Terraform-nomad-minio module is IaaC - infrastructure as a code. Module contains a nomad job with Minio.
- consul service integration.
- docker driver
Software | OSS Version | Enterprise Version |
---|---|---|
Terraform | 1.0.7 or newer | |
Consul | 1.10.3 or newer | 1.10.3 or newer |
Vault | 1.8.4 or newer | 1.8.4 or newer |
Nomad | 1.1.6 or newer | 1.1.6 or newer |
No modules required.
The following command will run an example with standalone instance of Minio.
terraform init
terraform plan
terraform apply
You can verify that Minio ran successful by checking the Minio UI on localhost:9000/.
These are the default values for the Minio module.
module "minio" {
source = "../.."
# nomad
nomad_datacenters = ["dc1"]
nomad_namespace = "default"
nomad_host_volume = "persistence"
# minio
service_name = "minio"
host = "127.0.0.1"
port_static = 9000
image = "minio/minio:latest"
vault_secret = {
use_vault_provider = true,
vault_kv_policy_name = "kv-secret",
vault_kv_path = "secret/data/minio",
vault_kv_field_access_key = "access_key",
vault_kv_field_secret_key = "secret_key"
}
volume_destination = "/data"
envs = ["SOME_VAR_N1=some-value"]
use_host_volume = true
use_canary = true
use_vault_kms = false
}
To set the credentials manually you first need to tell the module to not fetch
credentials from vault. To do that, set vault_secret.use_vault_provider
to
false
(see below for example). If this is done the module will use the
variables access_key
and secret_key
to set the Minio credentials. These will
default to minio
and minio123
if not set by the user.
Below is an example on how to disable the use of vault credentials, and setting
your own credentials.
module "minio" {
...
vault_secret = {
use_vault_provider = false,
vault_kv_path = "",
vault_kv_field_access_key = "",
vault_kv_field_secret_key = ""
}
access_key = "some-user-provided-access-key"
secret_key = "some-user-provided-secret-key"
If you want to use the vault stored credentials, you can do so by changing the
vault_secret
object similar to below:
module "minio" {
...
vault_secret = {
use_vault_provider = true,
vault_kv_policy_name = "kv-secret"
vault_kv_path = "secret/minio",
vault_kv_field_access_key = "access_key",
vault_kv_field_secret_key = "secret_key"
}
}
We are using
host volume to
store Minio data. Minio data will now be available in the persistence/minio
folder.