Introduction: Why DevOps Engineers Need Claude Code

I haven't written YAML by hand in three weeks. Let that sink in.

As a DevOps engineer with 25+ years of experience, I've spent countless hours crafting Dockerfiles, debugging Kubernetes manifests, and refactoring Terraform modules. The repetitive nature of infrastructure code has always been a necessary evil—until now.

Claude Code is Anthropic's AI-powered command-line tool that doesn't just suggest code—it understands your entire project and generates production-ready infrastructure configurations. Unlike ChatGPT where you copy-paste code back and forth, Claude Code works directly in your terminal, reading your files and making changes with your approval.

What Makes Claude Code Different for DevOps?

  • Context Awareness: It reads your package.json, requirements.txt, or go.mod to understand your application
  • Best Practices by Default: Multi-stage Docker builds, resource limits, security contexts—all automatic
  • Direct File Access: No copy-paste. Claude edits files directly with your approval
  • Infrastructure Knowledge: Deep understanding of Docker, Kubernetes, Terraform, and CI/CD patterns

In this guide, I'll show you exactly how I use Claude Code for real DevOps workflows—with actual commands and outputs you can replicate today.

Setting Up Claude Code for DevOps

Installation

Claude Code requires Node.js 18+ and an Anthropic API key:

# Install Claude Code globally
npm install -g @anthropic-ai/claude-code

# Verify installation
claude --version

# Start Claude Code in any project
cd /path/to/your/project
claude

First Run

When you first run claude, it will:

  1. Ask for your Anthropic API key (one-time setup)
  2. Scan your project structure
  3. Read key files to understand context
  4. Present an interactive prompt
Pro Tip: Create a CLAUDE.md file in your project root. Claude reads this first and follows your conventions. More on this in the CLAUDE.md section.

Docker Workflows with Claude Code

Let's start with what DevOps engineers do daily: containerizing applications.

Example 1: Generate a Production Dockerfile

Instead of writing a Dockerfile from scratch, I simply ask:

> Create a production-ready Dockerfile for this Node.js application with multi-stage build

Claude Code reads my package.json, understands the application structure, and generates:

# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

# Production stage
FROM node:20-alpine AS production
WORKDIR /app

# Security: Run as non-root user
RUN addgroup -g 1001 -S nodejs && \
    adduser -S nodejs -u 1001
USER nodejs

# Copy only production artifacts
COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist
COPY --from=builder --chown=nodejs:nodejs /app/node_modules ./node_modules
COPY --from=builder --chown=nodejs:nodejs /app/package.json ./

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD node -e "require('http').get('http://localhost:3000/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"

EXPOSE 3000
CMD ["node", "dist/index.js"]

Notice what Claude included automatically:

  • Multi-stage build (smaller final image)
  • Non-root user (security best practice)
  • Health check (required for orchestrators)
  • Proper COPY ordering (layer caching)
  • npm ci instead of npm install (deterministic builds)

Example 2: Optimize an Existing Dockerfile

> Analyze my Dockerfile and suggest optimizations for smaller image size

Claude reads the existing Dockerfile and provides specific recommendations with exact changes.

Example 3: Docker Compose for Development

> Create a docker-compose.yml for local development with PostgreSQL, Redis, and hot-reload

Claude generates a complete compose file with service dependencies, volume mounts, environment variables, health checks, and network configuration.

Kubernetes Manifest Generation

This is where Claude Code truly shines. Kubernetes YAML is verbose and error-prone. Claude handles the complexity.

Example 1: Complete Application Stack

> Create Kubernetes manifests for production deployment: Deployment, Service, Ingress, HPA, and PDB

Claude generates a complete set of manifests:

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  labels:
    app: myapp
    version: v1
spec:
  replicas: 3
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
        version: v1
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 1000
      containers:
      - name: myapp
        image: myapp:latest
        ports:
        - containerPort: 3000
          name: http
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 500m
            memory: 512Mi
        livenessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 10
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: http
          initialDelaySeconds: 5
          periodSeconds: 5
---
# service.yaml
apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  selector:
    app: myapp
  ports:
  - port: 80
    targetPort: http
    name: http
---
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: myapp
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: myapp
  minReplicas: 3
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
---
# pdb.yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: myapp
spec:
  minAvailable: 2
  selector:
    matchLabels:
      app: myapp

Example 2: Debug Kubernetes Issues

> My pods are in CrashLoopBackOff. Here's kubectl describe output: [paste output]

Claude analyzes the output and provides specific fixes—not generic advice.

Example 3: Helm Chart Generation

> Convert these Kubernetes manifests into a Helm chart with configurable values

Claude creates a complete Helm chart structure with Chart.yaml, values.yaml, and templatized manifests.

Terraform Infrastructure as Code

Terraform modules can be complex. Claude Code understands HCL and cloud provider APIs.

