Infrastructure as Code Toolkit

# Infrastructure as Code Toolkit — Usage Guide

## What This Plugin Does

Infrastructure as Code Toolkit connects three skills to cover the complete cloud deployment lifecycle: provision infrastructure with Terraform, package your application with Helm, and deploy it to Kubernetes. Use it to go from zero to a running production environment without leaving your AI assistant.

> **Note:** The Terraform skill is currently AWS-focused (EKS, VPC, IAM). Azure and GCP module templates are not yet included. For multi-cloud setups, use this toolkit for AWS-side provisioning and adapt the generated HCL manually for other providers.

---

## Complete Workflow Example

**Scenario:** Deploy a Node.js API to AWS EKS.

**Step 1 — Provision Cloud Infrastructure** (`wshobson-terraform-module-library`)
```
Create a Terraform module for AWS EKS cluster:
- Region: us-east-1
- Node group: 3x t3.medium
- VPC with private subnets
- Enable cluster autoscaler

Run: terraform init → terraform plan → terraform apply
```
Output: Terraform module files (`main.tf`, `variables.tf`, `outputs.tf`) with the EKS cluster, node group, and networking configured. Plan shows ~12 resources to create. Apply provisions the cluster in ~15 minutes.

**Step 2 — Package the Application** (`wshobson-helm-chart-scaffolding`)
```
Create a Helm chart for my-node-api:
- Image: my-registry/node-api:v1.2.0
- Replicas: 2
- Port: 3000
- Health check: /health
- ConfigMap for environment variables
- HorizontalPodAutoscaler: 2-10 replicas at 70% CPU
```
Output: Complete Helm chart with `Chart.yaml`, `values.yaml`, `templates/deployment.yaml`, `templates/service.yaml`, `templates/hpa.yaml`, and `templates/configmap.yaml`. Includes a `validate-chart.sh` script (runs `helm lint` + `helm template`) to catch errors before deployment.

**Step 3 — Deploy to Kubernetes** (`wshobson-k8s-manifest-generator`)
```
Generate K8s manifests to deploy my-node-api to the EKS cluster:
- Namespace: production
- Deployment: 2 replicas, resource limits 256Mi/500m
- Service: ClusterIP on port 80
- ConfigMap: LOG_LEVEL=info, NODE_ENV=production
- Secret: DATABASE_URL from Secrets Manager
```
Output: `deployment.yaml`, `service.yaml`, `configmap.yaml`, `secret.yaml` ready for `kubectl apply -f`.

---

## Scope & Boundaries

**This toolkit requires:**
- Local CLI tools installed: `terraform` (>=1.0), `helm` (>=3.0), `kubectl` configured to your cluster
- AWS credentials configured (`aws configure`) for the Terraform skill to work
- An existing Kubernetes cluster or one provisioned in Step 1

**This toolkit does NOT:**
- Execute `terraform apply` or `kubectl apply` for you — it generates the files, you run the commands
- Replace a full CI/CD pipeline (GitHub Actions, ArgoCD, FluxCD) — use those for automated deploys
- Cover Azure or GCP Terraform modules — currently AWS-only
- Manage cluster upgrades, certificate rotation, or secret rotation

---

## Failure Recovery

**Terraform: Provider not configured**
Error: `No valid credential sources found`. Fix: Run `aws configure` before `terraform init`. Verify with `terraform plan` — it will show the auth error before touching any resources.

**Terraform: Permission denied**
Error: `AccessDenied` during apply. Add the missing IAM permission (shown in the error), then re-run `terraform apply` — Terraform will only create the remaining resources.

**Helm: Chart validation fails**
Run `helm lint ./my-chart` or the included `validate-chart.sh` to see specific errors. Fix the reported YAML issue, then re-lint before deploying.

**Helm: Release already exists**
Error: `cannot re-use a name that is still in use`. Use `helm upgrade my-release ./my-chart` instead of `helm install`.

**kubectl: Cluster unreachable**
Error: `Unable to connect to the server`. Fix: Run `aws eks update-kubeconfig --name <cluster-name> --region <region>` to refresh credentials, then verify with `kubectl get nodes`.

**Pod CrashLoopBackOff after deploy**
Run `kubectl logs <pod-name> -n production` to see application errors. Check ConfigMap keys and Secret references match what the application expects. Fix the manifest and re-apply.