Topic

Kubernetes Object Provisioning & Policy

Kubernetes-native provisioning and management of S3 buckets using operators, the Container Object Storage Interface (COSI), and declarative policy. Bridges the Kubernetes declarative model with object storage lifecycle.

5 connections 3 resources

Summary

What it is

Where it fits

As cloud-native applications run on Kubernetes, teams need to provision S3 buckets the same way they provision PVCs — declaratively, with RBAC and policy. This topic covers the integration layer between K8s resource management and object storage.

Misconceptions / Traps

COSI is not yet GA in Kubernetes. It is an evolving standard. Production use requires evaluating the maturity of specific COSI drivers for your storage backend.
Kubernetes operators for object storage (Rook, MinIO Operator) manage the storage system, not individual buckets. Bucket-level provisioning is a separate concern.

Key Connections

scoped_to S3, Object Storage — managing S3 resources from Kubernetes
Container Object Storage Interface (COSI) scoped_to Kubernetes Object Provisioning & Policy — the K8s-native standard
Rook scoped_to Kubernetes Object Provisioning & Policy — K8s operator for Ceph-based S3
solves Policy Sprawl — centralized declarative policy for bucket provisioning

Definition

What it is

Integrating S3-compatible object storage provisioning, access control, and lifecycle management into Kubernetes-native workflows using operators, CSI drivers, and custom resources.

Why it exists

Kubernetes has become the default orchestration platform for data workloads, but S3 bucket provisioning remains outside Kubernetes' declarative model. Bridging this gap enables GitOps-driven storage management.

Recent developments

Latest signals

COSI (Container Object Storage Interface) is the standardized Kubernetes-native API. COSI standardizes provisioning + consuming object storage in Kubernetes — analogous to CSI for block/file storage. Defines Kubernetes resources (Bucket, BucketClaim, BucketClass, BucketAccess, BucketAccessClass) that abstract the underlying provider. Per Kubernetes Blog — Introducing COSI: Object Storage Management Using Kubernetes APIs.
Multi-vendor COSI driver landscape (2026): Rook (Ceph), IBM, Scality, Garage. Cross-vendor driver implementations now span open-source Ceph (via Rook), IBM's vendor-agnostic s3-iam-cosi-driver, Scality's RING-specific driver, and the Garage-operator's optional COSI driver. The driver-cohort breadth validates COSI as the cross-vendor standard. Per GitHub — IBM/s3-iam-cosi-driver, GitHub — scality/cosi-driver, and GitHub — rajsinghtech/garage-operator.
Rook COSI driver supersedes ObjectBucketClaim API. Rook (the Kubernetes-native Ceph operator) ships its COSI driver as the new bucket-provisioning surface — older ObjectBucketClaim API is deprecated. Migration is now part of the standard Rook upgrade path. Per OneUptime — How to Use COSI with Rook (March 2026).
S3-IAM COSI Driver portability: any S3 provider supporting IAM Users + Bucket Policies. IBM's reference implementation works across any S3-compatible provider that supports IAM Users + Bucket Policies — single COSI driver covers AWS S3, MinIO, Ceph, others. The cross-provider portability promise of COSI in working form. Per GitHub — IBM/s3-iam-cosi-driver.
Self-service + administration separation is the COSI value proposition. Self-service via the Kubernetes API + clear delineation between administration (cluster admin defining BucketClass) and consumption (developer creating BucketClaim) is the core COSI value-prop. Vendor neutrality via the standard interface is the second. Per Scality Solved — COSI Driver for Kubernetes: Simplified Object Storage.
5-tool Kubernetes object-storage integration landscape (Backblaze 2026 roundup). Backblaze's 2026 roundup enumerates 5 production-credible Kubernetes-object-storage integration tools — Rook + CSI drivers + COSI drivers + S3 proxy operators + dedicated migration tools. The "Kubernetes + object storage" space has matured into a documented tool category. Per Backblaze — 5 Tools to Integrate Object Storage and Kubernetes.