Example 1: AWS EKS Cluster

> Create a Terraform module for AWS EKS with managed node groups, VPC, and IRSA support

Claude generates a complete, production-ready module:

# main.tf
module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> 6.0"

  name = "${var.cluster_name}-vpc"
  cidr = var.vpc_cidr

  azs             = var.availability_zones
  private_subnets = var.private_subnet_cidrs
  public_subnets  = var.public_subnet_cidrs

  enable_nat_gateway   = true
  single_nat_gateway   = var.environment != "production"
  enable_dns_hostnames = true

  public_subnet_tags = {
    "kubernetes.io/role/elb" = 1
  }

  private_subnet_tags = {
    "kubernetes.io/role/internal-elb" = 1
  }

  tags = var.tags
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "~> 21.0"

  cluster_name    = var.cluster_name
  cluster_version = var.kubernetes_version

  vpc_id     = module.vpc.vpc_id
  subnet_ids = module.vpc.private_subnets

  cluster_endpoint_public_access = true

  eks_managed_node_groups = {
    default = {
      min_size     = var.node_min_size
      max_size     = var.node_max_size
      desired_size = var.node_desired_size

      instance_types = var.node_instance_types
      capacity_type  = "ON_DEMAND"
    }
  }

  # IRSA
  enable_irsa = true

  tags = var.tags
}

Example 2: Refactor Existing Terraform

> Refactor this Terraform code to use modules and follow best practices

Claude reads your existing .tf files and restructures them properly.

CI/CD Pipeline Generation

GitHub Actions

> Create a GitHub Actions workflow for: lint, test, build Docker image, push to ECR, deploy to EKS

Claude generates a complete workflow:

name: CI/CD Pipeline

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

env:
  AWS_REGION: us-east-1
  ECR_REPOSITORY: myapp
  EKS_CLUSTER: production

jobs:
  lint-and-test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
      - run: npm ci
      - run: npm run lint
      - run: npm test

  build-and-push:
    needs: lint-and-test
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2
      - name: Build and push
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          IMAGE_TAG: ${{ github.sha }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

  deploy:
    needs: build-and-push
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}
      - name: Deploy to EKS
        run: |
          aws eks update-kubeconfig --name $EKS_CLUSTER
          kubectl set image deployment/myapp myapp=${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}
          kubectl rollout status deployment/myapp

The Power of CLAUDE.md for DevOps

The CLAUDE.md file is your secret weapon. It tells Claude about your project's specific conventions.

Example CLAUDE.md for DevOps Projects

# CLAUDE.md - DevOps Project Guidelines

## Infrastructure Conventions

### Docker
- Always use multi-stage builds
- Base images: node:20-alpine, python:3.11-slim, golang:1.21-alpine
- Run as non-root user (UID 1000)
- Include HEALTHCHECK in all Dockerfiles

### Kubernetes
- Namespace: Use environment-based namespaces (dev, staging, prod)
- Labels: Always include app, version, environment
- Resources: Always set requests AND limits
- Security: runAsNonRoot: true, readOnlyRootFilesystem where possible

### Terraform
- Backend: S3 with DynamoDB locking
- Provider versions: Pin to minor version (~> 5.0)
- Naming: {project}-{environment}-{resource}
- Tags: Always include Environment, Project, ManagedBy=Terraform

### CI/CD
- Platform: GitHub Actions
- Docker registry: AWS ECR
- Kubernetes: AWS EKS
- Secrets: Use GitHub Secrets, never hardcode

With this file, every time you ask Claude to generate infrastructure, it follows YOUR conventions automatically.

Best Practices & Tips

1. Be Specific in Your Requests

Instead of "create a Dockerfile", say "create a production Dockerfile for Node.js 20 with multi-stage build, non-root user, and health check".

2. Review Before Applying

Claude shows diffs before making changes. Always review, especially for infrastructure code.

3. Use CLAUDE.md

Invest 10 minutes creating a good CLAUDE.md. It pays dividends on every interaction.

4. Iterate Incrementally

Generate base configuration first, then ask for additions: "Now add network policies" or "Add pod anti-affinity".

5. Ask for Explanations

After generation, ask "explain why you chose these resource limits" to learn best practices.

Frequently Asked Questions

What is Claude Code and how does it help DevOps engineers?

Claude Code is Anthropic's AI-powered CLI tool that understands your entire codebase and can generate, edit, and explain infrastructure code. For DevOps engineers, it can create Dockerfiles, Kubernetes manifests, Terraform configurations, and CI/CD pipelines by understanding your project context and following best practices automatically.

Can Claude Code generate production-ready Kubernetes manifests?

Yes, Claude Code can generate production-ready Kubernetes manifests including Deployments, Services, ConfigMaps, Secrets, Ingress, HPA, PDB, and NetworkPolicies. It understands context from your existing code and applies best practices like resource limits, health checks, and security contexts automatically.

How do I install Claude Code for DevOps work?

Install Claude Code globally using npm: npm install -g @anthropic-ai/claude-code. Then navigate to any project directory and run claude to start. Claude Code works best when you have a CLAUDE.md file in your project root that describes your infrastructure conventions.

Is Claude Code free for DevOps use?

Claude Code requires an Anthropic API subscription. The Pro plan ($20/month) includes generous usage limits suitable for most DevOps workflows. The cost is typically offset by time saved—generating a complex Terraform module takes seconds instead of hours.

Can Claude Code work with existing Terraform modules?

Yes, Claude Code excels at working with existing infrastructure code. It can read your current Terraform modules, understand variable patterns, and extend them consistently. It can also refactor existing configurations and generate documentation for your modules.

Conclusion

Claude Code has fundamentally changed how I approach DevOps work. What used to take hours—crafting Dockerfiles, debugging Kubernetes manifests, writing Terraform modules—now takes minutes.

The key is understanding that Claude Code isn't just a code generator. It's a context-aware assistant that understands your project, your conventions, and DevOps best practices.

Start small: Install Claude Code, create a CLAUDE.md with your conventions, and ask it to generate a Dockerfile for your next project. You'll never go back to writing YAML by hand.

Next Steps