Claude Code - Street Ops¶

Practical workflows showing how Claude Code fits into real DevOps work.

Workflow 1: Exploring an Unfamiliar Codebase¶

You just joined a team or got paged for an unfamiliar service. Claude Code reads your files so you don't have to grep your way through a new repo.

You: I'm new to this repo. How does the deploy pipeline work,
     from PR merge to production?

Claude Code:
1. Reads .github/workflows/, Helm chart, ArgoCD config
2. Reads deploy scripts, Dockerfiles, Makefile
3. Gives you a narrative walkthrough with specific file references
4. Points out the gap: staging has no smoke test gate

Follow-up prompts that work well: - "Where is the database connection configured?" - "Show me all the places error handling happens in the API layer" - "What would break if I renamed the orders table to order_items?"

One-liner: Claude Code's superpower is reading your codebase before answering. The more context it has, the better its suggestions. Always let it read first, then act.

Workflow 2: Writing and Testing a Script¶

Interactive iteration beats writing a script in your editor and running it separately.

You: Write a bash script that rotates log files older than 7 days
     in /var/log/myapp/, compresses them with gzip, and deletes
     anything older than 30 days. Include error handling.

Claude Code:
1. Writes the script to tools/rotate-logs.sh
2. Asks if you want to test it
3. Creates a test directory with mock log files
4. Runs the script against the test directory
5. Shows you the results
6. Fixes the edge case where the directory doesn't exist

Workflow 3: Debugging a Kubernetes Issue¶

Claude Code can run kubectl commands with your context. No more copy-pasting between browser AI and terminal.

You: Pods in the payment namespace keep getting OOMKilled.
     Help me investigate.

Claude Code:
1. Runs: kubectl get pods -n payment -o wide
2. Runs: kubectl describe pod payment-api-xxx -n payment
3. Reads the OOMKilled exit code and last restart time
4. Runs: kubectl top pods -n payment
5. Runs: kubectl get pod payment-api-xxx -o jsonpath='{.spec.containers[*].resources}'
6. Identifies: limits.memory=256Mi but the app uses 400Mi+ at peak
7. Reads the Helm values file for the resource configuration
8. Shows the fix: bump limits.memory to 512Mi
9. Runs: helm lint to validate the change

Workflow 4: Terraform Refactoring¶

Moving resources between Terraform state files is error-prone. Let Claude Code handle the mechanical parts.

You: I need to split the networking resources out of our main
     terraform state into a separate networking module.

Claude Code:
1. Reads main.tf, identifies all networking resources
2. Lists what will move: VPC, subnets, NAT gateways, route tables
3. Creates devops/terraform/modules/networking/main.tf
4. Generates the terraform state mv commands
5. Creates a migration script with rollback steps
6. Runs terraform fmt -check and terraform validate

Workflow 5: Custom Slash Commands for Your Team¶

Build team-specific workflows once, use them forever.

Daily standup helper (.claude/commands/standup.md):

Generate my standup update:

1. Run: git log --author="$(git config user.email)" --since="yesterday" --oneline
2. Check for any open PRs I authored: gh pr list --author=@me
3. Check CI status of my recent PRs
4. Summarize as:
   - Yesterday: (commits and PRs)
   - Today: (infer from branch names and open PRs)
   - Blockers: (any failing CI or stale PRs)

Pre-merge checklist (.claude/commands/pre-merge.md):

Run the pre-merge checklist for the current branch:

1. Run the full test suite: make test-all
2. Check for uncommitted files: git status
3. Verify no secrets in diff: git diff main | grep -iE '(password|secret|api.key|token)' || echo "clean"
4. Run security scan: trivy fs . --severity HIGH,CRITICAL
5. Check Docker build: docker build -t test:pre-merge .
6. Print pass/fail summary

Incident triage (.claude/commands/triage.md):

Triage the incident: $ARGUMENTS

Run these in order and report findings:
1. kubectl get pods -A | grep -v Running | grep -v Completed
2. kubectl get events -A --sort-by=.lastTimestamp | tail -30
3. kubectl top nodes
4. kubectl top pods -A --sort-by=memory | head -20
5. Check recent deploys: helm list -A --time-format "2006-01-02 15:04"

Correlate the timeline: did any deploy happen right before the issue started?

