Provider config inside child module

Terraform Providers Kubernetes
1

I’m trying to create modules that will handle helm deployments. the structure goes like this

root module

  • call helm-traefik module
  • there’s an input (cluster name) that will be used to fetch data sources for the provider config inside the helm child module.

child module - helm-traefik

  • main tf. - call helm module
  • variables.tf
  • values.yaml

child module - helm

  • providers.tf - both provider config for kubernetes and helm are using kubelogin for authentication
  • datasources.tf
  • main.tf - helm_release
  • variables.tf

The issue is that I’m getting an error with tf plan and it says that Kubernetes cluster is unreachable. I’ve been reading docs regarding providers and I think the reason why I’m getting errors is that I don’t have the provider config for Kubernetes and helm in the root module level. Any feasible solution for this use case? I want to have a separation between the helm module in a way it can be consumed regardless of the helm chart to be deployed.

2

Also, If I put the provider config from the child module to the root module, that would mean I need to create a provider config for each cluster I want to manage.

on helm - child module, this is how I generate the provider config

datasources.tf

locals {
  # The purpose of the cluster.
  purpose = split("-", "${var.cluster_name}")[0]
  # The network environment of the cluster.
  customer_env       = split("-", "${var.cluster_name}")[2]
}


data "azurerm_kubernetes_cluster" "cluster" {
  resource_group_name = "rg-${local.purpose}-${local.customer_env}-001"
  name                = "aks-${local.purpose}-${local.customer_env}"
}

provider.tf

provider "kubernetes" {
  host                   = data.azurerm_kubernetes_cluster.cluster.kube_config.0.host
  cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.cluster.kube_config.0.cluster_ca_certificate)
  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command     = "kubelogin"
    args = [
      "get-token",
      "--login", "spn",
      "--environment", "AzurePublicCloud",
      "--server-id", "6dae42f8-4368-4678-94ff-3960e28e3630",
      "--tenant-id", data.azurerm_client_config.current.tenant_id,
      "--client-id", data.azurerm_client_config.current.client_id,
      "--client-secret", data.azurerm_key_vault_secret.service_principal_key.value,
    ]
  }
}