165 lines
3.8 KiB
YAML
165 lines
3.8 KiB
YAML
apiVersion: tf.upbound.io/v1beta1
|
|
kind: ProviderConfig
|
|
metadata:
|
|
name: minio
|
|
spec:
|
|
configuration: |
|
|
provider minio {
|
|
// required
|
|
minio_server = "s3-new.badhouseplants.net:443"
|
|
minio_region = "us-east-1"
|
|
minio_ssl = "true"
|
|
}
|
|
|
|
terraform {
|
|
backend "kubernetes" {
|
|
secret_suffix = "minio-tf-state"
|
|
namespace = "platform"
|
|
in_cluster_config = true
|
|
}
|
|
required_providers {
|
|
minio = {
|
|
source = "aminueza/minio"
|
|
version = "2.4.3"
|
|
}
|
|
}
|
|
}
|
|
---
|
|
apiVersion: tf.upbound.io/v1beta1
|
|
kind: Workspace
|
|
metadata:
|
|
name: example-bucket-creation
|
|
spec:
|
|
providerConfigRef:
|
|
name: minio
|
|
writeConnectionSecretToRef:
|
|
namespace: platform
|
|
name: tf-minio-state-output
|
|
forProvider:
|
|
source: Inline
|
|
env:
|
|
- name: MINIO_PASSWORD
|
|
secretKeyRef:
|
|
namespace: platform
|
|
name: minio-secret
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
- name: MINIO_USER
|
|
secretKeyRef:
|
|
namespace: platform
|
|
name: minio-secret
|
|
key: AWS_ACCESS_KEY_ID
|
|
module: |
|
|
resource "minio_s3_bucket" "states" {
|
|
bucket = "states"
|
|
}
|
|
|
|
resource "minio_iam_user" "terraform" {
|
|
name = "terraform"
|
|
force_destroy = true
|
|
tags = {
|
|
service = "terraform"
|
|
}
|
|
}
|
|
resource "minio_iam_policy" "terraform" {
|
|
name = "state-terraform"
|
|
policy= <<EOF
|
|
{
|
|
"Version":"2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid":"terraform",
|
|
"Effect": "Allow",
|
|
"Action": ["s3:PutObject"],
|
|
"Resource": "arn:aws:s3:::state-terraform-s3/*"
|
|
}
|
|
]
|
|
}
|
|
EOF
|
|
}
|
|
|
|
resource "minio_iam_user_policy_attachment" "terraform" {
|
|
user_name = minio_iam_user.terraform.id
|
|
policy_name = minio_iam_policy.terraform.id
|
|
}
|
|
|
|
output "MINIO_USERNAME" {
|
|
value = minio_iam_user.terraform.id
|
|
}
|
|
|
|
output "MINIO_PASSWORD" {
|
|
value = minio_iam_user.terraform.secret
|
|
sensitive = true
|
|
}
|
|
---
|
|
apiVersion: tf.upbound.io/v1beta1
|
|
kind: ProviderConfig
|
|
metadata:
|
|
name: minio-backend
|
|
spec:
|
|
configuration: |
|
|
provider minio {
|
|
// required
|
|
minio_server = "s3-new.badhouseplants.net:443"
|
|
minio_region = "us-east-1"
|
|
minio_ssl = "true"
|
|
}
|
|
|
|
terraform {
|
|
backend "s3" {
|
|
bucket = "states"
|
|
key = "test"
|
|
region = "us-east-1"
|
|
endpoint = "https://s3-new.badhouseplants.net"
|
|
}
|
|
required_providers {
|
|
minio = {
|
|
source = "aminueza/minio"
|
|
version = "2.4.3"
|
|
}
|
|
}
|
|
skip_credentials_validation = true
|
|
skip_metadata_api_check = true
|
|
skip_region_validation = true
|
|
use_path_style = true
|
|
skip_requesting_account_id = true
|
|
}
|
|
---
|
|
apiVersion: tf.upbound.io/v1beta1
|
|
kind: Workspace
|
|
metadata:
|
|
name: try-backend
|
|
spec:
|
|
providerConfigRef:
|
|
name: minio-backend
|
|
writeConnectionSecretToRef:
|
|
namespace: platform
|
|
name: tf-minio-state-output
|
|
forProvider:
|
|
source: Inline
|
|
env:
|
|
- name: MINIO_PASSWORD
|
|
secretKeyRef:
|
|
namespace: platform
|
|
name: tf-minio-state-output
|
|
key: MINIO_PASSWORD
|
|
- name: MINIO_USER
|
|
secretKeyRef:
|
|
namespace: platform
|
|
name: tf-minio-state-output
|
|
key: MINIO_USERNAME
|
|
- name: AWS_ACCESS_KEY_ID
|
|
secretKeyRef:
|
|
namespace: platform
|
|
name: minio-secret
|
|
key: AWS_ACCESS_KEY_ID
|
|
- name: AWS_SECRET_ACCESS_KEY
|
|
secretKeyRef:
|
|
namespace: platform
|
|
name: minio-secret
|
|
key: AWS_SECRET_ACCESS_KEY
|
|
module: |
|
|
resource "minio_s3_bucket" "states" {
|
|
bucket = "states-test"
|
|
}
|
|
|