Draft
Conversation
- Introduced a new document on testing anti-patterns to guide developers in writing effective tests and avoiding common pitfalls. - Added a new skill for writing implementation plans, detailing how to create comprehensive plans for multi-step tasks. - Created a plan document reviewer prompt template to ensure plan completeness and alignment with specifications. - Established symbolic links for various skills including e2e testing patterns, GitHub actions templates, requesting code review, Terraform style guide, and Terraform testing. - Updated AGENTS.md and CLAUDE.md to reflect new skills and their usage in the skill selection matrix. - Updated skills-lock.json to include new skills and their corresponding sources.
- Added cert-manager installation manifest for managing TLS certificates. - Created ClusterIssuer for Let's Encrypt production environment. - Introduced ConfigMap for IP Factory configuration settings. - Implemented frontend deployment and service for the application. - Configured Horizontal Pod Autoscalers for backend and frontend deployments. - Set up ingress controller deployment manifest for handling incoming traffic. - Defined Ingress resource for routing traffic to frontend and backend services. - Established MySQL StatefulSet and service for database management. - Created namespace for isolating IP Factory resources. - Added PodDisruptionBudgets for backend and frontend applications. - Configured SecretProviderClass for managing secrets with Azure Key Vault. - Documented placeholder secrets in a Kubernetes Secret manifest. - Set up Terraform backend configuration for Azure. - Developed Terraform infrastructure for production environment, including resource group, networking, AKS, ACR, and Key Vault. - Defined outputs for Terraform modules to expose important resource information.
Contributor
There was a problem hiding this comment.
Pull request overview
Adds infrastructure-as-code and Kubernetes manifests to support an Azure-based “Terraform Deployment” production environment, alongside updates to the repo’s agent skills metadata.
Changes:
- Introduces Terraform modules (networking, AKS, ACR, Key Vault) and a production environment configuration with an AzureRM backend.
- Adds production Kubernetes manifests (namespace, ingress, HPA/PDB, MySQL StatefulSet, Key Vault CSI SecretProviderClass wiring).
- Updates agent skills registry/docs and adds new skill content under
.agents/skills/.
Reviewed changes
Copilot reviewed 51 out of 53 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| skills-lock.json | Adds new agent skill sources/hashes for Terraform/testing/CI review workflows. |
| infra/terraform/modules/networking/variables.tf | Defines inputs for VNet/subnet/DNS zone creation. |
| infra/terraform/modules/networking/main.tf | Creates VNet, AKS subnet, and optional DNS zone. |
| infra/terraform/modules/networking/outputs.tf | Exposes VNet/subnet/DNS outputs for environment composition. |
| infra/terraform/modules/keyvault/variables.tf | Defines inputs for Key Vault and role assignments. |
| infra/terraform/modules/keyvault/main.tf | Creates Key Vault with RBAC and assigns roles to AKS + deployer. |
| infra/terraform/modules/keyvault/outputs.tf | Exposes Key Vault identifiers/URI for consumers. |
| infra/terraform/modules/aks/variables.tf | Defines AKS cluster and node pool inputs (incl. autoscaling knobs). |
| infra/terraform/modules/aks/main.tf | Creates AKS cluster with KV secrets provider + workload identity enabled. |
| infra/terraform/modules/aks/outputs.tf | Exposes AKS IDs, kubeconfig, identity object IDs, etc. |
| infra/terraform/modules/acr/variables.tf | Defines ACR inputs and kubelet identity for AcrPull. |
| infra/terraform/modules/acr/main.tf | Creates ACR and assigns AcrPull to AKS kubelet identity. |
| infra/terraform/modules/acr/outputs.tf | Exposes ACR login server and registry ID. |
| infra/terraform/environments/production/versions.tf | Pins Terraform + AzureRM provider versions for production env. |
| infra/terraform/environments/production/variables.tf | Declares production environment variables and defaults. |
