99.99% SLA
- Up to 3 Gbps per tunnel
#### 2. Cloud Interconnect
- Dedicated (10 Gbps, 100 Gbps)
- Partner (50 Mbps to 50 Gbps)
- Lower latency than VPN
@@ -102,6 +108,7 @@ resource "azurerm_virtual_network_gateway" "vpn" {
## Hybrid Network Patterns
### Pattern 1: Hub-and-Spoke
```
On-Premises Datacenter
@@ -115,6 +122,7 @@ On-Premises Datacenter
```
### Pattern 2: Multi-Region Hybrid
```
On-Premises
├─ Direct Connect → us-east-1
@@ -124,6 +132,7 @@ On-Premises
```
### Pattern 3: Multi-Cloud Hybrid
```
On-Premises Datacenter
├─ Direct Connect → AWS
@@ -134,6 +143,7 @@ On-Premises Datacenter
## Routing Configuration
### BGP Configuration
```
On-Premises Router:
- AS Number: 65000
@@ -145,6 +155,7 @@ Cloud Router:
```
### Route Propagation
- Enable route propagation on route tables
- Use BGP for dynamic routing
- Implement route filtering
@@ -166,6 +177,7 @@ Cloud Router:
## High Availability
### Dual VPN Tunnels
```hcl
resource "aws_vpn_connection" "primary" {
vpn_gateway_id = aws_vpn_gateway.main.id
@@ -181,6 +193,7 @@ resource "aws_vpn_connection" "secondary" {
```
### Active-Active Configuration
- Multiple connections from different locations
- BGP for automatic failover
- Equal-cost multi-path (ECMP) routing
@@ -189,6 +202,7 @@ resource "aws_vpn_connection" "secondary" {
## Monitoring and Troubleshooting
### Key Metrics
- Tunnel status (up/down)
- Bytes in/out
- Packet loss
@@ -196,6 +210,7 @@ resource "aws_vpn_connection" "secondary" {
- BGP session status
### Troubleshooting
```bash
# AWS VPN
aws ec2 describe-vpn-connections

14
plugins/cloud-infrastructure/skills/istio-traffic-management/SKILL.md
View File

@@ -20,12 +20,12 @@ Comprehensive guide to Istio traffic management for production service mesh depl
### 1. Traffic Management Resources
| Resource | Purpose | Scope |
|----------|---------|-------|
| **VirtualService** | Route traffic to destinations | Host-based |
| Resource | Purpose | Scope |
| ------------------- | ----------------------------- | ------------- |
| **VirtualService** | Route traffic to destinations | Host-based |
| **DestinationRule** | Define policies after routing | Service-based |
| **Gateway** | Configure ingress/egress | Cluster edge |
| **ServiceEntry** | Add external services | Mesh-wide |
| **Gateway** | Configure ingress/egress | Cluster edge |
| **ServiceEntry** | Add external services | Mesh-wide |
### 2. Traffic Flow
@@ -271,7 +271,7 @@ spec:
host: my-service
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN # or LEAST_CONN, RANDOM, PASSTHROUGH
simple: ROUND_ROBIN # or LEAST_CONN, RANDOM, PASSTHROUGH
---
# Consistent hashing for sticky sessions
apiVersion: networking.istio.io/v1beta1
@@ -290,6 +290,7 @@ spec:
## Best Practices
### Do's
- **Start simple** - Add complexity incrementally
- **Use subsets** - Version your services clearly
- **Set timeouts** - Always configure reasonable timeouts
@@ -297,6 +298,7 @@ spec:
- **Monitor** - Use Kiali and Jaeger for visibility
### Don'ts
- **Don't over-retry** - Can cause cascading failures
- **Don't ignore outlier detection** - Enable circuit breakers
- **Don't mirror to production** - Mirror to test environments

