Kalmalyzer
commented
3 years ago We are now using Kubernetes secrets for passing info Terraform->Helm. Helm doesn't pull directly from the secrets; we need to use some shell glue logic with kubectl ... | base64 --decode to extract the secrets, and then pass them in to Helm via the command line. It's not ideal, but it works well enough; each Kubernetes cluster now contains its outward references.
The Helm chart deploy needs a couple of settings from outside of Kubernetes. Terraform should know all these (well, perhaps except for OAuth ID/secret). We should store these in Kubernetes Secrets, to eliminate the need to pass these via magic
--set magicvar=<blah>operands on thehelm installcommand line.