{"id":18832575,"url":"https://github.com/linka-cloud/minio-bucket-controller","last_synced_at":"2026-04-28T21:32:45.837Z","repository":{"id":114453801,"uuid":"587341119","full_name":"linka-cloud/minio-bucket-controller","owner":"linka-cloud","description":"A kubernetes controller to manage MinIO buckets","archived":false,"fork":false,"pushed_at":"2026-01-15T16:46:54.000Z","size":327,"stargazers_count":0,"open_issues_count":3,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-15T19:10:16.315Z","etag":null,"topics":["controller","kube-builder","kubernetes","minio","s3"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/linka-cloud.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-01-10T14:27:50.000Z","updated_at":"2026-01-15T16:47:19.000Z","dependencies_parsed_at":"2023-12-09T16:40:55.915Z","dependency_job_id":null,"html_url":"https://github.com/linka-cloud/minio-bucket-controller","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/linka-cloud/minio-bucket-controller","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fminio-bucket-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fminio-bucket-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fminio-bucket-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fminio-bucket-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/linka-cloud","download_url":"https://codeload.github.com/linka-cloud/minio-bucket-controller/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/linka-cloud%2Fminio-bucket-controller/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32400861,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T19:38:08.556Z","status":"ssl_error","status_checked_at":"2026-04-28T19:37:55.688Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["controller","kube-builder","kubernetes","minio","s3"],"created_at":"2024-11-08T01:58:16.808Z","updated_at":"2026-04-28T21:32:45.832Z","avatar_url":"https://github.com/linka-cloud.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# minio-bucket-controller\n\nA simple controller to create buckets and corresponding users in MinIO.\n\n**Note**: *The controller does not intend to be a replacement for the [COSI](https://container-object-storage-interface.github.io/) project.\nIt is not as structured and does not have the same level of abstraction as the COSI.\nIt is not meant to be a generic bucket controller, but rather a simple controller to create app buckets and users in MinIO.\nIt covers a specific need: manage application's MinIO buckets and access lifecycle inside Kubernetes*\n\n## Description\n\nThis controller allows to manage buckets directly from Kubernetes:\n\n```yaml\napiVersion: s3.linka.cloud/v1alpha1\nkind: Bucket\nmetadata:\n  labels:\n    app.kubernetes.io/name: bucket\n    app.kubernetes.io/instance: bucket-sample\n    app.kubernetes.io/part-of: minio-bucket-controller\n    app.kubernetes.io/managed-by: kustomize\n    app.kubernetes.io/created-by: minio-bucket-controller\n  name: bucket-sample\nspec:\n  reclaimPolicy: Delete\n  secretName: bucket-sample-creds\n```\n\nWhen a new bucket resource is created, the corresponding minio bucket is created \nwith a new user `bucket.s3.linka.cloud/bucket-sample` and an assigned policy that allows read/write access to the bucket only:\n\n```json\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:ListAllMyBuckets\",\n        \"s3:GetBucketLocation\",\n        \"s3:ListBucket\"\n      ],\n      \"Resource\": [\n        \"arn:aws:s3:::${BUCKET}\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:*\"\n      ],\n      \"Resource\": [\n        \"arn:aws:s3:::${BUCKET}/*\"\n      ]\n    }\n  ]\n}\n```\n\nThen a service account is created for the user.\nThe service account credentials are stored in a secret:\n\n```yaml\napiVersion: v1\nkind: Secret\nmetadata:\n  name: ${BUCKET}-bucket-credentials\n  namespace: $NAMESPACE\nstringData:\n  MINIO_ACCESS_KEY: $ACCESS_KEY\n  MINIO_SECRET_KEY: $SECRET_KEY\n  MINIO_ENDPOINT: $ENDPOINT\n  MINIO_BUCKET: $BUCKET\n  MINIO_SECURE: $SECURE\n```\n\n\n\n## Getting Started\nYou’ll need a Kubernetes cluster to run against. You can use [KIND](https://sigs.k8s.io/kind) to get a local cluster for testing, or run against a remote cluster.