k8s-deployment/manifests/minio-tf-workspace.yaml

167 lines
3.8 KiB
YAML

apiVersion: tf.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: minio
spec:
configuration: |
provider minio {
// required
minio_server = "s3-new.badhouseplants.net:443"
minio_region = "us-east-1"
minio_ssl = "true"
}
terraform {
backend "kubernetes" {
secret_suffix = "minio-tf-state"
namespace = "platform"
in_cluster_config = true
}
required_providers {
minio = {
source = "aminueza/minio"
version = "2.4.3"
}
}
}
---
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
metadata:
name: example-bucket-creation
spec:
providerConfigRef:
name: minio
writeConnectionSecretToRef:
namespace: platform
name: tf-minio-state-output
forProvider:
source: Inline
env:
- name: MINIO_PASSWORD
secretKeyRef:
namespace: platform
name: minio-secret
key: AWS_SECRET_ACCESS_KEY
- name: MINIO_USER
secretKeyRef:
namespace: platform
name: minio-secret
key: AWS_ACCESS_KEY_ID
module: |
resource "minio_s3_bucket" "states" {
bucket = "states"
}
resource "minio_iam_user" "terraform" {
name = "terraform"
force_destroy = true
tags = {
service = "terraform"
}
}
resource "minio_iam_policy" "terraform" {
name = "state-terraform"
policy= <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Sid":"terraform",
"Effect": "Allow",
"Action": ["s3:PutObject"],
"Resource": "arn:aws:s3:::state-terraform-s3/*"
}
]
}
EOF
}
resource "minio_iam_user_policy_attachment" "terraform" {
user_name = minio_iam_user.terraform.id
policy_name = minio_iam_policy.terraform.id
}
output "MINIO_USERNAME" {
value = minio_iam_user.terraform.id
}
output "MINIO_PASSWORD" {
value = minio_iam_user.terraform.secret
sensitive = true
}
---
apiVersion: tf.upbound.io/v1beta1
kind: ProviderConfig
metadata:
name: minio-backend
spec:
configuration: |
provider minio {
// required
minio_server = "s3-new.badhouseplants.net:443"
minio_region = "us-east-1"
minio_ssl = "true"
}
terraform {
backend "s3" {
bucket = "states"
key = "test"
region = "us-east-1"
endpoint = "https://s3-new.badhouseplants.net"
use_path_style = true
skip_credentials_validation = true
skip_metadata_api_check = true
skip_region_validation = true
}
required_providers {
minio = {
source = "aminueza/minio"
version = "2.4.3"
}
}
}
---
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
metadata:
name: try-backend
spec:
providerConfigRef:
name: minio-backend
writeConnectionSecretToRef:
namespace: platform
name: tf-minio-state-output
forProvider:
source: Inline
env:
- name: MINIO_PASSWORD
secretKeyRef:
namespace: platform
name: tf-minio-state-output
key: MINIO_PASSWORD
- name: MINIO_USER
secretKeyRef:
namespace: platform
name: tf-minio-state-output
key: MINIO_USERNAME
- name: AWS_ACCESS_KEY_ID
secretKeyRef:
namespace: platform
name: minio-secret
key: AWS_ACCESS_KEY_ID
- name: AWS_SECRET_ACCESS_KEY
secretKeyRef:
namespace: platform
name: minio-secret
key: AWS_SECRET_ACCESS_KEY
module: |
resource "minio_s3_bucket" "states" {
bucket = "states-test"
}