Interactive setup wizard for AWS EKS + Helm + Keycloak + Harness ecosystem
Guides interactive setup of AWS EKS, Helm, Keycloak, and Harness ecosystem.
/plugin marketplace add Lobbi-Docs/claude/plugin install lobbi-docs-aws-eks-helm-keycloak-plugins-aws-eks-helm-keycloak@Lobbi-Docs/claudeComprehensive, interactive setup wizard that configures your entire AWS EKS + Helm + Keycloak + Harness ecosystem step-by-step.
/eks:setup [options]
--mode - Setup mode: full, quick, repair, validate (default: full)--component - Setup specific component: aws, harness, keycloak, local, all--non-interactive - Use environment variables only (for CI)--config - Path to existing config file to use as base--dry-run - Show what would be configured without making changes--skip-validation - Skip connectivity validation (not recommended)/eks:setup
Complete guided setup for all components.
/eks:setup --mode=quick
Uses smart defaults, asks only essential questions.
/eks:setup --component=keycloak
/eks:setup --mode=validate
/eks:setup --mode=repair
╔══════════════════════════════════════════════════════════════════════════════╗
║ ║
║ ███████╗██╗ ██╗███████╗ ███████╗███████╗████████╗██╗ ██╗██████╗ ║
║ ██╔════╝██║ ██╔╝██╔════╝ ██╔════╝██╔════╝╚══██╔══╝██║ ██║██╔══██╗ ║
║ █████╗ █████╔╝ ███████╗ ███████╗█████╗ ██║ ██║ ██║██████╔╝ ║
║ ██╔══╝ ██╔═██╗ ╚════██║ ╚════██║██╔══╝ ██║ ██║ ██║██╔═══╝ ║
║ ███████╗██║ ██╗███████║ ███████║███████╗ ██║ ╚██████╔╝██║ ║
║ ╚══════╝╚═╝ ╚═╝╚══════╝ ╚══════╝╚══════╝ ╚═╝ ╚═════╝ ╚═╝ ║
║ ║
║ AWS EKS + Helm + Keycloak + Harness ║
║ Interactive Setup Wizard ║
║ ║
╚══════════════════════════════════════════════════════════════════════════════╝
Welcome! This wizard will configure your deployment ecosystem.
Setup Progress:
○ AWS Configuration
○ Harness Platform
○ Keycloak Authentication
○ Local Development
○ Final Validation
Estimated time: 10-15 minutes
Press ENTER to begin or 'q' to quit...
═══════════════════════════════════════════════════════════════════════════════
PHASE 1/5: AWS CONFIGURATION
═══════════════════════════════════════════════════════════════════════════════
Let's configure your AWS environment for EKS deployments.
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 1.1: AWS Credentials │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ How would you like to authenticate with AWS? │
│ │
│ [1] Use existing AWS CLI profile │
│ [2] Enter Access Key / Secret Key │
│ [3] Use IAM Role (EC2/ECS/Lambda) │
│ [4] Use AWS SSO │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Using AWS CLI profile 'default'...
✅ AWS credentials validated
├── Account ID: 123456789012
├── User/Role: arn:aws:iam::123456789012:user/developer
└── Region: us-west-2
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 1.2: AWS Region & EKS Clusters │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Primary AWS Region: [us-west-2] _ │
│ │
│ Scanning for existing EKS clusters... │
│ │
│ Found 3 EKS clusters: │
│ │
│ [1] my-app-dev (us-west-2) - v1.28 - 3 nodes │
│ [2] my-app-staging (us-west-2) - v1.28 - 5 nodes │
│ [3] my-app-prod (us-west-2) - v1.28 - 10 nodes │
│ [4] Create new cluster configuration │
│ [5] Skip EKS setup (configure later) │
│ │
│ Select clusters to use (comma-separated, e.g., 1,2,3): _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Selected: my-app-dev, my-app-staging, my-app-prod
Mapping clusters to environments:
├── Development → my-app-dev ✅
├── Staging → my-app-staging ✅
└── Production → my-app-prod ✅
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 1.3: ECR Repository │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ ECR Registry: 123456789012.dkr.ecr.us-west-2.amazonaws.com │
│ │
│ Would you like to: │
│ [1] Use existing ECR repositories │
│ [2] Create repositories automatically when onboarding services │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 1.4: AWS Secrets Manager │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Secrets will be stored with prefix: [my-app/] _ │
│ │
│ Testing Secrets Manager access... │
│ ✅ Read/Write access confirmed │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
═══════════════════════════════════════════════════════════════════════════════
✅ AWS CONFIGURATION COMPLETE
═══════════════════════════════════════════════════════════════════════════════
Summary:
├── Region: us-west-2
├── Account: 123456789012
├── EKS Clusters: 3 configured
├── ECR Registry: Configured
└── Secrets Manager: Configured
Press ENTER to continue to Harness setup...
