TL;DR:
- Call the module once per desired target cluster.
- The provider alias you pass into the module determines the cluster.
- Customize the Kubernetes resources per environment using Terraform syntax.
Use the module
To provision the Sealed Secrets Terraform module on a Kubernetes cluster, call the module, set source
and version
, and pass an aliased kustomization
provider into the module.
The provider configuration determines what cluster the Kuberneters resources are provisioned on.
Framework documentation includes a complete example of how the kubeconfig
output of a cluster module can be used to configure a kustomization
provider alias.
module "eks_zero_sealed_secrets" {providers = {kustomization = kustomization.eks_zero}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"}
module "aks_zero_sealed_secrets" {providers = {kustomization = kustomization.aks_zero}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"}
module "gke_zero_sealed_secrets" {providers = {kustomization = kustomization.gke_zero}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"}
Customize resources
All Kubestack cluster service modules support the same module attributes and per environment configuration. The module configuration is a Kustomization set in the per environment configuration map following Kubestack's inheritance model.
This example overwrites the metadata.namespace
of all Kubernetes resources provisioned by the Sealed Secrets module using a Terraform variable.
module "example_sealed_secrets" {providers = {kustomization = kustomization.example}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"configuration = {apps = {namespace = var.example_sealed_secrets_namespace}ops = {}loc = {}}}
Full documentation how to customize a module's Kubernetes resources is available in the cluster service module configuration section of the framework documentation.