\n**Note:** Your controller will automatically use the current context in your kubeconfig file (i.e. whatever cluster `kubectl cluster-info` shows).\n\n### Preparation\n\n#### Create a MinIO Service Account for the controller\n\nYou need to have a MinIO user with the right permissions (e.g. console admin) for the controller service account.\n\nIf you don't have one, you can create one with the following command:\n\n```sh\nmc admin user add myminio myminio-admin myminio-password\n```\n\nAssign the policy `consoleAdmin` to the user:\n\n```sh\nmc admin policy set myminio consoleAdmin user=myminio-admin\n```\n\nCreate the controller service account:\n\n```sh\nmc admin user svcacct add myminio myminio-admin\n```\n\n```\nAccess Key: \u003cACCESS_KEY\u003e\nSecret Key: \u003cSECRET_KEY\u003e\n```\n\nExport the credentials as environment variables:\n\n```sh\nexport MINIO_ACCESS_KEY=\"\u003cACCESS_KEY\u003e\"\nexport MINIO_SECRET_KEY=\"\u003cSECRET_KEY\u003e\"\nexport MINIO_ENDPOINT=\"myminio:9000\"\n```\n\nCreate a `policy.json` file with the service account IAM definition:\n\n```shell\ncat \u003c\u003cEOF \u003e policy.json\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"admin:CreateUser\",\n        \"admin:DeleteUser\",\n        \"admin:ListUsers\",\n        \"admin:CreatePolicy\",\n        \"admin:DeletePolicy\",\n        \"admin:GetPolicy\",\n        \"admin:ListUserPolicies\",\n        \"admin:CreateServiceAccount\",\n        \"admin:UpdateServiceAccount\",\n        \"admin:RemoveServiceAccount\",\n        \"admin:ListServiceAccounts\"\n      ]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"s3:CreateBucket\",\n        \"s3:DeleteBucket\",\n        \"s3:ForceDeleteBucket,\n        \"s3:ListAllMyBuckets\"\n      ],\n      \"Resource\": [\n        \"arn:aws:s3:::*\"\n      ]\n    }\n  ]\n}\nEOF\n```\n\nThen assign the policy to the service account:\n\n```sh\nmc admin user svcacct edit myminio \u003cACCESS_KEY\u003e --policy policy.json\n```\n\n### Running on the cluster\n\n#### Install Custom Resources and deploy the controller\n\n```sh\nkubectl apply -f https://raw.githubusercontent.com/linka-cloud/minio-bucket-controller/main/deploy/manifests.yaml\n```\n\nThe controller should soon be running:\n\n```sh\nkubectl get po -n minio-bucket-controller-system \n```\n```\nNAME                                                          READY   STATUS    RESTARTS   AGE\nminio-bucket-controller-controller-manager-857dd9d7ff-279n6   2/2     Running   0          12m\n```\n\nCreate the BucketProvider and the secret containing the credentials:\n\n```sh\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: v1\nkind: Secret\nmetadata:\n  name: minio-bucket-controller-credentials\n  namespace: minio-bucket-controller-system\nstringData:\n  MINIO_ACCESS_KEY: $MINIO_ACCESS_KEY\n  MINIO_SECRET_KEY: $MINIO_SECRET_KEY\n---\napiVersion: s3.linka.cloud/v1alpha1\nkind: BucketProvider\nmetadata:\n  name: my-bucket-provider\n  annotations:\n    s3.linka.cloud/is-default-provider: \"\"\nspec:\n  endpoint: $MINIO_ENDPOINT\n  # uncomment if you don't use tls\n  # insecure: true\n  accessKey:\n    name: minio-bucket-controller-credentials\n    namespace: minio-bucket-controller-system\n    key: MINIO_ACCESS_KEY\n  secretKey:\n    name: minio-bucket-controller-credentials\n    namespace: minio-bucket-controller-system\n    key: MINIO_SECRET_KEY\nEOF\n```\n\n#### Create a sample bucket and a sample application\n\nWe can now create a Bucket resource:\n\n```sh\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: s3.linka.cloud/v1alpha1\nkind: Bucket\nmetadata:\n  labels:\n    app.kubernetes.io/name: bucket\n    app.kubernetes.io/instance: bucket-sample\n    app.kubernetes.io/part-of: minio-bucket-controller\n    app.kubernetes.io/managed-by: kustomize\n    app.kubernetes.io/created-by: minio-bucket-controller\n  name: bucket-sample\n  