SkillHub ClubRun DevOpsDevOpsTesting

cloud-k8s-deployment

Provides concrete steps to deploy applications to DigitalOcean Kubernetes with multi-cloud patterns for AWS and GKE. Includes detailed setup for prerequisites like ingress, cert-manager, Dapr, and production values files. Covers cost optimization and verification checklists.

Packaged view

This page reorganizes the original catalog entry around fit, installability, and workflow context first. The original raw source lives below.

Stars

Hot score

Updated

March 20, 2026

Overall rating

A7.6

Composite score

4.7

Best-practice grade

S100.0

Install command

npx @skill-hub/cli install maneeshanif-todo-spec-driven-cloud-k8s-deployment

kubernetescloud-deploymentdigitaloceanhelmproduction

Repository

maneeshanif/todo-spec-driven

Skill path: .claude/skills/cloud-k8s-deployment

Open repository

Best for

Primary workflow: Run DevOps.

Technical facets: DevOps, Testing.

Target audience: Developers and DevOps engineers deploying containerized applications to Kubernetes in production environments.

License: Unknown.

Original source

Catalog source: SkillHub Club.

Repository owner: maneeshanif.

This is still a mirrored public skill entry. Review the repository before installing into production workflows.

What it helps with

Install cloud-k8s-deployment into Claude Code, Codex CLI, Gemini CLI, or OpenCode workflows
Review https://github.com/maneeshanif/todo-spec-driven before adding cloud-k8s-deployment to shared team environments
Use cloud-k8s-deployment for devops workflows

Works across

Claude CodeCodex CLIGemini CLIOpenCode

Favorites: 0.

Sub-skills: 0.

Aggregator: No.

Original source / Raw SKILL.md

---
name: cloud-k8s-deployment
description: Deploy to cloud Kubernetes clusters - DigitalOcean DOKS primary, with multi-cloud patterns for AWS EKS and GKE. Use when deploying Phase 5 to production cloud environments. (project)
allowed-tools: Bash, Write, Read, Glob, Edit, Grep
---

# Cloud Kubernetes Deployment Skill

## Quick Start

1. **Read Phase 5 Constitution** - `constitution-prompt-phase-5.md`
2. **Choose cloud provider** - DigitalOcean DOKS (primary)
3. **Create cluster** - Using cloud CLI or Terraform
4. **Configure kubectl** - Get credentials
5. **Install prerequisites** - Ingress, cert-manager, Dapr
6. **Deploy with Helm** - Using environment-specific values

## Cloud Provider Comparison

| Feature | DigitalOcean DOKS | AWS EKS | Google GKE |
|---------|-------------------|---------|------------|
| **Cost** | $$ (Cheapest) | $$$$ | $$$ |
| **Ease** | Easy | Complex | Medium |
| **Managed** | Yes | Yes | Yes |
| **Free Tier** | None | Some | Some |
| **Best For** | Startups, MVP | Enterprise | ML/AI |

## DigitalOcean DOKS Setup (Primary)

### Install doctl CLI

```bash
# macOS
brew install doctl

# Linux
cd ~ && curl -OL https://github.com/digitalocean/doctl/releases/download/v1.104.0/doctl-1.104.0-linux-amd64.tar.gz
tar xf ~/doctl-1.104.0-linux-amd64.tar.gz
sudo mv ~/doctl /usr/local/bin

# Authenticate
doctl auth init
```

### Create DOKS Cluster

```bash
# Create cluster
doctl kubernetes cluster create todo-production \
  --region nyc1 \
  --version 1.29.1-do.0 \
  --node-pool "name=default;size=s-2vcpu-4gb;count=3;auto-scale=true;min-nodes=2;max-nodes=5" \
  --wait

# Get kubeconfig
doctl kubernetes cluster kubeconfig save todo-production

# Verify
kubectl get nodes
```

### Terraform Configuration

Create `terraform/digitalocean/main.tf`:

```hcl
terraform {
  required_providers {
    digitalocean = {
      source  = "digitalocean/digitalocean"
      version = "~> 2.0"
    }
  }
}

provider "digitalocean" {
  token = var.do_token
}

resource "digitalocean_kubernetes_cluster" "todo" {
  name    = "todo-production"
  region  = "nyc1"
  version = "1.29.1-do.0"

  node_pool {
    name       = "default"
    size       = "s-2vcpu-4gb"
    auto_scale = true
    min_nodes  = 2
    max_nodes  = 5
  }

  maintenance_policy {
    start_time = "04:00"
    day        = "sunday"
  }
}

resource "digitalocean_container_registry" "todo" {
  name                   = "todo-registry"
  subscription_tier_slug = "basic"
}

output "cluster_id" {
  value = digitalocean_kubernetes_cluster.todo.id
}

output "kubeconfig" {
  value     = digitalocean_kubernetes_cluster.todo.kube_config[0].raw_config
  sensitive = true
}
```

## Install Prerequisites

### NGINX Ingress Controller

```bash
# Install via Helm
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --namespace ingress-nginx \
  --create-namespace \
  --set controller.publishService.enabled=true
```

### Cert-Manager (TLS)

```bash
# Install cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update

helm install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --create-namespace \
  --set installCRDs=true

# Create ClusterIssuer for Let's Encrypt
kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
      - http01:
          ingress:
            class: nginx
EOF
```

### Dapr

```bash
# Install Dapr
helm repo add dapr https://dapr.github.io/helm-charts/
helm repo update

helm install dapr dapr/dapr \
  --namespace dapr-system \
  --create-namespace \
  --wait
```

