मुख्य विषयवस्तु में जाएं

RustFS

विहंगावलोकन

RustFS is an Apache-2.0 S3-compatible object store written in Rust, bundled with इलम as a sub-chart of helm_aio. The upstream chart is published at https://charts.rustfs.com.

In the 6.7.x line RustFS ships bundled but disabled (rustfs.enabled=false); मिनियो remains the default provider. RustFS is planned to become the default object storage backend in 6.8.0. Until then it is enabled explicitly, as shown below.

Propertyमूल्य
लाइसेंसApache-2.0
Status in IlumBundled, opt-in (planned default in 6.8.0)
Bundled chartRustFS chart 0.0.99 (upstream app version 1.0.0-alpha.99)
Bundled imageilum/rustfs:1.0.0-beta.1 (custom build, see below)
Default in helm_aioDisabled (rustfs.enabled=false)
Distributed modeAvailable upstream but marked "under testing"; the bundled defaults configure standalone mode with a single PersistentVolumeClaim
Console UXEmbedded same-origin iframe at /rustfs/console/
OIDC integrationOperator-supplied via rustfs.extraEnv; not auto-wired

When to use RustFS

  • New इलम installs that want the project's current default.
  • Existing मिनियो installs that want to move to a permissively licensed storage layer (Apache-2.0 vs the मिनियो server's AGPL-3.0).
  • Deployments that benefit from a smaller, Rust-based footprint at modest scale.

Enable RustFS as the active provider

In the 6.7.x line मिनियो is enabled by default, so RustFS must be turned on explicitly. On a net-new installation, enable RustFS and disable मिनियो:

helm install ilum ilum/helm_aio \
--अस्त हो rustfs.enabled=सच्चा \
--अस्त हो minio.enabled=गलत

On an existing मिनियो install, follow the migration playbook in Migrate Between Providers. The playbook keeps मिनियो running side by side until the operator explicitly acknowledges the cutover.

Planned default change

From 6.8.0, RustFS is planned to become the default provider (rustfs.enabled=true, minio.enabled=false). On 6.8.0 and later, a net-new install will select RustFS with no flags. The instructions above apply to the 6.7.x line.

Why Ilum ships a custom image

The upstream RustFS console hardcodes its admin and S3 API endpoints to the host root. Embedding it in the इलम UI as a same-origin iframe would collide with the इलम SPA routes at /. The bundled ilum/rustfs:1.0.0-beta.1 image carries a patched console built with NEXT_PUBLIC_API_PREFIX=/rustfs/api. The patched build sends every S3 and admin request through /rustfs/api/... and strips the prefix from the SigV4 canonical string before signing. The इलम UI's nginx reverse proxy then strips /rustfs/api/ and forwards the un-prefixed request to the RustFS server, which verifies the signature against the same un-prefixed path.

The patch is being upstreamed to github.com/rustfs/console. Once the upstream tag includes the NEXT_PUBLIC_API_PREFIX knob, इलम will switch back to the stock upstream image.

The image build pipeline lives in ops/docker/ilum-rustfs/ में इलम monorepo.

Registry entry

The chart ships the following registry defaults for RustFS:

objectStorage:
providers:
rustfs:
consolePath: /rustfs/console/
consoleMode: same-origin

वही consoleMode: same-origin instructs the इलम UI to load the console iframe directly at /rustfs/console/ rather than rewriting the path. The patched console assets resolve relative to that base path.

Credentials

RustFS root credentials are sourced from the shared ilum-objectstorage-credentials Secret, not from the rustfs.secret block. The chart sets rustfs.secret.existingSecret: ilum-objectstorage-credentials, which exposes the credentials to the RustFS Pod as the RUSTFS_ACCESS_KEY / RUSTFS_SECRET_KEY environment variables.

The default credentials for a net-new install are:

Fieldचूक
Access key (admin user)शासन
Secret key (admin password)admin12345

These are the credentials used both for the embedded admin console at /rustfs/console/ and for S3 API access. They are defined once in the chart under objectStorage.credentials (accessKey / secretKey).

Ignore the rustfs.secret.rustfs literals

वही rustfs.secret.rustfs.access_key / secret_key values in मान.yaml (shipped as शासन / शासन) are ignored whenever rustfs.secret.existingSecret is set, which is the bundled default. They are consulted only for standalone RustFS chart installs that bypass helm_aio. The active console and S3 credentials are always the objectStorage.credentials pair above (शासन / admin12345).

The secret key default is 10 characters because the bundled mc client rejects secret keys shorter than 8 characters; operators overriding it must keep it at 8 or more. To rotate credentials, edit the shared Secret and restart the consuming Pods as described in Rotate Object Storage Credentials.

Prometheus metrics

RustFS observability is in active development at the time of this writing. The upstream rustfs-obs crate ships OpenTelemetry-based metrics, logs, and traces. A stable /metrics Prometheus-format endpoint has not yet been documented in the upstream README, and community issues (rustfs/rustfs#796, rustfs/rustfs#1228) track the work.

Until the upstream endpoint stabilizes, operators that need Prometheus-format RustFS metrics today should run the upstream's OTel collector reference stack (Grafana, Prometheus, and Jaeger) from the RustFS project's docker-compose.yml. Configure the RUSTFS_OBS_ENDPOINT environment variable in rustfs.extraEnv to point at the collector. This integration is operator-driven; इलम does not wire it automatically.

For Loki log shipping from the इलम core services (which write to the इलम फ़ाइलें bucket on whichever provider is active), refer to the existing observability documentation. The log path is provider-agnostic.

Known limitations

  • Alpha upstream status. The bundled RustFS chart 0.0.99 advertises app version 1.0.0-alpha.99. Distributed mode is marked "under testing" in the upstream README. The bundled defaults run in standalone mode with a single replica and a single PVC.
  • No Hydra OIDC auto-wiring in 6.7.2-RC2. Operators that need OIDC against the RustFS console must supply the integration through rustfs.extraEnv directly. The integration will stabilize in a future release.
  • Patched console fork. Until the upstream NEXT_PUBLIC_API_PREFIX patch lands, इलम pins a custom image. The fork is small (under 50 lines across five files plus one new file) and tracked in ops/docker/ilum-rustfs/README.md.

Disable RustFS

To roll back to मिनियो or to disable RustFS in favour of an external S3 provider, set rustfs.enabled=false. The pre-upgrade hook detects existing RustFS PersistentVolumeClaims and refuses to proceed if disabling RustFS would orphan data. Follow Migrate Between Providers to disable RustFS safely.

Reference