RustFS
विहंगावलोकन
RustFS is an Apache-2.0 S3-compatible object store written in Rust,
bundled with इलम as a sub-chart of helm_aio. The upstream chart is
published at https://charts.rustfs.com.
In the 6.7.x line RustFS ships bundled but disabled
(rustfs.enabled=false); मिनियो remains the default provider. RustFS
is planned to become the default object storage backend in 6.8.0. Until
then it is enabled explicitly, as shown below.
| Property | मूल्य |
|---|---|
| लाइसेंस | Apache-2.0 |
| Status in Ilum | Bundled, opt-in (planned default in 6.8.0) |
| Bundled chart | RustFS chart 0.0.99 (upstream app version 1.0.0-alpha.99) |
| Bundled image | ilum/rustfs:1.0.0-beta.1 (custom build, see below) |
Default in helm_aio | Disabled (rustfs.enabled=false) |
| Distributed mode | Available upstream but marked "under testing"; the bundled defaults configure standalone mode with a single PersistentVolumeClaim |
| Console UX | Embedded same-origin iframe at /rustfs/console/ |
| OIDC integration | Operator-supplied via rustfs.extraEnv; not auto-wired |
When to use RustFS
- New इलम installs that want the project's current default.
- Existing मिनियो installs that want to move to a permissively licensed storage layer (Apache-2.0 vs the मिनियो server's AGPL-3.0).
- Deployments that benefit from a smaller, Rust-based footprint at modest scale.
Enable RustFS as the active provider
In the 6.7.x line मिनियो is enabled by default, so RustFS must be turned on explicitly. On a net-new installation, enable RustFS and disable मिनियो:
helm install ilum ilum/helm_aio \
--अस्त हो rustfs.enabled=सच्चा \
--अस्त हो minio.enabled=गलत
On an existing मिनियो install, follow the migration playbook in Migrate Between Providers. The playbook keeps मिनियो running side by side until the operator explicitly acknowledges the cutover.
From 6.8.0, RustFS is planned to become the default provider
(rustfs.enabled=true, minio.enabled=false). On 6.8.0 and later, a
net-new install will select RustFS with no flags. The instructions
above apply to the 6.7.x line.
Why Ilum ships a custom image
The upstream RustFS console hardcodes its admin and S3 API endpoints
to the host root. Embedding it in the इलम UI as a same-origin
iframe would collide with the इलम SPA routes at /. The bundled
ilum/rustfs:1.0.0-beta.1 image carries a patched console built with
NEXT_PUBLIC_API_PREFIX=/rustfs/api. The patched build sends every S3
and admin request through /rustfs/api/... and strips the prefix from
the SigV4 canonical string before signing. The इलम UI's nginx
reverse proxy then strips /rustfs/api/ and forwards the un-prefixed
request to the RustFS server, which verifies the signature against
the same un-prefixed path.
The patch is being upstreamed to github.com/rustfs/console. Once the
upstream tag includes the NEXT_PUBLIC_API_PREFIX knob, इलम will
switch back to the stock upstream image.
The image build pipeline lives in ops/docker/ilum-rustfs/ में
इलम monorepo.
Registry entry
The chart ships the following registry defaults for RustFS:
objectStorage:
providers:
rustfs:
consolePath: /rustfs/console/
consoleMode: same-origin
वही consoleMode: same-origin instructs the इलम UI to load the
console iframe directly at /rustfs/console/ rather than rewriting the
path. The patched console assets resolve relative to that base path.
Credentials
RustFS root credentials are sourced from the shared
ilum-objectstorage-credentials Secret, not from the rustfs.secret
block. The chart sets rustfs.secret.existingSecret: ilum-objectstorage-credentials,
which exposes the credentials to the RustFS Pod as the
RUSTFS_ACCESS_KEY / RUSTFS_SECRET_KEY environment variables.
The default credentials for a net-new install are:
| Field | चूक |
|---|---|
| Access key (admin user) | शासन |
| Secret key (admin password) | admin12345 |
These are the credentials used both for the embedded admin console at
/rustfs/console/ and for S3 API access. They are defined once in the
chart under objectStorage.credentials (accessKey / secretKey).
rustfs.secret.rustfs literalsवही rustfs.secret.rustfs.access_key / secret_key values in
मान.yaml (shipped as शासन / शासन) are ignored whenever
rustfs.secret.existingSecret is set, which is the bundled default. They
are consulted only for standalone RustFS chart installs that bypass
helm_aio. The active console and S3 credentials are always the
objectStorage.credentials pair above (शासन / admin12345).
The secret key default is 10 characters because the bundled mc client
rejects secret keys shorter than 8 characters; operators overriding it
must keep it at 8 or more. To rotate credentials, edit the shared
Secret and restart the consuming Pods as described in
Rotate Object Storage Credentials.
Prometheus metrics
RustFS observability is in active development at the time of this
writing. The upstream rustfs-obs crate ships OpenTelemetry-based
metrics, logs, and traces. A stable /metrics Prometheus-format
endpoint has not yet been documented in the upstream README, and
community issues
(rustfs/rustfs#796,
rustfs/rustfs#1228)
track the work.
Until the upstream endpoint stabilizes, operators that need
Prometheus-format RustFS metrics today should run the upstream's
OTel collector reference stack (Grafana, Prometheus, and Jaeger) from
the RustFS project's docker-compose.yml. Configure the
RUSTFS_OBS_ENDPOINT environment variable in rustfs.extraEnv to
point at the collector. This integration is operator-driven; इलम
does not wire it automatically.
For Loki log shipping from the इलम core services (which write to
the इलम फ़ाइलें bucket on whichever provider is active), refer to the
existing observability documentation. The log path is provider-agnostic.
Known limitations
- Alpha upstream status. The bundled RustFS chart
0.0.99advertises app version1.0.0-alpha.99. Distributed mode is marked "under testing" in the upstreamREADME. The bundled defaults run in standalone mode with a single replica and a single PVC. - No Hydra OIDC auto-wiring in 6.7.2-RC2. Operators that need OIDC
against the RustFS console must supply the integration through
rustfs.extraEnvdirectly. The integration will stabilize in a future release. - Patched console fork. Until the upstream
NEXT_PUBLIC_API_PREFIXpatch lands, इलम pins a custom image. The fork is small (under 50 lines across five files plus one new file) and tracked inops/docker/ilum-rustfs/README.md.
Disable RustFS
To roll back to मिनियो or to disable RustFS in favour of an
external S3 provider, set rustfs.enabled=false. The pre-upgrade hook
detects existing RustFS PersistentVolumeClaims and refuses to
proceed if disabling RustFS would orphan data. Follow
Migrate Between Providers to
disable RustFS safely.
Reference
- Upstream chart on Artifact Hub: rustfs/rustfs
- Upstream server source: github.com/rustfs/rustfs
- इलम image source:
ops/docker/ilum-rustfs/in the monorepo - Migration: Migrate Between Providers
- प्रत्यय-पत्र: Rotate Object Storage Credentials
- Helm values: Object Storage Helm Values