### Strimzi (Kafka)

```bash
# Install Strimzi operator
helm repo add strimzi https://strimzi.io/charts/
helm repo update

helm install strimzi-kafka-operator strimzi/strimzi-kafka-operator \
  --namespace kafka \
  --create-namespace
```

## Production Values File

Create `helm/evolution-todo/values-production.yaml`:

```yaml
global:
  environment: production
  domain: todo.yourdomain.com
  image:
    registry: ghcr.io
    repository: your-org/evolution-todo
    tag: latest
    pullPolicy: Always

ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  hosts:
    - host: todo.yourdomain.com
      paths:
        - path: /
          pathType: Prefix
          service: frontend
        - path: /api
          pathType: Prefix
          service: backend
  tls:
    - secretName: todo-tls
      hosts:
        - todo.yourdomain.com

backend:
  replicas: 3
  resources:
    requests:
      cpu: 250m
      memory: 512Mi
    limits:
      cpu: 1000m
      memory: 1Gi
  autoscaling:
    enabled: true
    minReplicas: 3
    maxReplicas: 10
    targetCPUUtilizationPercentage: 70

frontend:
  replicas: 2
  resources:
    requests:
      cpu: 100m
      memory: 256Mi
    limits:
      cpu: 500m
      memory: 512Mi

kafka:
  enabled: true
  external: true
  brokers: "redpanda-cloud-broker:9092"

redis:
  enabled: true
  cluster:
    enabled: false
  master:
    persistence:
      size: 5Gi

postgresql:
  enabled: false  # Using Neon
  external:
    host: "your-neon-host.neon.tech"
    database: "todo_prod"
```

## Deploy to Production

```bash
# Create namespace
kubectl create namespace todo-app

# Create secrets
kubectl create secret generic todo-secrets \
  --namespace todo-app \
  --from-literal=DATABASE_URL="postgresql://user:pass@host/db" \
  --from-literal=GEMINI_API_KEY="your-key" \
  --from-literal=BETTER_AUTH_SECRET="your-secret"

# Deploy with Helm
helm upgrade --install evolution-todo ./helm/evolution-todo \
  --namespace todo-app \
  --values ./helm/evolution-todo/values-production.yaml \
  --wait

# Verify deployment
kubectl get pods -n todo-app
kubectl get ingress -n todo-app
```

## DNS Configuration

After deployment, configure DNS:

```bash
# Get Load Balancer IP
kubectl get svc -n ingress-nginx ingress-nginx-controller -o jsonpath='{.status.loadBalancer.ingress[0].ip}'

# Create A record:
# todo.yourdomain.com → <LOAD_BALANCER_IP>
```

## Multi-Environment Strategy

```
Production (DOKS)
├── Namespace: todo-app
├── Domain: todo.yourdomain.com
├── Database: Neon (Production)
├── Kafka: Redpanda Cloud
└── Replicas: 3-10 (autoscaled)

Staging (DOKS)
├── Namespace: todo-staging
├── Domain: staging.todo.yourdomain.com
├── Database: Neon (Staging)
├── Kafka: Strimzi (in-cluster)
└── Replicas: 1-3

Development (Minikube)
├── Namespace: todo-dev
├── Domain: localhost
├── Database: PostgreSQL (in-cluster)
├── Kafka: Strimzi (single node)
└── Replicas: 1
```

## Monitoring Setup

### Prometheus & Grafana

```bash
# Install kube-prometheus-stack
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update

helm install monitoring prometheus-community/kube-prometheus-stack \
  --namespace monitoring \
  --create-namespace \
  --set grafana.adminPassword=admin \
  --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
```

### DigitalOcean Monitoring

```bash
# Enable cluster monitoring
doctl kubernetes cluster update todo-production \
  --enable-control-plane-monitoring
```

## Cost Optimization

| Resource | Development | Staging | Production |
|----------|-------------|---------|------------|
| Nodes | 1 (s-1vcpu-2gb) | 2 (s-2vcpu-4gb) | 3-5 (s-2vcpu-4gb) |
| Cost/month | ~$12 | ~$48 | ~$72-120 |
| Load Balancer | None | 1 ($12) | 1 ($12) |
| Block Storage | 10GB | 20GB | 50GB |

## Verification Checklist

- [ ] DOKS cluster created and running
- [ ] kubectl configured with cluster credentials
- [ ] Ingress controller installed
- [ ] Cert-manager installed with ClusterIssuer
- [ ] Dapr installed in dapr-system namespace
- [ ] Secrets created in todo-app namespace
- [ ] Helm deployment successful
- [ ] TLS certificate issued
- [ ] DNS configured
- [ ] Application accessible via domain
- [ ] Monitoring enabled

## Troubleshooting

| Issue | Cause | Solution |
|-------|-------|----------|
| Pods pending | No nodes | Check node pool autoscaling |
| TLS not working | Cert not issued | Check cert-manager logs |
| Ingress 502 | Backend unhealthy | Check pod health |
| DNS not resolving | A record missing | Add DNS record |
| High latency | Region mismatch | Deploy closer to users |

## References

- [DigitalOcean Kubernetes](https://docs.digitalocean.com/products/kubernetes/)
- [NGINX Ingress](https://kubernetes.github.io/ingress-nginx/)
- [Cert-Manager](https://cert-manager.io/docs/)
- [Dapr on Kubernetes](https://docs.dapr.io/operations/hosting/kubernetes/)
- [Phase 5 Constitution](../../../constitution-prompt-phase-5.md)