[SeaweedFS] Migrate from MinIO to SeaweedFS as the S3-compatible storage backend

README.md

@@ -2,17 +2,17 @@
 
 This repo contains the Helm charts for the MLRun Community Edition (CE) - a full open source MLOps stack.
 
-The Open source MLRun ce chart includes the following stack:
+The Open source MLRun CE chart includes the following stack:
 
  * Nuclio - https://github.com/nuclio/nuclio
  * MLRun - https://github.com/mlrun/mlrun
  * Jupyter - https://github.com/jupyter/notebook (+MLRun integrated)
  * MPI Operator - https://github.com/kubeflow/mpi-operator
- * Minio - https://github.com/minio/minio/tree/master/helm/minio
+ * SeaweedFS - https://github.com/seaweedfs/seaweedfs (S3-compatible storage)
  * Spark Operator - https://github.com/GoogleCloudPlatform/spark-on-k8s-operator
  * Pipelines - https://github.com/kubeflow/pipelines
  * Prometheus stack - https://github.com/prometheus-community/helm-charts
 
+## Installation
 
- ## Installation
- Refer to the installation instructions in the [README](charts/mlrun-ce/README.md) of the `mlrun-ce` chart.
+Refer to the installation instructions in the [README](charts/mlrun-ce/README.md) of the `mlrun-ce` chart.

charts/mlrun-ce/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: mlrun-ce
-version: 0.11.0-rc8
+version: 0.11.0-rc9
 description: MLRun Open Source Stack
 home: https://iguazio.com
 icon: https://www.iguazio.com/wp-content/uploads/2019/10/Iguazio-Logo.png

