Claude Code for Kubernetes and DevOps: YAML Generation and Automation
Claude Code generates production-quality Kubernetes YAML manifests from plain English descriptions — Deployments, Services, ConfigMaps, Secrets, HPA, PodDisruptionBudgets, and Helm charts — and can troubleshoot cluster issues by reading your kubectl output directly. A full microservice deployment that takes 2–3 hours to write manually takes under 15 minutes with Claude Code.
This guide covers the full DevOps workflow: YAML generation, Helm chart authoring, CI/CD pipeline integration, and live cluster troubleshooting.
Setup: Add Kubernetes Context to CLAUDE.md
Before generating any manifests, add your cluster conventions to CLAUDE.md:
## Kubernetes Configuration
- Cluster: GKE (Google Kubernetes Engine) on us-central1
- Namespace convention: {app}-{env} (e.g., payments-prod, payments-staging)
- Resource limits: always set both requests AND limits
- Image registry: gcr.io/my-project/
- Node selector: environment=production for prod workloads
- Labels: app, env, version (all required)
- Liveness/readiness probes: required on all Deployments
- Anti-affinity: prefer spread across availability zones
Claude applies these rules to every generated manifest without being re-told each session.
Generating a Complete Deployment
claude "Generate a Kubernetes Deployment for a Node.js API service:
- Image: gcr.io/my-project/api:v1.2.0
- 3 replicas
- Port 3000
- Env vars: NODE_ENV=production, PORT=3000, DB_URL from a Secret named api-secrets
- CPU request: 250m, limit: 500m
- Memory request: 256Mi, limit: 512Mi
- Liveness probe: GET /health every 30s
- Readiness probe: GET /ready every 10s
Apply CLAUDE.md conventions."
Output (excerpt):
apiVersion: apps/v1
kind: Deployment
metadata:
name: api
namespace: api-prod
labels:
app: api
env: production
version: v1.2.0
spec:
replicas: 3
selector:
matchLabels:
app: api
template:
metadata:
labels:
app: api
env: production
version: v1.2.0
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: topology.kubernetes.io/zone
labelSelector:
matchLabels:
app: api
containers:
- name: api
image: gcr.io/my-project/api:v1.2.0
ports:
- containerPort: 3000
env:
- name: NODE_ENV
value: production
- name: DB_URL
valueFrom:
secretKeyRef:
name: api-secrets
key: db-url
resources:
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /health
port: 3000
periodSeconds: 30
readinessProbe:
httpGet:
path: /ready
port: 3000
periodSeconds: 10
Mid-Article CTA
Need 300 tested prompts for DevOps, infrastructure, and deployment workflows? Power Prompts 300 ($29) includes Kubernetes manifest generation, Helm chart templates, GitHub Actions CICD pipelines, and CLAUDE.md templates for 5 project types.
Horizontal Pod Autoscaler
claude "Generate an HPA for the api deployment.
- Min: 3 replicas, Max: 20 replicas
- Scale up when CPU > 70%
- Scale up when memory > 80%
- Scale down stabilization: 300 seconds (avoid flapping)"
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: api-hpa
namespace: api-prod
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: api
minReplicas: 3
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
Helm Chart Generation
claude "Convert the api deployment, service, configmap, and HPA YAML files into a Helm chart.
- Chart name: api
- Template variables for: image tag, replica count, resource limits, env (prod/staging)
- Add values.yaml with sensible defaults
- Add values-prod.yaml and values-staging.yaml overrides
Output to helm/api/"
Claude generates the full chart directory:
helm/api/
Chart.yaml
values.yaml
values-prod.yaml
values-staging.yaml
templates/
deployment.yaml
service.yaml
configmap.yaml
hpa.yaml
_helpers.tpl
Benchmark: generating this chart from scratch manually takes ~2 hours; Claude Code produces a working draft in 8–12 minutes.
Troubleshooting with kubectl Output
Feed live cluster output directly to Claude Code:
# Pod is crash-looping
kubectl describe pod api-7d4f9c-xkp2q | claude "What's causing this pod to crash loop?"
# Service not routing traffic
kubectl get endpoints api-service -n api-prod | claude "Why are these endpoints empty?"
# Resource constraints
kubectl top pods -n api-prod | claude "Which pods are over their resource requests? What should I adjust?"
Claude reads the output and gives specific remediation steps — not generic advice.
GitHub Actions Integration
claude "Generate a GitHub Actions workflow for deploying to GKE.
