Allow static infrastructure and compute nodes to be in different Terraform workspaces

[cmd-ntrf]

Currently, all resources of a single cluster have to be declared in the same workspace with a single module.

This morning, we encounter an issue with a cluster where the auto-apply configuration in Terraform cloud almost replaced all the instances because of a change in Azure provider default value. The change was fortunately prevented by a dependency issue, but nevertheless we were lucky.

For long standing environment, putting the short-live compute instances in a separate workspace would prevent this issue. It would potentially also be more secured if we were to create a token for the compute instance workspace only.

To be able to do this, we need to need the Terraform main module to be able to output:

• Puppet server ip address
• password to join the Puppet server
• bastions' ip address
• tf user private ssh key
• network related resource ids (security group, network, subnetwork, ...)

The output of the management infrastructure workspace could connected to the compute infrastructure workspace using terraform_remote_state, see https://developer.hashicorp.com/terraform/tutorials/cloud/cloud-run-triggers