devops Pod¶

Standard OCI container - works with Docker, Podman, Kubernetes, Apptainer.

The devops pod provides a comprehensive suite of cloud infrastructure and Kubernetes tools for DevOps workflows, including AWS, Google Cloud, and Grafana observability tools.

Overview¶

Attribute	Value
Image	`ghcr.io/atrawog/bazzite-ai-pod-devops:stable`
Size	~4GB
GPU	None (CPU-only)
Inherits	pod-base

Quick Start¶

Docker / PodmanKubernetesHPC (Apptainer)Bazzite AI OS

# Basic usage
docker run -it --rm -v $(pwd):/workspace \
  ghcr.io/atrawog/bazzite-ai-pod-devops:stable

# With AWS and Kubernetes credentials
docker run -it --rm \
  -v $(pwd):/workspace \
  -v ~/.aws:/home/jovian/.aws:ro \
  -v ~/.kube:/home/jovian/.kube:ro \
  ghcr.io/atrawog/bazzite-ai-pod-devops:stable

apiVersion: v1
kind: Pod
metadata:
  name: devops-shell
spec:
  containers:
  - name: devops
    image: ghcr.io/atrawog/bazzite-ai-pod-devops:stable
    command: ["sleep", "infinity"]
    volumeMounts:
    - name: kubeconfig
      mountPath: /home/jovian/.kube
      readOnly: true
  volumes:
  - name: kubeconfig
    secret:
      secretName: kubeconfig

apptainer pull docker://ghcr.io/atrawog/bazzite-ai-pod-devops:stable
apptainer exec bazzite-ai-pod-devops_stable.sif bash

apptainer pull docker://ghcr.io/atrawog/bazzite-ai-pod-devops:stable
apptainer shell bazzite-ai-pod-devops_stable.sif

What's Included¶

Cloud Providers¶

Tool	Description
AWS CLI v2	Amazon Web Services command-line interface
gcloud	Google Cloud SDK
Firebase CLI	Firebase development tools
Gemini CLI	Google AI integration
Scaleway CLI	Scaleway cloud platform
Wrangler	Cloudflare Workers CLI

Kubernetes Tools¶

Tool	Description
kubectl	Kubernetes cluster management
Helm	Kubernetes package manager
kubectx/kubens	Context and namespace switchers
OpenTofu	Infrastructure as Code (Terraform fork)

Grafana Observability¶

Tool	Description
mcp-grafana	Grafana MCP server for Claude Code
logcli	Loki log query CLI
promtool	Prometheus configuration utility
mimirtool	Mimir metrics management
tempo-cli	Tempo trace query CLI

From base Pod¶

Python, Node.js, Go, Rust
VS Code, Docker CLI, Podman
Build tools, Claude Code

Usage¶

AWS Configuration¶

# Inside the pod
aws configure
# Enter: Access Key ID, Secret Access Key, Region, Output format

# Verify
aws sts get-caller-identity
aws s3 ls

Google Cloud¶

# Authenticate
gcloud auth login

# Set project
gcloud config set project my-project-id

# List resources
gcloud compute instances list
gcloud container clusters list

Kubernetes¶

# Set context (if kubeconfig mounted)
kubectl config get-contexts
kubectx my-cluster

# Common operations
kubectl get pods --all-namespaces
kubectl apply -f deployment.yaml
kubectl logs -f deployment/my-app

Helm Charts¶

# Add a repository
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

# Install a chart
helm install my-release bitnami/nginx

# List releases
helm list

OpenTofu (Infrastructure as Code)¶

# Initialize
cd /workspace/terraform
tofu init

# Plan changes
tofu plan -out=plan.tfplan

# Apply
tofu apply plan.tfplan

# Destroy
tofu destroy

Scaleway¶

# Initialize
scw init

# List resources
scw instance server list
scw k8s cluster list

Credentials Management¶

AWS Credentials¶

Mount your AWS credentials:

docker run -it --rm \
  -v ~/.aws:/home/jovian/.aws:ro \
  -v $(pwd):/workspace \
  ghcr.io/atrawog/bazzite-ai-pod-devops:stable

Kubeconfig¶

Mount your kubeconfig:

docker run -it --rm \
  -v ~/.kube:/home/jovian/.kube:ro \
  -v $(pwd):/workspace \
  ghcr.io/atrawog/bazzite-ai-pod-devops:stable

Environment Variables¶

# Pass secrets via environment
docker run -it --rm \
  -e AWS_ACCESS_KEY_ID=xxx \
  -e AWS_SECRET_ACCESS_KEY=xxx \
  -e AWS_DEFAULT_REGION=us-east-1 \
  -v $(pwd):/workspace \
  ghcr.io/atrawog/bazzite-ai-pod-devops:stable

Common Workflows¶

Deploy to Kubernetes¶

# 1. Build and push image
docker build -t my-registry/my-app:v1 .
docker push my-registry/my-app:v1

# 2. Deploy with Helm
helm upgrade --install my-app ./chart \
  --set image.tag=v1 \
  --namespace production

# 3. Verify
kubectl rollout status deployment/my-app -n production
kubectl get pods -n production

Infrastructure Changes¶

# 1. Format and validate
tofu fmt
tofu validate

# 2. Plan
tofu plan -out=plan.tfplan

# 3. Review plan output
# 4. Apply
tofu apply plan.tfplan

# 5. Commit state changes

Troubleshooting¶

kubectl: connection refused¶

Ensure kubeconfig is mounted and valid:

# Check kubeconfig location
echo $KUBECONFIG

# Verify cluster access
kubectl cluster-info

# If using mounted config
kubectl --kubeconfig=/home/jovian/.kube/config get nodes

AWS: Invalid credentials¶

# Verify credentials
aws sts get-caller-identity

# Check environment variables
env | grep AWS

# Reconfigure
aws configure

gcloud: Not authenticated¶

# Re-authenticate
gcloud auth login
gcloud auth application-default login

# Verify
gcloud auth list