charts/mlrun-ce/README.md

@@ -10,7 +10,7 @@ The Open source MLRun ce chart includes the following stack:
 * MLRun - https://github.com/mlrun/mlrun
 * Jupyter - https://github.com/jupyter/notebook (+MLRun integrated)
 * MPI Operator - https://github.com/kubeflow/mpi-operator
-* Minio - https://github.com/minio/minio/tree/master/helm/minio
+* SeaweedFS - https://github.com/seaweedfs/seaweedfs (S3-compatible storage)
 * Spark Operator - https://github.com/GoogleCloudPlatform/spark-on-k8s-operator
 * Pipelines - https://github.com/kubeflow/pipelines
 * Prometheus stack - https://github.com/prometheus-community/helm-charts
@@ -162,9 +162,9 @@ helm --namespace mlrun \
     --wait \
     ... other overrides ... \
     --set global.registry.url=${AWS_ACCOUNT}.dkr.ecr.${AWS_REGION}.amazonaws.com \
+    --set global.registry.secretName=ecr-registry-credentials \
     --set nuclio.dashboard.kaniko.registryProviderSecretName=aws-credentials \
     --set mlrun.defaultDockerRegistrySecretName=aws-credentials \
-    --set global.registry.secretName=ecr-registry-credentials \
     mlrun/mlrun-ce
 ```
 
@@ -173,19 +173,23 @@ helm --namespace mlrun \
 ## Usage
 
 Your applications are now available in your local browser:
-- jupyter-notebook - http://nodeipaddress:30040
-- nuclio - http://nodeipaddress:30050
-- mlrun UI - http://nodeipaddress:30060
-- mlrun API (external) - http://nodeipaddress:30070
-- minio API - http://nodeipaddress:30080
-- minio UI - http://nodeipaddress:30090
-- pipeline UI - http://nodeipaddress:30100
-- grafana UI - http://nodeipaddress:30110
-
+- Jupyter Notebook - http://nodeipaddress:30040
+- Nuclio - http://nodeipaddress:30050
+- MLRun UI - http://nodeipaddress:30060
+- MLRun API (external) - http://nodeipaddress:30070
+- SeaweedFS Admin UI (user/policy management) - http://nodeipaddress:30093
+- Pipeline UI - http://nodeipaddress:30100
+- Grafana UI - http://nodeipaddress:30010
+- Prometheus UI - http://nodeipaddress:30020
+
+**With Ingress enabled**, the UI is available at:
+- `https://seaweedfs-admin.<namespace>.<cluster>.lab.iguazeng.com`
 
 > **Note:**
 > The above links assume your Kubernetes cluster is exposed on localhost.
 > If that's not the case, the different components will be available on `externalHostAddress`
+>
+> For production deployments, consider enabling ingress for each service instead of using NodePorts.
 
 ## Start Working
 
@@ -278,6 +282,6 @@ Refer to the [**Kubeflow documentation**](https://www.kubeflow.org/docs/started/
 
 This table shows the versions of the main components in the MLRun CE chart:
 
-| MLRun CE   | MLRun  | Nuclio   | Jupyter lab | MPI Operator | Minio                        | Spark Operator | Pipelines | Kube-Prometheus-Stack | Prometheus | Grafana |
-|------------|--------|----------|-------------|--------------|------------------------------|----------------|-----------|-----------------------|------------|---------|
-| **0.10.0** | 1.10.0 | 1.15.9   | 4.5.0       |  0.2.3       | RELEASE.2024-04-18T19-09-19Z | 2.1.0          | 2.14.3    | 0.82.0                | 3.3.1      | 11.6.1  |
+| MLRun CE   | MLRun  | Nuclio | Jupyter | MPI Operator | SeaweedFS | Spark Operator | Pipelines | Kube-Prometheus-Stack |
+|------------|--------|--------|---------|--------------|-----------|----------------|-----------|-----------------------|
+| **0.11.0** | 1.11.0 | 1.15.9 | 4.5.0   | 0.2.3        | 4.0.407   | 2.1.0          | 2.14.3    | 72.1.1                |

charts/mlrun-ce/admin_installation_values.yaml

@@ -36,7 +36,7 @@ mpi-operator:
   deployment:
     create: false
 
-minio:
+seaweedfs:
   enabled: false
 
 spark-operator:

charts/mlrun-ce/non_admin_cluster_ip_installation_values.yaml

@@ -35,17 +35,8 @@ mpi-operator:
     clusterResources:
       create: false
 
-minio:
-  service:
-    type: ClusterIP
-    port: 9000
-    nodePort: ""
-  consoleService:
-    type: ClusterIP
-    port: 9001
-    nodePort: ""
-  mode: standalone
-  replicas: 1
+seaweedfs:
+  enabled: true
 
 timescaledb:
   service:

charts/mlrun-ce/non_admin_installation_values.yaml

@@ -34,17 +34,8 @@ mpi-operator:
     clusterResources:
       create: false
 
