Alauda Container Platform

Creating a BucketClass for MinIO

MinIO integrates with Kubernetes through the Container Object Storage Interface (COSI) to provide scalable, S3-compatible object storage for analytics, backup & restore, and ML/AI workloads. Before provisioning buckets, define a BucketClass.

A BucketClass is a template resource that sets the storage driver, the authentication Secret, and the deletion policy applied to all buckets created from it.

TOC

Prerequisites

RequirementNotes
MinIO cluster ready for usePrepare MinIO by following the installation guide.
Alauda Container Platform COSI plug-insacp-cosi and acp-cosi-minio must be installed. See Installing COSI Plug-ins for installation steps.
Kubernetes Secret containing MinIO credentialsPrepared in Step 2.

Step 1 - Prepare a MinIO Cluster

Ensure that a MinIO cluster is installed and accessible. Follow the MinIO installation documentation to deploy and configure your MinIO environment.

Step 2 - Prepare the Credential Secret

COSI retrieves MinIO credentials from a Kubernetes Secret. Collect the following values:

  • Endpoint - e.g. http://minio.minio-system.svc or https://minio.example.com:9000
  • AccessKey
  • SecretKey

Create the Secret in the target namespace and label it for UI discovery:

kubectl create secret generic minio-credentials -n <YOUR_NAMESPACE> \
  --from-literal=Endpoint=http://<YOUR_MINIO_ENDPOINT> \
  --from-literal=AccessKey=<YOUR_ACCESS_KEY> \
  --from-literal=SecretKey=<YOUR_SECRET_KEY>

kubectl label secret minio-credentials -n <YOUR_NAMESPACE> app=minio

Important: The label app=minio is required for the platform UI to list the Secret.

Note: Key names are case-sensitive and must be exactly Endpoint, AccessKey, and SecretKey.

If you prefer GitOps, you can define the Secret declaratively:

apiVersion: v1
kind: Secret
metadata:
  name: minio-credentials
  namespace: <YOUR_NAMESPACE>
  labels:
    app: minio
type: Opaque
stringData:
  Endpoint: http://<YOUR_MINIO_ENDPOINT>
  AccessKey: <YOUR_ACCESS_KEY>
  SecretKey: <YOUR_SECRET_KEY>

Step 3 - Create the BucketClass

Option 1 - UI Workflow

  1. Navigate to Storage → Object StorageClass and click Create Object StorageClass.

  2. Select MinIO Object Storage as the driver.

  3. Configure the following fields:

    • Deletion Policy - How the underlying bucket is handled when its BucketClaim is deleted (default: Delete).
    • Secret - Choose the Secret created in Step 2 (only Secrets with app=minio are shown).
    • Allocate Projects - Optional: restrict usage to specific projects.

  4. Click Create.

Option 2 - YAML (GitOps-friendly)

Create minio-bucketclass.yaml. The example below uses the MinIO COSI driver and points to a Secret with the correct Secret references.

apiVersion: objectstorage.k8s.io/v1alpha1
kind: BucketClass
driverName: minio.objectstorage.k8s.io
metadata:
  labels:
    project.cpaas.io/name: null
    project.cpaas.io/ALL_ALL: "true"
  name: minio-bucket-class
  annotations:
    cpaas.io/display-name: BucketClass for MinIO
    cpaas.io/access-mode: ""
    cpaas.io/features: ""
parameters:
  providerSecretName: <your-secret-name>
  providerSecretNamespace: <your-secret-namespace>
deletionPolicy: Delete

Apply the manifest:

kubectl apply -f minio-bucketclass.yaml

Verification and Next Steps

Verify the BucketClass:

kubectl get bucketclass

Once the BucketClass is ready, create Bucket or BucketClaim resources referencing it to provision S3-compatible object storage backed by MinIO.