Using Claude Code for DevOps: what works, what breaks, and what to lock down

By /

1. Why DevOps engineers are suddenly looking at Claude Code

Most AI tools for developers stop at suggesting code.
Claude Code is different.

Claude Code runs inside your terminal and can:

  • Read your repository
  • Inspect YAML, Terraform, scripts
  • Run real commands like kubectl, terraform, docker, grep
  • Operate with your existing credentials

That last point is why DevOps engineers are paying attention.

In infrastructure work, most time is spent:

  • Reading configs
  • Explaining failures
  • Debugging state
  • Translating intent into YAML or CLI flags

Claude Code sits exactly at that layer — not above it.

That makes it useful, but also dangerous if misunderstood.

2. What Claude Code actually is (and is not)

Claude Code is not:

  • A chatbot
  • A read‑only assistant
  • A safe sandbox by default

Claude Code executes commands as your user.

If you can run this in your shell:

kubectl delete pod my-pod

Claude Code can run it too — unless you restrict it.

Minimal setup (what most engineers start with)

Install Claude Code:

curl -fsSL https://claude.ai/install.sh | bash

Start it inside a repo:

cd infra-repo
claude

At this point, Claude Code:

  • Reads files in the repo
  • Sees your git history
  • Inherits environment variables
  • Inherits kubeconfig / cloud credentials

This is where its power comes from — and where mistakes begin.

3. Where Claude Code genuinely helps DevOps work

Used carefully, Claude Code can remove a lot of mental overhead.

✅ Explaining broken Kubernetes behavior

Example prompt:

This pod is stuck in Pending. Inspect the manifests and explain why.

Claude Code can:

  • Read Deployment / StatefulSet YAML
  • Notice PVC usage
  • Explain scheduling or storage constraints

This is faster than:

  • Jumping between files
  • Mentally simulating scheduler logic

✅ Debugging configuration drift

Claude Code is good at answering:

  • “What changed between these two versions?”
  • “Why did this Helm upgrade fail?”
  • “Which values are no longer valid?”

It works well because:

  • Infra problems are often configuration diffs
  • Not algorithmic logic

✅ Writing boring but correct boilerplate

Examples:

  • Kubernetes probes
  • Resource requests / limits
  • Terraform module structure
  • GitHub Actions YAML

This is where AI shines without risk, because:

  • Output is reviewed
  • Applied manually
  • No direct execution needed

4. Where Claude Code breaks down (important)

Claude Code fails in predictable ways.

❌ It does not understand “importance”

It treats:

  • Prod cluster
  • Dev cluster
  • Test repo

as equally valid contexts, unless you enforce boundaries.

❌ It can be confidently wrong

Claude Code may:

  • Suggest deleting resources to “fix” an issue
  • Recommend changes that mask the real problem
  • Optimize for speed, not safety

This is especially risky for:

  • Stateful workloads
  • Storage
  • Databases
  • Production clusters

❌ It inherits too much power by default

If your shell has:

  • Admin cloud credentials
  • Prod kubeconfig
  • Write access everywhere

Claude Code does too.

That is not an AI problem — it’s a DevOps hygiene problem.

5. What you MUST lock down before using Claude Code seriously

This is the most important section of the post.

✅ Use a non‑production kubeconfig

Create a read‑only or dev‑only kubeconfig and export it before running Claude:

export KUBECONFIG=~/.kube/dev-config
claude

Never point Claude Code at prod by default.

✅ Prefer read‑only workflows

Good use cases:

  • Explain
  • Review
  • Diff
  • Suggest

Bad use cases:

  • Apply
  • Delete
  • Migrate
  • Scale stateful systems

✅ Treat Claude Code like a junior engineer

  • It can move fast
  • It needs supervision
  • It should not operate alone

If you wouldn’t let a junior engineer run terraform apply unsupervised, don’t let an AI do it either.

6. When you should NOT use AI agents at all

Avoid Claude Code when:

  • Incident response is ongoing
  • Data integrity is at risk
  • You don’t fully understand the system yet
  • You’re debugging something nondeterministic

AI is best used before and after incidents — not during peak stress.

7. The right mental model

Claude Code is best thought of as:

A fast, tireless pair‑programmer for infrastructure — not an operator.

It helps you:

  • Think
  • Explain
  • Prepare

It should not:

  • Decide
  • Act autonomously
  • Touch production unsupervised

Final takeaway

Claude Code is powerful because it operates where DevOps work actually happens — the terminal.

That same power makes it risky if you treat it like a chatbot.

Used with:

  • clear boundaries
  • limited credentials
  • human judgement

it can save real time.

Used blindly, it can create incidents instead of preventing them.

Discover more from

Subscribe to get the latest posts sent to your email.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top