-minio:
-  service:
-    type: NodePort
-    port: 9000
-    nodePort: 30080
-  consoleService:
-    type: NodePort
-    port: 9001
-    nodePort: 30090
-  mode: standalone
-  replicas: 1
+seaweedfs:
+  enabled: true
 
 spark-operator:
   enabled: false

charts/mlrun-ce/requirements.lock

@@ -8,9 +8,9 @@ dependencies:
 - name: mpi-operator
   repository: https://v3io.github.io/helm-charts/stable
   version: 0.6.0
-- name: minio
-  repository: https://charts.min.io/
-  version: 5.2.0
+- name: seaweedfs
+  repository: https://seaweedfs.github.io/seaweedfs/helm
+  version: 4.0.407
 - name: spark-operator
   repository: https://kubeflow.github.io/spark-operator
   version: 2.1.0
@@ -20,5 +20,5 @@ dependencies:
 - name: strimzi-kafka-operator
   repository: https://strimzi.io/charts/
   version: 0.48.0
-digest: sha256:542955b13f2da791768eebe8e25092a8977fba987259ebe6ad85e4b977a7963b
-generated: "2026-01-14T13:52:54.335415+02:00"
+digest: sha256:f87ec580f73178cfc897d57e26f5d7b049900f1b7ef75bfe198ca327eb2ed06d
+generated: "2026-02-12T23:52:46.490844+02:00"

charts/mlrun-ce/requirements.yaml

@@ -9,10 +9,10 @@ dependencies:
   - name: mpi-operator
     version: "0.6.0"
     repository: "https://v3io.github.io/helm-charts/stable"
-  - name: minio
-    repository: "https://charts.min.io/"
-    version: "5.2.0"
-    condition: minio.enabled
+  - name: seaweedfs
+    repository: "https://seaweedfs.github.io/seaweedfs/helm"
+    version: "4.0.407"
+    condition: seaweedfs.enabled
   - name: spark-operator
     repository: "https://kubeflow.github.io/spark-operator"
     version: "2.1.0"

charts/mlrun-ce/templates/NOTES.txt

@@ -1,5 +1,10 @@
-{{- if or (.Values.jupyterNotebook.enabled) (.Values.mlrun.enabled) (.Values.minio.enabled) (.Values.pipelines.enabled) (index .Values "kube-prometheus-stack" "enabled") }}
+{{- if or (.Values.jupyterNotebook.enabled) (.Values.mlrun.enabled) (.Values.seaweedfs.enabled) (.Values.pipelines.enabled) (index .Values "kube-prometheus-stack" "enabled") }}
 You're up and running!
+{{- if and .Values.pipelines.enabled (not .Values.seaweedfs.enabled) }}
+⚠️  WARNING: seaweedfs.enabled must be set to true when using pipelines
+    for storing pipeline artifacts. Pipelines may not work correctly
+    without an S3-compatible storage backend!
+{{- end }}
 
 {{- if .Values.jupyterNotebook.enabled }}
 {{- "\n" }}
@@ -57,41 +62,29 @@ mlrun-api.{{ .Values.global.externalHostAddress }}
 {{- end }}
 {{- end }}
 
-{{- if .Values.minio.enabled }}
-{{- if ne .Values.global.infrastructure.kind "aws" }}
-{{- "\n" }}
-Minio UI is available at:
-{{- if .Values.minio.ingress.enabled }}
-{{ (index .Values.minio.consoleIngress.hosts 0) }}
-{{- else }}
-{{ .Values.global.externalHostAddress }}:{{ .Values.minio.consoleService.nodePort }}
-{{- end }}
--  username: {{ .Values.minio.rootUser }}
--  password: {{ .Values.minio.rootPassword }}
-{{- end }}
-{{- end }}
 
-{{- if .Values.minio.enabled }}
+{{- if .Values.seaweedfs.enabled }}
 {{- if ne .Values.global.infrastructure.kind "aws" }}
+{{- if and .Values.seaweedfs.admin .Values.seaweedfs.admin.enabled }}
 {{- "\n" }}
-Minio API is available at:
-{{- if .Values.minio.ingress.enabled }}
-{{ (index .Values.minio.ingress.hosts 0) }}
+SeaweedFS Admin UI is available at:
+{{- if and .Values.seaweedfs.adminService .Values.seaweedfs.adminService.ingress .Values.seaweedfs.adminService.ingress.enabled }}
+{{ .Values.seaweedfs.adminService.ingress.host }}
 {{- else }}
-{{ .Values.global.externalHostAddress }}:{{ .Values.minio.service.nodePort }}
+{{ .Values.global.externalHostAddress }}:{{ .Values.seaweedfs.adminService.nodePort | default 30093 }}
+{{- end }}
+-  S3 credentials: minio / minio123
 {{- end }}
 {{- end }}
 {{- end }}
 
-{{- if and .Values.pipelines.enabled  .Values.pipelines.ui.enabled -}} }}
+{{- if and .Values.pipelines.enabled .Values.pipelines.ui.enabled }}
 {{- if ne .Values.global.infrastructure.kind "aws" }}
-{{- if not .Values.minio.ingress.enabled }}
 {{- "\n" }}
 Pipelines UI is available at:
 {{ .Values.global.externalHostAddress }}:{{ .Values.pipelines.service.nodePort }}
 {{- end }}
 {{- end }}
-{{- end }}
 
