Hi,
I am trying to find a way to implement chained Terraform plans using tf-controller in a multi tenants Kubernetes cluster.
I would like to deploy each Terraform plan in a dedicated Kubernetes namespace, i.e
- deploy a kind Terraform named A in namespace A, which outputs a secret A
- deploy another kind Terraform named B in namespace B, which could read secret A
But secret A is in namespace A, and I can not specify a namespace in spec varsFrom, nor writeOutputsToSecret, nor readInputsFromSecrets (Does ValuesFrom support secret in gzip format · Issue #448 · fluxcd/helm-controller · GitHub).
The only solution I found is using Kyverno to sync secrets between namespaces but I don’t want to go this way.
Which in the end means I can’t chain Terraform plans, because I would need input from the first plan to launch the second one.
Any idea ? Am I missing something here ?
Thanks !