18
plugins/cloud-infrastructure/skills/linkerd-patterns/SKILL.md
View File

@@ -42,12 +42,12 @@ Production patterns for Linkerd service mesh - the lightweight, security-first s
### 2. Key Resources
| Resource | Purpose |
|----------|---------|
| **ServiceProfile** | Per-route metrics, retries, timeouts |
| **TrafficSplit** | Canary deployments, A/B testing |
| **Server** | Define server-side policies |
| **ServerAuthorization** | Access control policies |
| Resource | Purpose |
| ----------------------- | ------------------------------------ |
| **ServiceProfile** | Per-route metrics, retries, timeouts |
| **TrafficSplit** | Canary deployments, A/B testing |
| **Server** | Define server-side policies |
| **ServerAuthorization** | Access control policies |
## Templates
@@ -149,9 +149,9 @@ spec:
service: my-service
backends:
- service: my-service-stable
weight: 900m # 90%
weight: 900m # 90%
- service: my-service-canary
weight: 100m # 10%
weight: 100m # 10%
```
### Template 5: Server Authorization Policy
@@ -291,12 +291,14 @@ linkerd viz tap deploy/my-app --to deploy/my-backend
## Best Practices
### Do's
- **Enable mTLS everywhere** - It's automatic with Linkerd
- **Use ServiceProfiles** - Get per-route metrics and retries
- **Set retry budgets** - Prevent retry storms
- **Monitor golden metrics** - Success rate, latency, throughput
### Don'ts
- **Don't skip check** - Always run `linkerd check` after changes
- **Don't over-configure** - Linkerd defaults are sensible
- **Don't ignore ServiceProfiles** - They unlock advanced features

8
plugins/cloud-infrastructure/skills/mtls-configuration/SKILL.md
View File

@@ -92,7 +92,7 @@ spec:
8080:
mode: STRICT
9090:
mode: DISABLE # Metrics port, no mTLS
mode: DISABLE # Metrics port, no mTLS
```
### Template 2: Istio Destination Rule for mTLS
@@ -277,7 +277,7 @@ spec:
matchLabels:
app: my-app
port: external-api
proxyProtocol: HTTP/1 # or TLS for passthrough
proxyProtocol: HTTP/1 # or TLS for passthrough
---
# Skip TLS for specific port
apiVersion: v1
@@ -285,7 +285,7 @@ kind: Service
metadata:
name: my-service
annotations:
config.linkerd.io/skip-outbound-ports: "3306" # MySQL
config.linkerd.io/skip-outbound-ports: "3306" # MySQL
```
## Certificate Rotation
@@ -327,6 +327,7 @@ linkerd viz tap deploy/my-app --to deploy/my-backend
## Best Practices
### Do's
- **Start with PERMISSIVE** - Migrate gradually to STRICT
- **Monitor certificate expiry** - Set up alerts
- **Use short-lived certs** - 24h or less for workloads
@@ -334,6 +335,7 @@ linkerd viz tap deploy/my-app --to deploy/my-backend
- **Log TLS errors** - For debugging and audit
### Don'ts
- **Don't disable mTLS** - For convenience in production
- **Don't ignore cert expiry** - Automate rotation
- **Don't use self-signed certs** - Use proper CA hierarchy

42
plugins/cloud-infrastructure/skills/multi-cloud-architecture/SKILL.md
View File

@@ -23,31 +23,31 @@ Design cloud-agnostic architectures and make informed decisions about service se
### Compute Services
| AWS | Azure | GCP | Use Case |
|-----|-------|-----|----------|
| EC2 | Virtual Machines | Compute Engine | IaaS VMs |
| ECS | Container Instances | Cloud Run | Containers |
| EKS | AKS | GKE | Kubernetes |
| Lambda | Functions | Cloud Functions | Serverless |
| Fargate | Container Apps | Cloud Run | Managed containers |
| AWS | Azure | GCP | Use Case |
| ------- | ------------------- | --------------- | ------------------ |
| EC2 | Virtual Machines | Compute Engine | IaaS VMs |
| ECS | Container Instances | Cloud Run | Containers |
| EKS | AKS | GKE | Kubernetes |
| Lambda | Functions | Cloud Functions | Serverless |
| Fargate | Container Apps | Cloud Run | Managed containers |
### Storage Services
| AWS | Azure | GCP | Use Case |
|-----|-------|-----|----------|
| S3 | Blob Storage | Cloud Storage | Object storage |
| EBS | Managed Disks | Persistent Disk | Block storage |
| EFS | Azure Files | Filestore | File storage |
| Glacier | Archive Storage | Archive Storage | Cold storage |
| AWS | Azure | GCP | Use Case |
| ------- | --------------- | --------------- | -------------- |
| S3 | Blob Storage | Cloud Storage | Object storage |
| EBS | Managed Disks | Persistent Disk | Block storage |
| EFS | Azure Files | Filestore | File storage |
| Glacier | Archive Storage | Archive Storage | Cold storage |
### Database Services
| AWS | Azure | GCP | Use Case |
|-----|-------|-----|----------|
| RDS | SQL Database | Cloud SQL | Managed SQL |
| DynamoDB | Cosmos DB | Firestore | NoSQL |
| Aurora | PostgreSQL/MySQL | Cloud Spanner | Distributed SQL |
| ElastiCache | Cache for Redis | Memorystore | Caching |
| AWS | Azure | GCP | Use Case |
| ----------- | ---------------- | ------------- | --------------- |
| RDS | SQL Database | Cloud SQL | Managed SQL |
| DynamoDB | Cosmos DB | Firestore | NoSQL |