| infra/terraform/environments/production/terraform.tfvars | Provides concrete production values (region, sizing, CIDRs, domain). |
| infra/terraform/environments/production/main.tf | Composes modules (networking/aks/acr/keyvault) for production. |
| infra/terraform/environments/production/outputs.tf | Exposes key environment outputs (RG, AKS, ACR, Key Vault, DNS). |
| infra/terraform/backend.tf | Configures remote state backend in Azure Storage. |
| infra/k8s/production/namespace.yaml | Creates the ip-factory namespace. |
| infra/k8s/production/configmap.yaml | Adds production ConfigMap for app configuration. |
| infra/k8s/production/secret.yaml | Adds placeholder Secret manifest for documentation/bootstrapping. |
| infra/k8s/production/secret-provider-class.yaml | Defines Azure Key Vault CSI SecretProviderClass resources. |
| infra/k8s/production/backend-deployment.yaml | Deploys backend with env from ConfigMap/Secret and CSI volumes. |
| infra/k8s/production/frontend-deployment.yaml | Deploys frontend and exposes ClusterIP service. |
| infra/k8s/production/mysql-statefulset.yaml | Adds MySQL StatefulSet + headless Service + PVC template. |
| infra/k8s/production/ingress.yaml | Defines public ingress rules + TLS via cert-manager. |
| infra/k8s/production/hpa.yaml | Adds HPA for frontend/backend deployments. |
| infra/k8s/production/pdb.yaml | Adds PDBs for frontend/backend availability guarantees. |
| infra/k8s/production/ingress-controller/deploy.yaml | Documents ingress-nginx install source/commands. |
| infra/k8s/production/cert-manager/cert-manager.yaml | Documents cert-manager install source/commands. |
| infra/k8s/production/cert-manager/cluster-issuer.yaml | Adds Let’s Encrypt prod ClusterIssuer. |
| CLAUDE.md | Updates skill path and expands skill matrix/recommendations. |
| AGENTS.md | Updates skill matrix/recommendations to include new skills. |
| .claude/skills/writing-plans | Adds a pointer to .agents/skills/writing-plans. |
| .claude/skills/test-driven-development | Adds a pointer to .agents/skills/test-driven-development. |
| .claude/skills/terraform-test | Adds a pointer to .agents/skills/terraform-test. |
| .claude/skills/terraform-style-guide | Adds a pointer to .agents/skills/terraform-style-guide. |
| .claude/skills/requesting-code-review | Adds a pointer to .agents/skills/requesting-code-review. |
| .claude/skills/github-actions-templates | Adds a pointer to .agents/skills/github-actions-templates. |
| .claude/skills/e2e-testing-patterns | Adds a pointer to .agents/skills/e2e-testing-patterns. |
| .agents/skills/writing-plans/plan-document-reviewer-prompt.md | Adds a reviewer prompt template for plan documents. |
| .agents/skills/writing-plans/SKILL.md | Adds “writing-plans” skill definition and workflow. |
| .agents/skills/test-driven-development/testing-anti-patterns.md | Adds test anti-pattern guidance (TDD skill companion doc). |
| .agents/skills/test-driven-development/SKILL.md | Adds TDD skill definition and workflow. |
| .agents/skills/terraform-test/SKILL.md | Adds Terraform testing skill content (extensive guide). |
| .agents/skills/terraform-style-guide/SKILL.md | Adds Terraform style guide skill content. |
| .agents/skills/requesting-code-review/code-reviewer.md | Adds a template prompt for a code-reviewer subagent. |
| .agents/skills/requesting-code-review/SKILL.md | Adds requesting-code-review skill definition and workflow. |
| .agents/skills/github-actions-templates/SKILL.md | Adds GitHub Actions workflow templates skill content. |
| .agents/skills/e2e-testing-patterns/SKILL.md | Adds E2E testing patterns skill content. |
Comments suppressed due to low confidence (5)
infra/terraform/modules/aks/main.tf:1
node_countis set unconditionally even when autoscaling is enabled. For AzureRM AKS node pools, enabling autoscaling generally requires omittingnode_count(or setting it to null) and usingmin_count/max_countinstead; otherwise Terraform plans can fail validation. Makenode_countconditional onvar.auto_scaling_enabled(e.g., null when autoscaling is enabled) to avoid provider errors.
