Skip to content

Provider Storage – Installation Guide

The provider-storage configuration packages let you provision S3-compatible storage on MinIO, AWS S3, OTC OBS and others using Crossplane.
Buckets, access policies, and cross-user sharing are declared via a single, namespaced Storage spec.

Namespacing Model (Important)

Everything in this guide is namespaced:

  • You apply Storage claims to a namespace (e.g., workspace).
  • The provisioned Secret lives in the same namespace as the Storage claim (Secret name = principal).
  • Any namespaced ProviderConfigs or supporting objects that the compositions depend on must exist in that same target namespace (e.g., workspace).

In short: choose your target namespace (e.g., workspace), apply the provider configs there, and create your Storage claims in that namespace.

Prerequisites

  • A running Kubernetes cluster (e.g., kind, managed K8s).
  • kubectl access.
  • Crossplane installed in the cluster: 
helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update
helm install crossplane
  --namespace crossplane-system
  --create-namespace crossplane-stable/crossplane
  --version 2.0.2 
  --set provider.defaultActivations={}

To reduce control-plane load, we use a ManagedResourceActivationPolicy (MRAP) per backend so only the needed Managed Resources are active.

Step 1 – Install Provider Dependencies (per backend)

All providers follow the same staged pattern you must install before the configuration package: 1. ManagedResourceActivationPolicy – activate only the resource kinds that are needed.
2. Deployment Runtime Configs – define how providers/functions run.
3. Providers – install the required Crossplane providers.
4. ProviderConfigs (namespaced) – point providers to endpoints/credentials in your target namespace.
5. Functions – install supporting Crossplane Functions.
6. RBAC – permissions for provider-kubernetes to observe and reconcile objects.

Repository root: https://github.com/versioneer-tech/provider-storage/

MinIO

You operate a MinIO endpoint yourself (same/different cluster or DC). For a one-stop local dev on kind, see the guide around Local Setup.

AWS

You provide endpoint configuration and credentials via a Secret referenced by a namespaced ProviderConfig.

OTC

You do not deploy OBS; you provide OTC credentials via a Secret referenced by a namespaced ProviderConfig.

Step 2 – Install the Configuration Package (after dependencies)

Once the provider dependencies are in place, install the configuration package for your chosen backend. This registers the Storage CRD and compositions and allows immediate reconciliation because the providers/configs already exist.

Example – MinIO

apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
  name: storage-minio
spec:
  package: ghcr.io/versioneer-tech/provider-storage/minio:0.1.0

Example – AWS

apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
  name: storage-aws
spec:
  package: ghcr.io/versioneer-tech/provider-storage/aws:0.1.0

Example – OTC

apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
  name: storage-otc
spec:
  package: ghcr.io/versioneer-tech/provider-storage/otc:0.1.0

Apply your chosen one with:

kubectl apply -f configuration.yaml

Step 3 – (Optional) Quick Verification

After the package installs and providers are healthy, you can create a minimal Storage claim in your target namespace and verify readiness and credentials. See the Usage & Concepts guide for details (kubectl get storages -n <ns>, and inspect the Secret named after the principal).