Run with IDPBuilder 🏗️ 💻

IDPBuilder is a tool for creating local Internal Developer Platform environments using KIND clusters. It provides a fast way to deploy and test platform components including ArgoCD, Vault, Backstage, and AI Platform Engineering agents.

Prerequisites

kubectl installed
IDPBuilder binary installed

Architecture Overview

IDPBuilder creates a KIND cluster and deploys platform components via ArgoCD. The CAIPE (Community AI Platform Engineering) stack adds authentication, secret management, and multi-agent AI capabilities:

Component Flow

IDPBuilder Initialization: Creates KIND cluster and deploys ArgoCD + Gitea as foundation
Platform Deployment: ArgoCD deploys all platform components from Git repositories
Authentication Setup: Keycloak provides SSO for Backstage and other platform services
Secret Management: Vault stores secrets, External Secrets distributes to applications
Developer Access: NGINX Ingress routes traffic, Backstage provides developer portal
AI Integration: Agent-Forge plugin in Backstage connects to CAIPE MAS Agent
Multi-Agent System: Orchestrator manages individual agents for different platform domains

Section Outline

Create KIND Cluster with IDPBuilder
Access ArgoCD and Monitor Deployments
Configure Vault Secrets
Access Backstage Portal
Use CAIPE MAS Agent

Create KIND Cluster with IDPBuilder

Step 1: Create the Platform

# Create cluster with reference implementation + lightweight AI stack
idpbuilder create \
  --use-path-routing \
  --package https://github.com/cnoe-io/stacks//ref-implementation \
  --package https://github.com/suwhang-cisco/stacks//ai-platform-engineering

This command will:

Create a KIND cluster
Install core platform components
Deploy ArgoCD, Vault, and Backstage
Configure ingress with path-based routing

This takes around 5-10 minutes. Feel free to grab a coffee while it's deploying ☕

Step 2: Verify Cluster

# Check cluster status
kubectl get nodes

# Verify all pods are running
kubectl get pods --all-namespaces

# Check ingress configuration
kubectl get ingress --all-namespaces

Access ArgoCD and Monitor Deployments

Once the cluster is created, IDPBuilder outputs the ArgoCD URL.

Step 1: Get ArgoCD Credentials

# Get admin password
idpbuilder get secrets -p argocd

Step 2: Access ArgoCD

Open https://cnoe.localtest.me:8443/argocd/ and login with:

Username: admin
Password: From the command above

Monitor application sync status. Initial synchronization takes 3-5 minutes.

Configure Vault Secrets

After Vault application syncs on ArgoCD successfully:

ArgoCD Vault Sync

Step 1: Get Vault Token

# Extract root token
kubectl get secret vault-root-token -n vault -o jsonpath="{.data}" | \
  jq -r 'to_entries[] | "\(.key): \(.value | @base64d)"'

Step 2: Access Vault

Open https://vault.cnoe.localtest.me:8443/. When you are asked to log in to the Vault UI, use the root token from the previous step.

Step 3: Update Secrets

Navigate to secrets/ai-platform-engineering in Vault UI: https://vault.cnoe.localtest.me:8443/ui/vault/secrets/secret/kv/list/ai-platform-engineering/

Configure Global LLM Settings: Vault Secrets The global secret is required and contains LLM provider configuration shared across all agents:

LLM_PROVIDER: Defaults to azure-openai. Available options are: azure-openai, openai, aws-bedrock
Configure only the fields for your chosen provider:

For AWS Bedrock (aws-bedrock):

LLM_PROVIDER: "aws-bedrock"
AWS_ACCESS_KEY_ID: <your-access-key>
AWS_SECRET_ACCESS_KEY: <your-secret-key>
AWS_REGION: <your-region>
AWS_BEDROCK_MODEL_ID: <your-model-id>
AWS_BEDROCK_PROVIDER: <your-provider>

For OpenAI (openai):

LLM_PROVIDER: "openai"
OPENAI_API_KEY: <your-api-key>
OPENAI_ENDPOINT: <your-endpoint>
OPENAI_MODEL_NAME: <your-model-name>

For Azure OpenAI (azure-openai):

LLM_PROVIDER: "azure-openai"
AZURE_OPENAI_API_KEY: <your-api-key>
AZURE_OPENAI_ENDPOINT: <your-endpoint>
AZURE_OPENAI_API_VERSION: <your-api-version>

Configure Agent-Specific Secrets: For each agent you plan to use, populate all required fields in their respective secrets (e.g., github-secret, pagerduty-secret, jira-secret). All fields are required for the agent to function properly.
Force secret refresh:

# Refresh secrets
kubectl delete secret --all -n ai-platform-engineering
# Once new secrets are created, delete pods to pick up new secrets
kubectl delete pod --all -n ai-platform-engineering

Access Backstage Portal

Step 1: Get Backstage Credentials

# Get user1 password
idpbuilder get secrets | grep USER_PASSWORD | sed 's/.*USER_PASSWORD=\([^,]*\).*/\1/'

Open https://cnoe.localtest.me:8443/ and login with:

Username: user1
Password: From Step 1 above

Use CAIPE (Community AI Platform Engineering) MAS Agent

Once logged into Backstage:

Look for the agent icon in the bottom-right corner
Click to open the AI assistant
Start chatting with the platform engineering agent

Useful Addresses for IDPBuilder Cluster

ArgoCD: https://cnoe.localtest.me:8443/argocd/
Backstage: https://cnoe.localtest.me:8443/
Vault: https://vault.cnoe.localtest.me:8443/
Keycloak: https://cnoe.localtest.me:8443/keycloak/admin/master/console/
Gitea: https://cnoe.localtest.me:8443/gitea/

Cleanup

# Destroy the cluster and all resources
kind delete cluster --name localdev

Prerequisites​

Architecture Overview​

Component Flow​

Section Outline​

Create KIND Cluster with IDPBuilder​

Step 1: Create the Platform​

Step 2: Verify Cluster​

Access ArgoCD and Monitor Deployments​

Step 1: Get ArgoCD Credentials​

Step 2: Access ArgoCD​

Configure Vault Secrets​

Step 1: Get Vault Token​

Step 2: Access Vault​

Step 3: Update Secrets​

Access Backstage Portal​

Step 1: Get Backstage Credentials​

Step 2: Login to Backstage​

Use CAIPE (Community AI Platform Engineering) MAS Agent​

Useful Addresses for IDPBuilder Cluster​

Cleanup​