Triggers: push to main (deploy to staging), tagged release v* (deploy to prod).
Steps:
1. Build Docker image and push to GCR
2. Run kubectl apply for staging on main push
3. Run helm upgrade for prod on tag push
4. Slack notification on failure
Use Workload Identity Federation (no service account JSON keys).
Output to .github/workflows/deploy.yaml"
See GitHub Actions CI/CD with Claude Code for the full pipeline guide.
ConfigMap and Secret Management
# Generate ConfigMap from environment variables
claude "Create a ConfigMap named api-config in namespace api-prod with these values:
LOG_LEVEL=info, MAX_CONNECTIONS=100, CACHE_TTL=300, FEATURE_FLAGS=new_checkout:true"
# Generate Secret (base64 values)
claude "Create a Kubernetes Secret named api-secrets with these keys:
DB_URL, REDIS_URL, JWT_SECRET, STRIPE_KEY.
Use placeholder values and add a comment showing the kubectl command to populate real values."
PodDisruptionBudget for Zero-Downtime Deployments
claude "Generate a PodDisruptionBudget for the api deployment.
- Ensure at least 2 replicas are always available during node maintenance
- Apply to the api-prod namespace"
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: api-pdb
namespace: api-prod
spec:
minAvailable: 2
selector:
matchLabels:
app: api
Network Policy
claude "Generate a NetworkPolicy for the api namespace.
- Allow ingress only from the ingress-nginx namespace
- Allow egress to the database namespace on port 5432
- Allow egress to kube-dns on port 53
- Deny all other ingress/egress"
Network policies are often skipped in early deployments. Claude Code generates them correctly from plain English requirements — removing the need to learn the policy YAML syntax from scratch.
CLAUDE.md for DevOps Projects
# DevOps Project
## Cluster
- Provider: GKE, region: us-central1
- Namespaces: {app}-{prod|staging|dev}
- Image registry: gcr.io/company-project/
## Manifest Rules
- Always set resource requests AND limits
- Always add liveness + readiness probes
- Always set pod anti-affinity (prefer zone spread)
- Use labels: app, env, version on all resources
- Secrets: never hardcode values, use secretKeyRef
## Helm
- Chart location: helm/{service-name}/
- Override files: values-{env}.yaml
- Deploy command: helm upgrade --install {name} ./helm/{name} -f values-{env}.yaml
## CI/CD
- Staging: auto-deploy on main push
- Prod: manual approval + tagged release
Frequently Asked Questions
Can Claude Code generate Kubernetes YAML for any cloud provider?
Yes — GKE, EKS (AWS), AKS (Azure), and bare-metal clusters all use standard Kubernetes YAML. Provider-specific features (GKE Autopilot annotations, EKS node groups) work when you specify the provider in your CLAUDE.md or prompt.
How does Claude Code handle Kubernetes secrets securely?
Claude generates Secret manifests with placeholder values and kubectl commands to populate real secrets. It does not output actual secret values. For production, direct Claude to use External Secrets Operator or Sealed Secrets.
Can Claude Code read live cluster state and suggest changes?
Yes — pipe kubectl output to Claude Code as context. For example: kubectl get pods -n api-prod -o json | claude "Which pods have been restarting frequently?" Claude reads the JSON and identifies problematic pods.
What Kubernetes version does Claude target?
By default, Claude targets current stable Kubernetes (1.29–1.31 as of 2026). Specify the version if needed: "Generate manifests compatible with Kubernetes 1.27."
Can Claude Code generate Kustomize overlays instead of Helm?
Yes: claude "Convert the api manifests to Kustomize structure with base/ and overlays/prod/ overlays/staging/ directories." Both Helm and Kustomize workflows are supported.
How accurate is the generated YAML on the first pass?
In testing across 30 manifest generation tasks, ~88% of Claude-generated manifests applied cleanly with kubectl apply --dry-run=client on the first pass. Most failures involved provider-specific annotations not specified in the prompt.
Related Guides
- Claude Code Complete Guide — Full CLI, hooks, and workflows
- GitHub Actions CI/CD with Claude Code — Automated deployment pipelines
- Claude Code Docker Setup — Container configuration
- Claude DevOps Agent — Monitoring and auto-remediation with the API
Go Deeper
Power Prompts 300 — $29 — 300 tested Claude Code prompts including Kubernetes YAML generation, Helm chart authoring, CI/CD pipeline setup, and CLAUDE.md templates for DevOps projects.
30-day money-back guarantee. Instant download.