Terraform MinIO for techtales.io

MinIO S3 Server Infrastructure as code with Terraform.

Table of Contents

• Concept
  • Policy
• Usage
• Code-Style
  • Terraform
• Getting Started
  • Prerequisties
  • Initialize repository
• ENV
• Terraform docs
  • Requirements
  • Providers
  • Modules
  • Resources
  • Inputs
  • Outputs

Concept

Policy

Users

Real users will access buckets by the following pattern:

$BUCKET/$USER/*

Example: backup/tyriis/android, documents/jazzlyn/

Groups

Member of groups will access buckets by the following pattern:

$BUCKET/$GROUP/*

Example: documents/techtales/, documents/familly/

K8s services and service accounts

K8s services will access buckets by the following pattern:

$CLUSTER/$SERVICE/*

Example: k3s.home/node-red/data

ToDo: check if it would be better to create a bucket for each service

Usage

*various commands

Code-Style

Terraform

Best practices

terraform-best-practices.com

Naming of Terraform resources

• lower-case characters

Pattern: [a-z_-]+

Getting Started

Prerequisties

• pre-commit
• terraform
• terraform-docs
• tflint
• tfsec

Initialize repository

Terraform and pre-commit framework need to get initialized.

task terraform:init
task pre-commit:init

ENV

Name	Description
VAULT_TOKEN	vault token
AWS_ENDPOINT_URL_S3	endpoint url for the s3 state backend
AWS_REGION	region for the s3 state backend
AWS_ACCESS_KEY_ID	username for the s3 state backend
AWS_SECRET_ACCESS_KEY	password for the s3 state backend
MINIO_ENDPOINT	the minio endpoint FQDN without http(s)
MINIO_USER	the minio admin username
MINIO_PASSWORD	the minio admin password
MINIO_ENABLE_HTTPS	should be true

Terraform docs

Requirements

Name	Version
terraform	>=1.5.0
local	2.4.1
minio	2.0.1
vault	4.2.0

Providers

Name	Version
minio	2.0.1

Modules

Name	Source	Version
cloudnative_pg_bucket	./modules/bucket	n/a
loki_user_bucket	./modules/user-bucket	n/a
terraform_user_bucket	./modules/user-bucket	n/a
thanos_user_bucket	./modules/user-bucket	n/a
volsync_bucket	./modules/bucket	n/a

Resources

Name	Type
minio_iam_group.child	resource
minio_iam_group.parent	resource
minio_iam_group_membership.child	resource
minio_iam_group_membership.parent	resource
minio_iam_group_policy_attachment.backup	resource
minio_iam_group_policy_attachment.backup_child	resource
minio_iam_policy.alex_phone_backup	resource
minio_iam_policy.backup	resource
minio_iam_policy.backup_jasmin_phone	resource
minio_iam_policy.dominik_phone_backup	resource
minio_iam_policy.nils_phone_backup	resource
minio_iam_user.alex	resource
minio_iam_user.cloudnative_pg	resource
minio_iam_user.dominik	resource
minio_iam_user.jazzlyn	resource
minio_iam_user.loki	resource
minio_iam_user.terraform	resource
minio_iam_user.thanos	resource
minio_iam_user.tyriis	resource
minio_iam_user.volsync	resource
minio_iam_user_policy_attachment.backup	resource
minio_iam_user_policy_attachment.backup_alex_phone	resource
minio_iam_user_policy_attachment.backup_dominik_phone	resource
minio_iam_user_policy_attachment.backup_jasmin_phone	resource
minio_s3_bucket.backup	resource
minio_s3_bucket.gitlab_runner_cache	resource
minio_iam_policy_document.alex_phone_backup	data source
minio_iam_policy_document.backup	data source
minio_iam_policy_document.backup_jasmin_phone	data source
minio_iam_policy_document.dominik_phone_backup	data source
minio_iam_policy_document.nils_phone_backup	data source

Inputs

No inputs.

Outputs

No outputs.