TL;DR:
- Call the module once per desired target cluster.
- The provider alias you pass into the module determines the cluster.
- Customize the Kubernetes resources per environment using Terraform syntax.
Use the module
To provision the Sealed Secrets Terraform module on a Kubernetes cluster, call the module, set source and version, and pass an aliased kustomization provider into the module.
The provider configuration determines what cluster the Kuberneters resources are provisioned on.
Framework documentation includes a complete example of how the kubeconfig output of a cluster module can be used to configure a kustomization provider alias.
module "eks_zero_sealed_secrets" {providers = {kustomization = kustomization.eks_zero}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"}
module "aks_zero_sealed_secrets" {providers = {kustomization = kustomization.aks_zero}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"}
module "gke_zero_sealed_secrets" {providers = {kustomization = kustomization.gke_zero}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"}
Customize resources
All Kubestack cluster service modules support the same module attributes and per environment configuration. The module configuration is a Kustomization set in the per environment configuration map following Kubestack's inheritance model.
This example overwrites the metadata.namespace of all Kubernetes resources provisioned by the Sealed Secrets module using a Terraform variable.
module "example_sealed_secrets" {providers = {kustomization = kustomization.example}source = "kbst.xyz/catalog/sealed-secrets/kustomization"version = "0.19.1-kbst.1"configuration = {apps = {namespace = var.example_sealed_secrets_namespace}ops = {}loc = {}}}
Full documentation how to customize a module's Kubernetes resources is available in the cluster service module configuration section of the framework documentation.