provider-exoscale-sos

provider-exoscale-sos is a Crossplane provider built with Upjet that exposes Exoscale Simple Object Storage (SOS) resources as Kubernetes custom resources.

Note: This provider is generated from the AWS S3 Terraform provider. Exoscale SOS implements the S3-compatible API, so most common operations work seamlessly. A small number of AWS-specific features (such as certain IAM ARN formats or AWS-proprietary storage classes) are not available on Exoscale SOS.

This provider is designed to be used alongside provider-exoscale, which manages IAM roles and other Exoscale resources required for advanced SOS configurations such as cross-zone bucket replication.

Source and full list of managed resources: Upbound Marketplace

Prerequisites

An existing Kubernetes cluster
kubectl installed and configured
Helm installed
An Exoscale account with API credentials

Install Crossplane

helm repo add crossplane-stable https://charts.crossplane.io/stable
helm repo update

helm install crossplane crossplane-stable/crossplane \
  --namespace crossplane-system \
  --create-namespace

kubectl wait deployment crossplane \
  --namespace crossplane-system \
  --for=condition=Available \
  --timeout=120s

Install the Provider

export PROVIDER_EXOSCALE_SOS_VERSION=v0.1.0

cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-exoscale-sos
spec:
  package: xpkg.upbound.io/exoscale/provider-exoscale-sos:$PROVIDER_EXOSCALE_SOS_VERSION
EOF

kubectl wait provider/provider-exoscale-sos \
  --for=condition=Healthy \
  --timeout=120s

Configure

Exoscale SOS is zone-specific: each zone exposes its own S3-compatible endpoint. Create one ClusterProviderConfig per zone, each referencing a secret that includes the endpoint URL for that zone.

export EXOSCALE_API_KEY=<your-api-key>
export EXOSCALE_API_SECRET=<your-api-secret>

kubectl create secret generic exoscale-credentials-ch-gva-2 \
  --namespace crossplane-system \
  --from-literal=credentials="{\"key\": \"$EXOSCALE_API_KEY\", \"secret\": \"$EXOSCALE_API_SECRET\", \"endpoint\": \"https://sos-ch-gva-2.exo.io\"}"

cat <<EOF | kubectl apply -f -
apiVersion: sos.m.exoscale.ch/v1beta1
kind: ClusterProviderConfig
metadata:
  name: sos-ch-gva-2
spec:
  credentials:
    source: Secret
    secretRef:
      name: exoscale-credentials-ch-gva-2
      namespace: crossplane-system
      key: credentials
EOF

Usage

Bucket names must be globally unique. The example below uses $(date +%N) (nanoseconds) as a suffix to avoid collisions:

export BUCKET=my-bucket-$(date +%N)

cat <<EOF | kubectl apply -f -
apiVersion: sos.sos.m.exoscale.ch/v1alpha1
kind: Bucket
metadata:
  name: $BUCKET
  namespace: crossplane-system
spec:
  forProvider: {}
  providerConfigRef:
    kind: ClusterProviderConfig
    name: sos-ch-gva-2
EOF

kubectl wait bucket.sos.sos.m.exoscale.ch/$BUCKET \
  --namespace crossplane-system \
  --for=condition=Ready \
  --timeout=120s

Ready-to-use example manifests for all supported resources — including a full cross-zone replication setup using provider-exoscale for IAM — are available in github readme.md.

Last updated on May 13, 2026

provider-exoscale