apiVersion: tf.upbound.io/v1beta1 kind: ProviderConfig metadata: name: minio spec: configuration: | provider minio { // required minio_server = "s3-new.badhouseplants.net:443" minio_region = "us-east-1" minio_ssl = "true" } terraform { backend "kubernetes" { secret_suffix = "minio-tf-state" namespace = "platform" in_cluster_config = true } required_providers { minio = { source = "aminueza/minio" version = "2.4.3" } } } --- apiVersion: tf.upbound.io/v1beta1 kind: Workspace metadata: name: example-bucket-creation spec: providerConfigRef: name: minio writeConnectionSecretToRef: namespace: platform name: tf-minio-state-output forProvider: source: Inline env: - name: MINIO_PASSWORD secretKeyRef: namespace: platform name: minio-secret key: AWS_SECRET_ACCESS_KEY - name: MINIO_USER secretKeyRef: namespace: platform name: minio-secret key: AWS_ACCESS_KEY_ID module: | resource "minio_s3_bucket" "states" { bucket = "states" } resource "minio_iam_user" "terraform" { name = "terraform" force_destroy = true tags = { service = "terraform" } } resource "minio_iam_policy" "terraform" { name = "state-terraform" policy= <<EOF { "Version":"2012-10-17", "Statement": [ { "Sid":"terraform", "Effect": "Allow", "Action": ["s3:PutObject"], "Resource": "arn:aws:s3:::state-terraform-s3/*" } ] } EOF } resource "minio_iam_user_policy_attachment" "terraform" { user_name = minio_iam_user.terraform.id policy_name = minio_iam_policy.terraform.id } output "MINIO_USERNAME" { value = minio_iam_user.terraform.id } output "MINIO_PASSWORD" { value = minio_iam_user.terraform.secret sensitive = true } --- apiVersion: tf.upbound.io/v1beta1 kind: ProviderConfig metadata: name: minio-backend spec: configuration: | provider minio { // required minio_server = "s3-new.badhouseplants.net:443" minio_region = "us-east-1" minio_ssl = "true" } terraform { backend "s3" { bucket = "states" key = "test" region = "us-east-1" endpoint = "https://s3-new.badhouseplants.net" use_path_style = true skip_credentials_validation = true skip_metadata_api_check = true skip_region_validation = true } required_providers { minio = { source = "aminueza/minio" version = "2.4.3" } } } --- apiVersion: tf.upbound.io/v1beta1 kind: Workspace metadata: name: try-backend spec: providerConfigRef: name: minio-backend writeConnectionSecretToRef: namespace: platform name: tf-minio-state-output forProvider: source: Inline env: - name: MINIO_PASSWORD secretKeyRef: namespace: platform name: tf-minio-state-output key: MINIO_PASSWORD - name: MINIO_USER secretKeyRef: namespace: platform name: tf-minio-state-output key: MINIO_USERNAME - name: AWS_ACCESS_KEY_ID secretKeyRef: namespace: platform name: minio-secret key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY secretKeyRef: namespace: platform name: minio-secret key: AWS_SECRET_ACCESS_KEY module: | resource "minio_s3_bucket" "states" { bucket = "states-test" }