═══════════════════════════════════════════════════════════════════════════════
PHASE 2/5: HARNESS PLATFORM CONFIGURATION
═══════════════════════════════════════════════════════════════════════════════
Let's connect to your Harness account and configure CI/CD.
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 2.1: Harness Account │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Harness Account ID: [xxxxxxxx] _ │
│ (Found in Account Settings → Overview) │
│ │
│ API Key (PAT or SAT): │
│ ▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪▪ │
│ (Create at Account Settings → Access Control → API Keys) │
│ │
│ [?] Need help creating an API key? (y/n): _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Validating Harness connection...
✅ Connected to Harness
├── Account: My Organization
├── Plan: Enterprise
└── Modules: CI, CD, CCM, FF
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 2.2: Organization & Project │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Available Organizations: │
│ [1] default │
│ [2] platform-team │
│ [3] Create new organization │
│ │
│ Select organization: [1] _ │
│ │
│ ────────────────────────────────────────────────────────────────────── │
│ │
│ Available Projects in 'default': │
│ [1] eks-deployments │
│ [2] infrastructure │
│ [3] Create new project │
│ │
│ Select project: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Selected: default / eks-deployments
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 2.3: Harness Code Repository │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Do you use Harness Code for source control? │
│ [1] Yes, use Harness Code │
│ [2] No, use GitHub │
│ [3] No, use GitLab │
│ [4] No, use Bitbucket │
│ [5] No, use other Git provider │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Using Harness Code
Available repositories:
├── my-app (main) ← Current
├── infrastructure
└── shared-libs
Primary repository: [my-app] _
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 2.4: AWS Connectors │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Checking existing connectors... │
│ │
│ Found connectors: │
│ ├── ✅ aws_connector (AWS) │
│ ├── ⚠️ eks_dev_connector (needs update) │
│ └── ❌ eks_prod_connector (missing) │
│ │
│ Would you like to: │
│ [1] Auto-create/update missing connectors │
│ [2] Configure connectors manually │
│ [3] Skip connector setup │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Creating/updating connectors...
✅ aws_connector - OK
✅ eks_dev_connector - Updated
✅ eks_staging_connector - Created
✅ eks_prod_connector - Created
✅ ecr_connector - Created
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 2.5: Harness Delegate │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Checking Harness Delegates... │
│ │
│ Found delegates: │
│ ├── ✅ eks-delegate-dev (healthy, 2m ago) │
│ ├── ✅ eks-delegate-staging (healthy, 1m ago) │
│ └── ✅ eks-delegate-prod (healthy, 30s ago) │
│ │
│ All delegates healthy! ✅ │
│ │
│ [If delegates were missing, wizard would offer to install them] │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
═══════════════════════════════════════════════════════════════════════════════
✅ HARNESS CONFIGURATION COMPLETE
═══════════════════════════════════════════════════════════════════════════════
Summary:
├── Account: My Organization
├── Org/Project: default / eks-deployments
├── Repository: my-app (Harness Code)
├── Connectors: 5 configured
└── Delegates: 3 healthy
Press ENTER to continue to Keycloak setup...
═══════════════════════════════════════════════════════════════════════════════
PHASE 3/5: KEYCLOAK AUTHENTICATION
═══════════════════════════════════════════════════════════════════════════════
Let's configure Keycloak for authentication.
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 3.1: Keycloak Instance │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Keycloak deployment type: │
│ [1] Self-hosted Keycloak (on EKS or elsewhere) │
│ [2] Red Hat SSO (managed) │
│ [3] AWS Cognito with Keycloak adapter │
│ [4] Skip Keycloak setup (configure later) │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Self-hosted Keycloak selected
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 3.2: Keycloak Connection │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Keycloak URL: [https://keycloak.example.com] _ │
│ │
│ Testing connection... │
│ ✅ Keycloak is reachable │
│ ├── Version: 24.0.1 │
│ └── Realms: 3 found │
│ │
│ ────────────────────────────────────────────────────────────────────── │
│ │
│ Admin credentials (for client management): │
│ │
│ Admin Username: [admin] _ │
│ Admin Password: ▪▪▪▪▪▪▪▪▪▪ │
│ │
│ ⚠️ Credentials will be stored in AWS Secrets Manager │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Validating admin access...