Workflow 6: Git Operations¶

Claude Code understands git deeply. Use it for operations you'd normally look up.

You: I accidentally committed a .env file 3 commits ago.
     Remove it from history without losing other changes.

Claude Code:
1. Runs: git log --oneline -5 (shows recent history)
2. Identifies the commit that added .env
3. Uses git filter-branch or BFG to remove the file
4. Updates .gitignore to prevent recurrence
5. Explains the force-push implications
6. Waits for your confirmation before pushing

You: Create a PR for the current branch with a good description.

Claude Code:
1. Runs: git log main..HEAD to see all commits
2. Runs: git diff main to see the full changeset
3. Drafts a PR title and description from the changes
4. Creates the PR with: gh pr create
5. Returns the PR URL

Workflow 7: Infrastructure Auditing¶

You: Audit our Helm values files for security issues
     across dev, staging, and prod.

Claude Code:
1. Reads values-dev.yaml, values-staging.yaml, values-prod.yaml
2. Checks for:
   - Containers running as root
   - Missing resource limits
   - Privileged security contexts
   - Missing network policies
   - Hardcoded secrets (should be in Secrets/Vault)
   - Dev settings that leaked into prod
3. Produces a table: finding, severity, file, fix

Workflow 8: Bulk Codebase Changes¶

Sub-agents let Claude Code parallelize work across your codebase.

You: Add structured logging to all API endpoint handlers.
     Use the same pattern as the /health endpoint.

Claude Code:
1. Reads the /health endpoint to learn the logging pattern
2. Spawns sub-agents to process each endpoint file in parallel
3. Each sub-agent reads the file, adds logging, reports back
4. Main agent reviews all changes for consistency
5. Runs the test suite to verify nothing broke

Workflow 9: CI/CD Pipeline Debugging¶

You: Our GitHub Actions workflow is failing with
     "Error: Process completed with exit code 137"

Claude Code:
1. Reads .github/workflows/ci.yml
2. Identifies exit code 137 = OOM kill (128 + signal 9)
3. Checks the failing step's resource usage pattern
4. Suggests: split the test matrix, add memory limits,
   or use a larger runner
5. Edits the workflow to fix the issue
6. Shows the diff for review

Workflow 10: Documentation from Code¶

You: Generate a runbook for our database failover procedure
     based on the scripts in devops/scripts/db-failover/.

Claude Code:
1. Reads all scripts in the directory
2. Reads the related Terraform module for RDS config
3. Reads any existing docs referencing failover
4. Generates a step-by-step runbook with:
   - Pre-checks
   - Failover commands
   - Validation steps
   - Rollback procedure
   - Contact list placeholder

Pro Tips¶

Start with context: "I'm debugging a production issue" vs "I'm learning this codebase" changes how Claude Code approaches the problem.
Use /compact aggressively: Long debugging sessions fill the context window. Compact when you reach a milestone.

Gotcha: Claude Code runs commands with your shell credentials. If you are connected to a production cluster, it can kubectl delete in production. Always check your current kubectl context (kubectl config current-context) before letting Claude Code run k8s commands. Consider using read-only service accounts for investigation workflows.

Chain with pipes: cat error.log | claude -p "what's wrong?" for quick one-offs.
Branch before big changes: Ask Claude Code to create a feature branch before refactors. It'll do it.
Let it read first: "Read the Helm chart and then suggest improvements" beats "Improve the Helm chart" — you get better suggestions when it has full context.
Parallel sub-agents: For tasks like "check all 12 services for this vulnerability," Claude Code can spawn agents to check them in parallel rather than serially.
Headless for CI: Use claude -p in CI pipelines for automated code review, changelog generation, or migration scripts.
Custom commands are force multipliers: Build a library of team-specific slash commands. New team members get your workflows for free.

Remember: The best Claude Code prompts are specific about context and constraints. "Fix this bug" is weak. "The /health endpoint returns 500 when the database is unreachable. It should return 503 with a JSON body. See app/api/main.py." is strong. Be explicit about what you want and where to find the relevant code.

Debug clue: If Claude Code seems confused about your codebase, check whether it is reading the right files. Use explicit file paths in your prompts rather than relying on it to find them. "Read devops/helm/values-prod.yaml and suggest improvements" is clearer than "check the prod config."