victorgetz
commented
1 year ago Hi, the reasons why we split the state are the following:
- Mulitple Providers and dependency between kubernetes terraform and kubernetes infrastructure. First you need to setup the kubernetes cluster infrastructure (CCE) before you can work on that. If you rebuild your infrastructure you can mess up your terraform state very badly if you don't split it. For example you rebuild the CCE then all the resources from the kubernetes parts are destroyed. Then you need to do --target applies and your Kubernetes terraform provider will also not work since kubernetes cluster is not present
- RBAC and Permissions. Maybe you have different teams and need to work seperatly (infra and kubernetes ops teams)
- More focus and not a single mud ball
Hand over kubeconfig:
- As in this project described we use OBS(S3) Bucket to hand over credentials
- Normally we use HashiCorp Vault to handover secrets between terraform state files
Hi there,
I would like to ask if there is a reason why you have created separate state files for the infrastructure and Kubernetes cluster. In the end I want to use a similar version in GitHub Actions combined with Terraform to provision the infrastructure and ArgoCD with the App of Apps pattern.
Is it possible to hand over the kubeconfig to the Kubernetes provider?