cloud-deploy-blueprint_skill

This skill guides end-to-end cloud deployment to AKS/GKE/DOKS, including CI/CD, ingress, SSL, and Next.js build-time variable handling.
  • Python

19

GitHub Stars

1

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill mjunaidca/mjs-agent-skills --skill cloud-deploy-blueprint

  • SKILL.md10.9 KB

Overview

This skill captures a battle-tested, end-to-end blueprint for deploying multi-service applications to Kubernetes (AKS, GKE, DOKS) with CI/CD. It bundles patterns for managed service integration, ingress and TLS, GitHub Actions selective builds, and correct Next.js build-time vs runtime handling. The guidance is distilled from a 9-hour real-world deployment and focuses on reliable, repeatable outcomes.

How this skill works

The skill documents an opinionated architecture: a single public IP and load balancer, an ingress controller (Traefik or nginx) routing to public and internal services, and external managed services like Neon Postgres and Upstash Redis. It prescribes Dockerfile, Helm, and GitHub Actions patterns to pass Next.js NEXT_PUBLIC_* build args, inject runtime secrets via Helm --set from GitHub Secrets, and ensure images match cluster CPU architecture. It also includes cert-manager TLS setup, ingress annotations, and a pre-deployment checklist.

When to use it

  • Deploying multi-service apps to AKS, GKE, or DOKS with Kubernetes and Helm
  • Setting up GitHub Actions CI/CD with selective builds and build-arg injection
  • Integrating managed services such as Neon (Postgres) and Upstash (Redis)
  • Configuring ingress, cert-manager TLS, and production-grade routing
  • Ensuring Next.js build-time variables are embedded correctly and runtime secrets are secured

Best practices

  • Treat NEXT_PUBLIC_* variables as build-time: use ARG in Dockerfile and pass --build-arg in CI
  • Keep sensitive values out of committed values.yaml and inject them via Helm --set from GitHub Secrets
  • Always check cluster node architecture and build images for matching platforms (amd64/arm64)
  • Use internal Kubernetes service names for inter-service communication, not public URLs
  • Use path filters in GitHub Actions to trigger only affected service builds and saves CI time

Example use cases

  • Deploy a Next.js web, SSO, API, and worker set to Azure AKS with external Neon/Postgres and Upstash/Redis
  • Create CI pipeline that only rebuilds changed services and passes domain-specific NEXT_PUBLIC_* build args
  • Configure Traefik ingress with cert-manager for LetsEncrypt TLS and per-subdomain routing
  • Debug platform mismatches by verifying node architecture and building for linux/arm64 or linux/amd64
  • Migrate database credentials to Neon and inject connection strings as Helm secrets at deploy time

FAQ

Next.js embeds NEXT_PUBLIC_* into the compiled client at build time, so setting them as runtime ENV does not change the built assets. Use ARG in Dockerfile and pass --build-arg during image build.

How do I avoid image platform mismatches?

Run kubectl to check node architectures and set docker buildx platforms to match (linux/amd64 or linux/arm64). Disable provenance in build action to avoid complex manifests.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational