Harness NextGen CD for continuous deployment including pipeline YAML structure, deployment strategies (rolling, blue-green, canary), GitOps workflows, approval gates, triggers, environments, services, manifests, Kubernetes deployments, Terraform integration, and secrets management. Activate for Harness pipeline creation, deployment automation, and GitOps configuration.
/plugin marketplace add Lobbi-Docs/claude/plugin install iac-golden-architect@claude-orchestrationThis skill is limited to using the following tools:
examples/blue-green.yamlexamples/canary.yamlexamples/rolling-deployment.yamlexamples/terraform-pipeline.yamlreferences/deployment-strategies.mdreferences/gitops.mdreferences/pipeline-structure.mdreferences/triggers.mdComprehensive Harness NextGen CD administration for enterprise continuous deployment with GitOps, Kubernetes, Terraform, and multi-cloud support.
Activate this skill when:
pipeline:
name: Example Deployment Pipeline
identifier: example_deployment
projectIdentifier: default
orgIdentifier: default
tags: {}
stages:
- stage:
name: Deploy to Dev
identifier: deploy_dev
description: Deploy to development environment
type: Deployment
spec:
deploymentType: Kubernetes
service:
serviceRef: my_service
serviceInputs:
serviceDefinition:
type: Kubernetes
spec:
variables:
- name: image_tag
type: String
value: <+input>
environment:
environmentRef: dev
deployToAll: false
infrastructureDefinitions:
- identifier: dev_k8s
execution:
steps:
- step:
name: Rollout Deployment
identifier: rolloutDeployment
type: K8sRollingDeploy
timeout: 10m
spec:
skipDryRun: false
rollbackSteps:
- step:
name: Rollback Rollout Deployment
identifier: rollbackRolloutDeployment
type: K8sRollingRollback
timeout: 10m
spec: {}
tags: {}
failureStrategies:
- onFailure:
errors:
- AllErrors
action:
type: StageRollback
Rolling deployments gradually replace instances of the previous version with the new version.
execution:
steps:
- step:
name: Rolling Deployment
identifier: rollingDeployment
type: K8sRollingDeploy
timeout: 10m
spec:
skipDryRun: false
pruningEnabled: false
rollbackSteps:
- step:
name: Rolling Rollback
identifier: rollingRollback
type: K8sRollingRollback
timeout: 10m
spec: {}
Blue-green deployments create a new environment (green) alongside the existing one (blue), then switch traffic.
execution:
steps:
- step:
name: Stage Deployment
identifier: stageDeployment
type: K8sBlueGreenDeploy
timeout: 10m
spec:
skipDryRun: false
- step:
name: Swap Primary with Stage
identifier: bgSwapServices
type: K8sBlueGreenSwap
timeout: 10m
spec:
skipDryRun: false
rollbackSteps:
- step:
name: Swap Rollback
identifier: rollbackBgSwap
type: K8sBlueGreenSwapRollback
timeout: 10m
spec: {}
Canary deployments gradually roll out changes to a small subset of users before rolling out to the entire infrastructure.
execution:
steps:
- step:
name: Canary Deployment
identifier: canaryDeployment
type: K8sCanaryDeploy
timeout: 10m
spec:
instanceSelection:
type: Count
spec:
count: 1
skipDryRun: false
- step:
name: Canary Delete
identifier: canaryDelete
type: K8sCanaryDelete
timeout: 10m
spec: {}
- step:
name: Rolling Deployment
identifier: rollingDeployment
type: K8sRollingDeploy
timeout: 10m
spec:
skipDryRun: false
rollbackSteps:
- step:
name: Canary Delete
identifier: rollbackCanaryDelete
type: K8sCanaryDelete
timeout: 10m
spec: {}
- step:
name: Rolling Rollback
identifier: rollingRollback
type: K8sRollingRollback
timeout: 10m
spec: {}
service:
name: My Application
identifier: my_application
tags: {}
serviceDefinition:
spec:
manifests:
- manifest:
identifier: k8s_manifests
type: K8sManifest
spec:
store:
type: Github
spec:
connectorRef: github_connector
gitFetchType: Branch
branch: main
paths:
- kubernetes/
valuesPaths:
- values.yaml
skipResourceVersioning: false
artifacts:
primary:
primaryArtifactRef: <+input>
sources:
- spec:
connectorRef: dockerhub_connector
imagePath: myorg/myapp
tag: <+input>
identifier: docker_image
type: DockerRegistry
variables:
- name: namespace
type: String
value: <+input>
- name: replicas
type: String
value: "3"
type: Kubernetes
service:
name: Helm Service
identifier: helm_service
serviceDefinition:
spec:
manifests:
- manifest:
identifier: helm_chart
type: HelmChart
spec:
store:
type: Http
spec:
connectorRef: helm_connector
chartName: mychart
chartVersion: <+input>
helmVersion: V3
skipResourceVersioning: false
valuesPaths:
- values.yaml
variables:
- name: replicas
type: String
value: <+input>
type: Kubernetes
environment:
name: Production
identifier: production
description: Production environment
tags:
env: prod
type: Production
orgIdentifier: default
projectIdentifier: default
variables:
- name: namespace
type: String
value: production
- name: cluster_name
type: String
value: prod-cluster
infrastructureDefinition:
name: Production K8s
identifier: prod_k8s
description: Production Kubernetes cluster
tags: {}
orgIdentifier: default
projectIdentifier: default
environmentRef: production
deploymentType: Kubernetes
type: KubernetesDirect
spec:
connectorRef: k8s_connector
namespace: <+env.variables.namespace>
releaseName: release-<+INFRA_KEY>
allowSimultaneousDeployments: false
trigger:
name: GitHub Webhook Trigger
identifier: github_webhook
enabled: true
description: Trigger on GitHub push
tags: {}
orgIdentifier: default
projectIdentifier: default
pipelineIdentifier: example_deployment
source:
type: Webhook
spec:
type: Github
spec:
type: Push
spec:
connectorRef: github_connector
autoAbortPreviousExecutions: true
payloadConditions:
- key: targetBranch
operator: Equals
value: main
headerConditions: []
inputYaml: |
pipeline:
identifier: example_deployment
stages:
- stage:
identifier: deploy_dev
type: Deployment
spec:
service:
serviceInputs:
serviceDefinition:
type: Kubernetes
spec:
variables:
- name: image_tag
type: String
value: <+trigger.payload.after>
trigger:
name: Nightly Deployment
identifier: nightly_deployment
enabled: true
tags: {}
orgIdentifier: default
projectIdentifier: default
pipelineIdentifier: example_deployment
source:
type: Scheduled
spec:
type: Cron
spec:
expression: 0 0 * * * # Daily at midnight
timezone: America/New_York
inputYaml: |
pipeline:
identifier: example_deployment
stages:
- stage:
identifier: deploy_dev
type: Deployment
application:
name: My Application
identifier: my_application
orgIdentifier: default
projectIdentifier: default
clusterRef: prod_cluster
repoURL: https://github.com/myorg/myapp
path: kubernetes/
targetRevision: main
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
destination:
namespace: production
name: prod-cluster
cluster:
name: Production Cluster
identifier: prod_cluster
orgIdentifier: default
projectIdentifier: default
agentIdentifier: gitops_agent
spec:
config:
type: KubernetesDirect
spec:
connectorRef: k8s_connector
- step:
name: Approval
identifier: approval
type: HarnessApproval
timeout: 1d
spec:
approvalMessage: Please review and approve deployment
includePipelineExecutionHistory: true
approvers:
minimumCount: 1
disallowPipelineExecutor: false
userGroups:
- account.Engineering_Managers
approverInputs: []
- step:
name: Jira Approval
identifier: jira_approval
type: JiraApproval
timeout: 1d
spec:
connectorRef: jira_connector
projectKey: PROJ
issueKey: <+input>
approvalCriteria:
type: KeyValues
spec:
matchAnyCondition: true
conditions:
- key: Status
operator: equals
value: Done
rejectionCriteria:
type: KeyValues
spec:
matchAnyCondition: true
conditions:
- key: Status
operator: equals
value: Rejected
pipeline:
variables:
- name: environment
type: String
value: dev
- name: image_tag
type: String
value: <+input>
- name: replicas
type: String
value: <+input>.default(3)
- name: enable_feature
type: String
value: <+input>.allowedValues(true,false)
| Expression | Description |
|---|---|
<+pipeline.name> | Pipeline name |
<+pipeline.sequenceId> | Pipeline execution ID |
<+stage.name> | Current stage name |
<+service.name> | Service name |
<+env.name> | Environment name |
<+artifact.tag> | Artifact tag |
<+artifact.image> | Full artifact image path |
<+secrets.getValue("my_secret")> | Secret value |
<+trigger.payload.branch> | Git branch from webhook |
<+codebase.commitSha> | Git commit SHA |
- name: API_KEY
type: String
value: <+secrets.getValue("vault://path/to/secret#key")>
- name: DATABASE_PASSWORD
type: String
value: <+secrets.getValue("awsSecretsManager://my-secret")>
connector:
name: Vault Connector
identifier: vault_connector
description: HashiCorp Vault
orgIdentifier: default
projectIdentifier: default
type: Vault
spec:
vaultUrl: https://vault.example.com
basePath: harness
authToken: <+secrets.getValue("vault_token")>
renewalIntervalMinutes: 60
secretEngineManuallyConfigured: true
secretEngineName: secret
secretEngineVersion: 2
readOnly: false
notificationRules:
- name: Slack Notification
identifier: slack_notification
pipelineEvents:
- type: AllEvents
notificationMethod:
type: Slack
spec:
userGroups: []
webhookUrl: <+secrets.getValue("slack_webhook")>
enabled: true
notificationRules:
- name: Email Notification
identifier: email_notification
pipelineEvents:
- type: PipelineFailed
- type: PipelineSuccess
notificationMethod:
type: Email
spec:
userGroups:
- account.DevOps_Team
recipients:
- devops@example.com
enabled: true
- step:
name: Terraform Plan
identifier: terraformPlan
type: TerraformPlan
timeout: 10m
spec:
provisionerIdentifier: terraform_provisioner
configuration:
command: Apply
configFiles:
store:
type: Github
spec:
gitFetchType: Branch
connectorRef: github_connector
branch: main
folderPath: terraform/
secretManagerRef: vault_connector
varFiles:
- varFile:
identifier: tfvars
spec:
content: |
region = "<+pipeline.variables.region>"
environment = "<+pipeline.variables.environment>"
type: Inline
- step:
name: Terraform Apply
identifier: terraformApply
type: TerraformApply
timeout: 10m
spec:
provisionerIdentifier: terraform_provisioner
configuration:
type: InheritFromPlan
- step:
name: Run Script
identifier: runScript
type: ShellScript
timeout: 10m
spec:
shell: Bash
onDelegate: true
source:
type: Inline
spec:
script: |
#!/bin/bash
echo "Deployment started for <+service.name>"
echo "Environment: <+env.name>"
echo "Image tag: <+artifact.tag>"
# Custom validation
if [ "<+env.name>" == "production" ]; then
echo "Production deployment requires approval"
exit 0
fi
environmentVariables:
- name: SERVICE_NAME
type: String
value: <+service.name>
- name: NAMESPACE
type: String
value: <+infra.namespace>
outputVariables:
- name: deployment_status
type: String
value: status
Checklist:
Solution: Verify manifest paths and Git connector configuration
manifests:
- manifest:
spec:
store:
spec:
paths:
- kubernetes/deployment.yaml # Ensure path is correct
- kubernetes/service.yaml
Solution: Increase timeout and check Kubernetes cluster health
- step:
timeout: 30m # Increase timeout
spec:
skipDryRun: false
Solution: Verify secret manager connector and secret path
# Test secret resolution
harness secret get vault://path/to/secret#key
references/pipeline-structure.md for complete pipeline YAML referencereferences/deployment-strategies.md for detailed strategy patternsreferences/triggers.md for all trigger configurationsreferences/gitops.md for GitOps implementation patternsexamples/ for production-ready pipeline examplesCreating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.
Applies Anthropic's official brand colors and typography to any sort of artifact that may benefit from having Anthropic's look-and-feel. Use it when brand colors or style guidelines, visual formatting, or company design standards apply.
Create beautiful visual art in .png and .pdf documents using design philosophy. You should use this skill when the user asks to create a poster, piece of art, design, or other static piece. Create original visual designs, never copying existing artists' work to avoid copyright violations.