MinIO
Overview
MinIO is the historical default object storage backend for Ilum and
remains fully supported as an opt-in provider. The Bitnami MinIO chart
is bundled as a sub-chart of helm_aio and renders when minio.enabled is
true.
| Property | Value |
|---|---|
| License | AGPL-3.0 (server), Apache-2.0 (client mc) |
| Status in Ilum | Supported, opt-in |
| Bundled chart | Bitnami minio-15.0.7 (mirrored via bitnamilegacy/minio) |
Default in helm_aio | Disabled (minio.enabled=false since 6.7.2-RC2) |
| Distributed mode | Supported, follow the Bitnami chart documentation |
| Console UX | Full administrative web console at /external/minio/ |
| OIDC integration | Supported via MINIO_IDENTITY_OPENID_* env vars (Hydra preconfigured) |
When to use MinIO
- An existing Ilum install was provisioned before RustFS shipped and the operator prefers to keep the proven storage layer unchanged.
- The deployment depends on MinIO-specific features such as bucket replication, lifecycle policies, IAM policy variables, or KMS integration that the current RustFS alpha does not yet match.
- A clustered, erasure-coded, multi-node distributed configuration is required today.
Enable MinIO as the active provider
To run Ilum on MinIO only, set the two Helm flags below. The
provider registry under objectStorage.providers.minio ships with
sensible defaults; the operator does not need to touch it for a standard
install.
helm upgrade ilum ilum/helm_aio \
--set rustfs.enabled=false \
--set minio.enabled=true
The ilum-objectstorage Service alias selects pods with label
app.kubernetes.io/name: minio and routes both consumer S3 traffic and
the Ilum UI's Object Storage iframe to MinIO.
Registry entry
The chart ships the following registry defaults for MinIO:
objectStorage:
providers:
minio:
consolePath: /external/minio/
consoleMode: nginx-rewrite
The consoleMode: nginx-rewrite instructs the Ilum UI's nginx
reverse proxy to redirect requests for /external/object-storage/ to
/external/minio/. MinIO pins its own console to that absolute URL
through the MINIO_BROWSER_REDIRECT_URL environment variable, so the
proxy cannot rewrite the path on the fly.
Prometheus metrics
MinIO exposes Prometheus-format metrics under /minio/metrics/v3,
with category-specific paths appended (for example, /minio/metrics/v3/api
and /minio/metrics/v3/cluster). Bearer-token authentication is
required by default. Generate a long-lived scrape token with the
bundled mc client:
kubectl -n ilum exec deploy/ilum-core -- \
mc admin prometheus generate ilum-objectstorage cluster
The command prints a sample Prometheus scrape_config block including
the bearer token. Splice the authorization.credentials value into the
Prometheus server's configuration.
Operators that prefer an unauthenticated endpoint can set
MINIO_PROMETHEUS_AUTH_TYPE=public on the MinIO deployment to
disable the bearer-token requirement. This change is irreversible
without a Pod restart.
For the full metrics catalog, refer to MinIO Prometheus metrics.
Known limitations
- Single-path console binding. The MinIO console is reachable
only at
/external/minio/. Operators serving Ilum behind a non-default base path must update both theMINIO_BROWSER_REDIRECT_URLvalue and theobjectStorage.providers.minio.consolePathentry. - Root credentials sealed at first install. MinIO records the
root user when its
Podstarts for the first time. Rotating the sharedilum-objectstorage-credentialsSecretafterwards does not change the live MinIO root user. To rotate MinIO credentials, follow the rotation procedure in Rotate Object Storage Credentials. - License. The MinIO server is licensed under AGPL-3.0. Operators redistributing Ilum with MinIO enabled should review the obligations that the AGPL imposes on hosted services.
Disable MinIO
To stop running MinIO after a migration to another provider, set
minio.enabled=false. The chart's pre-upgrade hook detects the existing
MinIO PersistentVolumeClaim and refuses to proceed if disabling
MinIO would orphan it without an acknowledged cutover. Follow the
documented migration procedure in
Migrate Between Providers to disable
MinIO safely.
Reference
- Bitnami chart documentation: bitnami/minio
- MinIO server documentation: min.io/docs/minio
- Migration: Migrate Between Providers
- Credentials: Rotate Object Storage Credentials
- Helm values: Object Storage Helm Values