✅ Admin authentication successful
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 3.3: Realm Configuration │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ How would you like to configure realms? │
│ [1] One realm per environment (recommended) │
│ [2] Single realm for all environments │
│ [3] Use existing realms │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> One realm per environment selected
Configuring realms:
├── Development realm: [development] _
├── Staging realm: [staging] _
└── Production realm: [production] _
Checking realms...
├── development: ✅ Exists
├── staging: ✅ Exists
└── production: ⚠️ Will be created
Create 'production' realm? (y/n): _
> Creating production realm...
✅ Realm created with secure defaults
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 3.4: Client Configuration Strategy │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Client naming pattern: [{service-name}-client] _ │
│ │
│ Default client settings: │
│ ├── Protocol: openid-connect ✅ │
│ ├── Access Type: confidential ✅ │
│ ├── Standard Flow: enabled ✅ │
│ ├── Service Accounts: enabled ✅ │
│ └── PKCE: enabled (S256) ✅ │
│ │
│ Would you like to customize default client settings? (y/n): _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 3.5: Test Users (Development/Staging) │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Create test users for non-production environments? │
│ [1] Yes, create standard test users │
│ [2] Yes, let me customize │
│ [3] No, skip test users │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Creating standard test users...
Test users created:
├── testuser / testpass (role: user)
├── testadmin / adminpass (role: admin)
└── developer / devpass (role: developer)
⚠️ These users are for development/staging only!
═══════════════════════════════════════════════════════════════════════════════
✅ KEYCLOAK CONFIGURATION COMPLETE
═══════════════════════════════════════════════════════════════════════════════
Summary:
├── Keycloak URL: https://keycloak.example.com
├── Realms: development, staging, production
├── Client Pattern: {service-name}-client
└── Test Users: Created in dev/staging
Admin credentials stored in: my-app/keycloak-admin
Press ENTER to continue to local development setup...
═══════════════════════════════════════════════════════════════════════════════
PHASE 4/5: LOCAL DEVELOPMENT ENVIRONMENT
═══════════════════════════════════════════════════════════════════════════════
Let's set up your local development environment.
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 4.1: Prerequisites Check │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Checking required tools... │
│ │
│ ✅ Docker 24.0.5 │
│ ✅ kubectl 1.28.0 │
│ ✅ Helm 3.13.0 │
│ ✅ AWS CLI 2.13.0 │
│ ⚠️ Kind not found │
│ ⚠️ Skaffold not found │
│ │
│ Missing tools found. Install them now? │
│ [1] Yes, install missing tools │
│ [2] No, I'll install manually │
│ [3] Skip local development setup │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Installing missing tools...
Installing Kind...
✅ Kind 0.20.0 installed
Installing Skaffold...
✅ Skaffold 2.8.0 installed
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 4.2: Local Stack Configuration │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Local development stack includes: │
│ ├── Kind cluster (EKS parity) │
│ ├── LocalStack (AWS mock) │
│ ├── Local Keycloak │
│ ├── Local Docker registry │
│ └── Hot-reload with Skaffold │
│ │
│ Generate local stack configuration? (y/n): _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Generating local stack configuration...
Created:
├── docker-compose.yaml
├── kind-config.yaml
├── skaffold.yaml
└── realm-export.json (local Keycloak)
┌─────────────────────────────────────────────────────────────────────────────┐
│ STEP 4.3: Initialize Local Environment │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ Would you like to start the local environment now? │
│ [1] Yes, start everything │
│ [2] No, I'll start later with /eks:dev-up │
│ │
│ Selection: _ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
> Skipping for now. Run /eks:dev-up when ready.
═══════════════════════════════════════════════════════════════════════════════
✅ LOCAL DEVELOPMENT SETUP COMPLETE
═══════════════════════════════════════════════════════════════════════════════
Summary:
├── Tools: All installed
├── Configuration: Generated
└── Start command: /eks:dev-up
Press ENTER to continue to final validation...
═══════════════════════════════════════════════════════════════════════════════
PHASE 5/5: FINAL VALIDATION
═══════════════════════════════════════════════════════════════════════════════
Running comprehensive validation of your setup...
