starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-01-11 22:30:25 +01:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
a37d99f0693c03a43859858005f8a0ec8770b0f9
nix-config-ryan4yin/infra/minio/loki/loki.tf
Ryan Yin a37d99f069 chore: remove the unused loki buckets
2025-06-08 19:13:15 +08:00

85 lines
1.8 KiB
HCL
Raw Blame History

# ==============================================
# Buckets
# ==============================================
resource "minio_s3_bucket" "k3s-test-1-loki-chunks" {
bucket = "k3s-test-1-loki-chunks"
acl = "private"
}
# ==============================================
# Bucket Lifecycle
# ==============================================
resource "minio_ilm_policy" "loki-chunks-expire-rules" {
bucket = minio_s3_bucket.k3s-test-1-loki-chunks.bucket
rule {
id = "expire-7d"
status = "Enabled"
expiration = "7d"
}
}
# ==============================================
# User & Permission
# ==============================================
resource "minio_iam_user" "loki" {
name = "loki"
force_destroy = true
tags = {
env = "prod"
managedBy = "terraform"
}
}
resource "minio_iam_service_account" "loki" {
target_user = minio_iam_user.loki.name
}
resource "minio_iam_policy" "loki" {
name = "loki"
policy = <<EOF
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ObjectFullAccess",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
"s3:DeleteObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::k3s-test-1-loki-chunks/*"
]
}
]
}
EOF
}
resource "minio_iam_user_policy_attachment" "loki-1" {
user_name = minio_iam_user.loki.id
policy_name = minio_iam_policy.loki.id
}
# ======================================================
output "loki-chunks_url" {
value = minio_s3_bucket.k3s-test-1-loki-chunks.bucket_domain_name
}
output "loki_accesskey" {
value = minio_iam_service_account.loki.access_key
}
output "loki_secretkey" {
value = minio_iam_service_account.loki.secret_key
sensitive = true
}
Reference in New Issue View Git Blame Copy Permalink