namespace: default\nspec:\n  reclaimPolicy: Delete\n  secretName: bucket-sample-creds\n  secretTemplate:\n    config.json: |\n      {\n        \"version\": \"10\",\n        \"aliases\": {\n          \"minio\": {\n            \"url\": \"http{{ if .Secure }}s{{ end }}://{{ .Endpoint }}\",\n            \"accessKey\": \"{{ .AccessKey }}\",\n            \"secretKey\": \"{{ .SecretKey }}\",\n            \"api\": \"s3v4\",\n            \"path\": \"auto\"\n          }\n        }\n      }\nEOF\n```\n\nValidate that the bucket has been created:\n\n```sh\nkubectl get buckets -n default\n```\n\n```yaml\nNAME            RECLAIM   STATUS   SECRET                AGE\nbucket-sample   Delete    Ready    bucket-sample-creds   2s\n```\n\nAnd that the secret has been created:\n\n```sh\nkubectl describe secret -n default bucket-sample-creds\n```\n\n```\nName:         bucket-sample-creds\nNamespace:    default\nLabels:       \u003cnone\u003e\nAnnotations:  \u003cnone\u003e\n\nType:  Opaque\n\nData\n====\nconfig.json:       254 bytes\nMINIO_ACCESS_KEY:  20 bytes\nMINIO_BUCKET:      13 bytes\nMINIO_ENDPOINT:    18 bytes\nMINIO_SECRET_KEY:  40 bytes\nMINIO_SECURE:      4 bytes\n```\n\nYou can get more information about the bucket, like the created minio service account and the endpoint:\n\n```sh\nkubectl get buckets -n default -o wide\n```\n\n```\nNAME            RECLAIM   STATUS   ENDPOINT             SERVICE ACCOUNT   SECRET                AGE\nbucket-sample   Delete    Ready    myminio:9000         bucket-sample     bucket-sample-creds   6s\n```\n\nWe can now create a sample application that uses the bucket.\n\nThe deployment uses the secret to configure the `mc` client and then runs a container that does nothing but keep the pod alive:\n\n```sh\ncat \u003c\u003cEOF | kubectl apply -f -\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: bucket-sample-mc\n  namespace: default\n  labels:\n    app: bucket-sample-mc\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: bucket-sample-mc\n  template:\n    metadata:\n      name: bucket-sample-mc\n      labels:\n        app: bucket-sample-mc\n    spec:\n      containers:\n      - name: mc\n        image: minio/mc\n        imagePullPolicy: IfNotPresent\n        command:\n        - /bin/sh\n        args:\n        - -c\n        - tail -f /dev/null\n        volumeMounts:\n        - name: mc-config\n          mountPath: /root/.mc/config.json\n          subPath: config.json\n      restartPolicy: Always\n      volumes:\n      - name: mc-config\n        secret:\n          secretName: bucket-sample-creds\nEOF\n```\n\nIt should soon be running:\n\n```sh\nkubectl get deployments.apps -n default bucket-sample-mc \n```\n\n```\nNAME               READY   UP-TO-DATE   AVAILABLE   AGE\nbucket-sample-mc   1/1     1            1           3s   \n```\n\nYou can now exec into the pod and run `mc` commands:\n\n```sh\nkubectl exec -n default -i -t deployments/bucket-sample-mc -- mc ls minio\n```\n\n```\nmc: Successfully created `/root/.mc/share`.\nmc: Initialized share uploads `/root/.mc/share/uploads.json` file.\nmc: Initialized share downloads `/root/.mc/share/downloads.json` file.\n[2023-12-07 18:01:12 UTC]     0B bucket-sample/\n```\n\n#### Cleanup\n\n```sh\nkubectl delete -n default deploy bucket-sample-mc\nkubectl delete -n default bucket bucket-sample\n```\n\n### Uninstall\n\nAlways delete the Buckets before uninstalling the controller, or the buckets will be stuck in the **Deleting** state.\n\n**Warning**: This will delete all the created buckets with `reclaimPolicy` set to `Delete`.\n\n```sh\nkubectl delete buckets.s3.linka.cloud --all --all-namespaces\nkubectl delete -f https://raw.githubusercontent.com/linka-cloud/minio-bucket-controller/main/deploy/manifests.yaml\n```\n\n## License\n\nCopyright 2023.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinka-cloud%2Fminio-bucket-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flinka-cloud%2Fminio-bucket-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flinka-cloud%2Fminio-bucket-controller/lists"}