infra/terraform/environments/production/outputs.tf:1- The output is named/described as a cluster name, but it returns
module.aks.cluster_id. This is misleading for consumers and can break downstream scripting that expects a name. Either change the value to a name output (and add/consume an output from the AKS module), or rename this output toaks_cluster_idand update its description accordingly.
infra/terraform/backend.tf:1 - The backend configuration hardcodes a production-specific
key(and storage naming). If you add more environments later, this file becomes a foot-gun (easy to accidentally init/apply against the production state). Consider using a partial backend config committed to the repo and passing env-specific values viaterraform init -backend-config=..., or moving env-specific backend config under the environment directory with a clear init workflow.
infra/k8s/production/pdb.yaml:1 - With
minAvailable: 1, a single-replica Deployment can become non-evictable during voluntary disruptions (node drains/cluster upgrades), potentially stalling maintenance operations. If you intend to run atreplicas: 1(as in the Deployments), consider usingmaxUnavailable: 1or loweringminAvailableto0unless you can guarantee >1 replicas at disruption time.
infra/k8s/production/secret.yaml:1 - This manifest creates a real
Secretresource but contains nodatakeys, while workloads reference specific keys viasecretKeyRef. If someone applies the whole directory, this can cause startup failures or confusing race conditions with CSI secret sync/update expectations. A safer pattern is to (a) rename/move this to a non-applied location (e.g.,*.example.yamlordocs/), or (b) manage the Secret exclusively via external tooling/CSI and avoid committing an applyable Secret manifest.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+7
to
+11
| kubernetes.io/ingress.class: nginx | ||
| cert-manager.io/cluster-issuer: letsencrypt-prod | ||
| nginx.ingress.kubernetes.io/proxy-body-size: "10m" | ||
| nginx.ingress.kubernetes.io/proxy-read-timeout: "60" | ||
| spec: |
There was a problem hiding this comment.
kubernetes.io/ingress.class is deprecated in favor of spec.ingressClassName. To align with current Kubernetes APIs and avoid deprecation issues, set spec.ingressClassName: nginx and drop the legacy annotation (or keep it only if you must support very old clusters).
Suggested change
| kubernetes.io/ingress.class: nginx | |
| cert-manager.io/cluster-issuer: letsencrypt-prod | |
| nginx.ingress.kubernetes.io/proxy-body-size: "10m" | |
| nginx.ingress.kubernetes.io/proxy-read-timeout: "60" | |
| spec: | |
| cert-manager.io/cluster-issuer: letsencrypt-prod | |
| nginx.ingress.kubernetes.io/proxy-body-size: "10m" | |
| nginx.ingress.kubernetes.io/proxy-read-timeout: "60" | |
| spec: | |
| ingressClassName: nginx |
Comment on lines
+140
to
+141
| | Skill | Path | Primary trigger | | ||
| | ----------------------------- | --------------------------------------------- | -------------------------------------------------------------------------------- | |
There was a problem hiding this comment.
The skill selection matrix table rows start with ||, which renders as an extra empty first column in standard Markdown table syntax. If the intent is a 3-column table, switch to a single leading pipe (| Skill | Path | Primary trigger |) for the header and separator rows to avoid broken/odd rendering.
| name: terraform-test | ||
| description: Comprehensive guide for writing and running Terraform tests. Use when creating test files (.tftest.hcl), writing test scenarios with run blocks, validating infrastructure behavior with assertions, mocking providers and data sources, testing module outputs and resource configurations, or troubleshooting Terraform test syntax and execution. | ||
| metadata: | ||
| copyright: Copyright IBM Corp. 2026 |
There was a problem hiding this comment.
The file includes an explicit third-party copyright notice (“Copyright IBM Corp. 2026”). If this content was copied from an external source, it may create licensing/compliance issues for the repo. Please confirm the license allows redistribution here; if not, replace with original content or include only a short excerpt plus a link to the authoritative source.
Suggested change
| copyright: Copyright IBM Corp. 2026 |
…nd purchase requests; enhance layout messages with emojis; create deployment runbook for Azure infrastructure
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.