| Aurora | PostgreSQL/MySQL | Cloud Spanner | Distributed SQL |
| ElastiCache | Cache for Redis | Memorystore | Caching |
**Reference:** See `references/service-comparison.md` for complete comparison
@@ -129,24 +129,28 @@ AWS / Azure / GCP
## Migration Strategy
### Phase 1: Assessment
- Inventory current infrastructure
- Identify dependencies
- Assess cloud compatibility
- Estimate costs
### Phase 2: Pilot
- Select pilot workload
- Implement in target cloud
- Test thoroughly
- Document learnings
### Phase 3: Migration
- Migrate workloads incrementally
- Maintain dual-run period
- Monitor performance
- Validate functionality
### Phase 4: Optimization
- Right-size resources
- Implement cloud-native services
- Optimize costs

40
plugins/cloud-infrastructure/skills/service-mesh-observability/SKILL.md
View File

@@ -35,12 +35,12 @@ Complete guide to observability patterns for Istio, Linkerd, and service mesh de
### 2. Golden Signals for Mesh
| Signal | Description | Alert Threshold |
|--------|-------------|-----------------|
| **Latency** | Request duration P50, P99 | P99 > 500ms |
| **Traffic** | Requests per second | Anomaly detection |
| **Errors** | 5xx error rate | > 1% |
| **Saturation** | Resource utilization | > 80% |
| Signal | Description | Alert Threshold |
| -------------- | ------------------------- | ----------------- |
| **Latency** | Request duration P50, P99 | P99 > 500ms |
| **Traffic** | Requests per second | Anomaly detection |
| **Errors** | 5xx error rate | > 1% |
| **Saturation** | Resource utilization | > 80% |
## Templates
@@ -119,7 +119,7 @@ spec:
enableTracing: true
defaultConfig:
tracing:
sampling: 100.0 # 100% in dev, lower in prod
sampling: 100.0 # 100% in dev, lower in prod
zipkin:
address: jaeger-collector.istio-system:9411
---
@@ -142,14 +142,14 @@ spec:
- name: jaeger
image: jaegertracing/all-in-one:1.50
ports:
- containerPort: 5775 # UDP
- containerPort: 6831 # Thrift
- containerPort: 6832 # Thrift
- containerPort: 5778 # Config
- containerPort: 16686 # UI
- containerPort: 14268 # HTTP
- containerPort: 14250 # gRPC
- containerPort: 9411 # Zipkin
- containerPort: 5775 # UDP
- containerPort: 6831 # Thrift
- containerPort: 6832 # Thrift
- containerPort: 5778 # Config
- containerPort: 16686 # UI
- containerPort: 14268 # HTTP
- containerPort: 14250 # gRPC
- containerPort: 9411 # Zipkin
env:
- name: COLLECTOR_ZIPKIN_HOST_PORT
value: ":9411"
@@ -207,9 +207,9 @@ linkerd viz edges deployment -n my-namespace
"defaults": {
"thresholds": {
"steps": [
{"value": 0, "color": "green"},
{"value": 1, "color": "yellow"},
{"value": 5, "color": "red"}
{ "value": 0, "color": "green" },
{ "value": 1, "color": "yellow" },
{ "value": 5, "color": "red" }
]
}
}
@@ -250,7 +250,7 @@ metadata:
namespace: istio-system
spec:
auth:
strategy: anonymous # or openid, token
strategy: anonymous # or openid, token
deployment:
accessible_namespaces:
- "**"
@@ -363,6 +363,7 @@ spec:
## Best Practices
### Do's
- **Sample appropriately** - 100% in dev, 1-10% in prod
- **Use trace context** - Propagate headers consistently
- **Set up alerts** - For golden signals
@@ -370,6 +371,7 @@ spec:
- **Retain strategically** - Hot/cold storage tiers
### Don'ts
- **Don't over-sample** - Storage costs add up
- **Don't ignore cardinality** - Limit label values
- **Don't skip dashboards** - Visualize dependencies

3
plugins/cloud-infrastructure/skills/terraform-module-library/SKILL.md
View File

@@ -58,6 +58,7 @@ module-name/
## AWS VPC Module Example
**main.tf:**
```hcl
resource "aws_vpc" "main" {
cidr_block = var.cidr_block
@@ -101,6 +102,7 @@ resource "aws_internet_gateway" "main" {
```
**variables.tf:**
```hcl
variable "name" {
description = "Name of the VPC"
@@ -141,6 +143,7 @@ variable "tags" {
```
**outputs.tf:**
```hcl
output "vpc_id" {
description = "ID of the VPC"

7
plugins/cloud-infrastructure/skills/terraform-module-library/references/aws-modules.md
View File

@@ -1,6 +1,7 @@
# AWS Terraform Module Patterns
## VPC Module
- VPC with public/private subnets
- Internet Gateway and NAT Gateways
- Route tables and associations
@@ -8,6 +9,7 @@
- VPC Flow Logs
## EKS Module
- EKS cluster with managed node groups
- IRSA (IAM Roles for Service Accounts)
- Cluster autoscaler
@@ -15,6 +17,7 @@
- Cluster logging
## RDS Module
- RDS instance or cluster
- Automated backups
- Read replicas
@@ -23,6 +26,7 @@
- Security groups
## S3 Module
- S3 bucket with versioning
- Encryption at rest
- Bucket policies
@@ -30,6 +34,7 @@
- Replication configuration
## ALB Module
- Application Load Balancer
- Target groups
- Listener rules
@@ -37,6 +42,7 @@
- Access logs
## Lambda Module
- Lambda function
- IAM execution role
- CloudWatch Logs
@@ -44,6 +50,7 @@
- VPC configuration (optional)
## Security Group Module
- Reusable security group rules
- Ingress/egress rules
- Dynamic rule creation