┌─────────────────────────────────────────────────────────────────────────────┐
│ VALIDATION RESULTS │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ AWS │
│ ├── ✅ Credentials valid │
│ ├── ✅ EKS clusters accessible (3/3) │
│ ├── ✅ ECR registry accessible │
│ └── ✅ Secrets Manager accessible │
│ │
│ Harness │
│ ├── ✅ API connection working │
│ ├── ✅ Project accessible │
│ ├── ✅ Connectors valid (5/5) │
│ └── ✅ Delegates healthy (3/3) │
│ │
│ Keycloak │
│ ├── ✅ Server reachable │
│ ├── ✅ Admin access working │
│ ├── ✅ Realms configured (3/3) │
│ └── ✅ Test users created │
│ │
│ Local Development │
│ ├── ✅ Docker running │
│ ├── ✅ Tools installed │
│ └── ✅ Configuration generated │
│ │
│ ────────────────────────────────────────────────────────────────────────── │
│ │
│ Overall Status: ✅ ALL CHECKS PASSED │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ CONFIGURATION FILES GENERATED │
├─────────────────────────────────────────────────────────────────────────────┤
│ │
│ .claude/ │
│ └── eks-helm-keycloak.local.md ← Project configuration │
│ │
│ .env.eks-setup ← Environment variables │
│ │
│ local-dev/ │
│ ├── docker-compose.yaml │
│ ├── kind-config.yaml │
│ ├── skaffold.yaml │
│ └── keycloak/ │
│ └── realm-export.json │
│ │
│ .harness/ │
│ ├── connectors/ │
│ └── environments/ │
│ │
└─────────────────────────────────────────────────────────────────────────────┘
═══════════════════════════════════════════════════════════════════════════════
🎉 SETUP COMPLETE!
═══════════════════════════════════════════════════════════════════════════════
Your AWS EKS + Helm + Keycloak + Harness ecosystem is ready!
┌───────────────────────────────────────────────────────────────────────────┐
│ QUICK START COMMANDS │
├───────────────────────────────────────────────────────────────────────────┤
│ │
│ # Start local development │
│ /eks:dev-up │
│ │
│ # Onboard a new service │
│ /eks:service-onboard my-service │
│ │
│ # Deploy to development │
│ /eks:ship dev │
│ │
│ # Create a preview environment │
│ /eks:preview │
│ │
│ # Re-run validation anytime │
│ /eks:setup --mode=validate │
│ │
└───────────────────────────────────────────────────────────────────────────┘
📚 Documentation: plugins/aws-eks-helm-keycloak/README.md
🔧 Configuration: .claude/eks-helm-keycloak.local.md
Happy deploying! 🚀
═══════════════════════════════════════════════════════════════════════════════
This command activates the setup-orchestrator agent for interactive guidance.
Complete guided setup with all questions and validations.
For non-interactive setup (CI/CD):
# AWS
export AWS_REGION="us-west-2"
export AWS_ACCOUNT_ID="123456789012"
export EKS_CLUSTER_DEV="my-app-dev"
export EKS_CLUSTER_STAGING="my-app-staging"
export EKS_CLUSTER_PROD="my-app-prod"
# Harness
export HARNESS_ACCOUNT_ID="xxx"
export HARNESS_API_KEY="pat.xxx.xxx"
export HARNESS_ORG_ID="default"
export HARNESS_PROJECT_ID="eks-deployments"
# Keycloak
export KEYCLOAK_URL="https://keycloak.example.com"
export KEYCLOAK_ADMIN="admin"
export KEYCLOAK_ADMIN_PASSWORD="xxx"
export KEYCLOAK_REALM_DEV="development"
export KEYCLOAK_REALM_STAGING="staging"
export KEYCLOAK_REALM_PROD="production"
# Run non-interactive setup
/eks:setup --non-interactive
| Issue | Solution |
|---|---|
| AWS credentials fail | Check AWS CLI config, verify IAM permissions |
| Harness API timeout | Verify network access, check API key scope |
| Keycloak unreachable | Check URL, verify TLS certificates |
| Delegate not found | Install delegate in EKS cluster |
| Kind won't start | Restart Docker, check resources |
You can re-run setup anytime:
--mode=full to reconfigure everything--mode=repair to fix issues--component=X to reconfigure specific component--mode=validate to check health