 {{- if index .Values "kube-prometheus-stack" "enabled" }}
 {{- "\n" }}

charts/mlrun-ce/templates/_helpers.tpl

@@ -123,25 +123,75 @@ Create chart name and version as used by the chart label.
 {{- end -}}
 
 {{/*
-Minio Service URL
+=============================================================================
+S3 Storage Backend Helpers
+Supports both MinIO and SeaweedFS as S3-compatible storage backends
+=============================================================================
+*/}}
+
+{{/*
+S3 Service URL - returns the endpoint URL for SeaweedFS
+*/}}
+{{- define "mlrun-ce.s3.service.url" -}}
+http://seaweedfs-s3.{{.Release.Namespace}}.svc.cluster.local:{{ .Values.seaweedfs.s3.port }}
+{{- end -}}
+
+{{/*
+S3 Service Host - returns just the hostname for pipeline config
+*/}}
+{{- define "mlrun-ce.s3.service.host" -}}
+seaweedfs-s3.{{.Release.Namespace}}.svc.cluster.local
+{{- end -}}
+
+{{/*
+S3 Service Port - returns the port for pipeline config
+*/}}
+{{- define "mlrun-ce.s3.service.port" -}}
+{{- .Values.seaweedfs.s3.port | toString -}}
+{{- end -}}
+
+{{/*
+S3 Access Key - uses top-level s3.accessKey for all components (MLRun, Jupyter, Pipelines)
+*/}}
+{{- define "mlrun-ce.s3.accessKey" -}}
+{{- .Values.s3.accessKey -}}
+{{- end -}}
+
+{{/*
+S3 Secret Key - uses top-level s3.secretKey for all components (MLRun, Jupyter, Pipelines)
+*/}}
+{{- define "mlrun-ce.s3.secretKey" -}}
+{{- .Values.s3.secretKey -}}
+{{- end -}}
+
+{{/*
+S3 Bucket - uses top-level s3.bucket for all components
+*/}}
+{{- define "mlrun-ce.s3.bucket" -}}
+{{- .Values.s3.bucket -}}
+{{- end -}}
+
+{{/*
+Legacy Minio Service URL - kept for backward compatibility
 */}}
 {{- define "mlrun-ce.minio.service.url" -}}
-http://minio.{{.Release.Namespace}}.svc.cluster.local:{{ .Values.minio.service.port }}
+{{ include "mlrun-ce.s3.service.url" . }}
 {{- end -}}
 {{- define "mlrun-ce.minio-pipeline.service.url" -}}
-minio.{{.Release.Namespace}}.svc.cluster.local
+{{ include "mlrun-ce.s3.service.host" . }}
 {{- end -}}
 
 {{/*
 MLRun storage auto mount params
 Global toggle is for fast toggling between on-prem/standalone and s3 cases
 Can be overriden if params are explicitly specified
+Uses SeaweedFS as the storage backend
 */}}
 {{- define "mlrun.storage.auto.mount.params" -}}
   {{- if hasKey .Values.mlrun "storageAutoMountParams" -}}
     {{ .Values.mlrun.storageAutoMountParams }}
   {{- else if not .Values.global.infrastructure.aws.s3NonAnonymous -}}
-    "aws_access_key={{ .Values.minio.rootUser }},aws_secret_key={{ .Values.minio.rootPassword }},endpoint_url={{ include "mlrun-ce.minio.service.url" . }}"
+    "aws_access_key={{ include "mlrun-ce.s3.accessKey" . }},aws_secret_key={{ include "mlrun-ce.s3.secretKey" . }},endpoint_url={{ include "mlrun-ce.s3.service.url" . }}"
   {{- else -}}
     "non_anonymous=True"
   {{- end -}}

charts/mlrun-ce/templates/config/jupyter-env-configmap.yaml

@@ -5,11 +5,8 @@ kind: ConfigMap
 metadata:
   name: jupyter-common-env
 data:
-{{- if not .Values.global.infrastructure.aws.s3NonAnonymous }}
-  AWS_ENDPOINT_URL_S3: {{ include "mlrun-ce.minio.service.url" . }}
-  AWS_SECRET_ACCESS_KEY: {{ .Values.minio.rootPassword }}
-  AWS_ACCESS_KEY_ID: {{ .Values.minio.rootUser }}
-{{- end }}
+  # S3 credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_ENDPOINT_URL_S3)
+  # are now loaded from the 's3-credentials' Secret via envFrom secretRef
   MLRUN_STORAGE__AUTO_MOUNT_TYPE: {{ default "" .Values.mlrun.storageAutoMountType }}
   S3_NON_ANONYMOUS: {{ .Values.global.infrastructure.aws.s3NonAnonymous  | toString | title | quote | default "\"True\"" }}
   MLRUN_CE__MODE: {{ .Values.jupyterNotebook.ce.mode | default "full" }}

charts/mlrun-ce/templates/config/mlrun-env-configmap.yaml

@@ -11,11 +11,8 @@ data:
   MLRUN_STORAGE__AUTO_MOUNT_PARAMS: {{ include "mlrun.storage.auto.mount.params" . }}
   MLRUN_HTTPDB__PROJECTS__LEADER: mlrun
   MLRUN_HTTPDB__PROJECTS__FOLLOWERS: nuclio
-{{- if not .Values.global.infrastructure.aws.s3NonAnonymous }}
-  AWS_SECRET_ACCESS_KEY: {{ .Values.minio.rootPassword }}
-  AWS_ACCESS_KEY_ID: {{ .Values.minio.rootUser }}
-  AWS_ENDPOINT_URL_S3: {{ include "mlrun-ce.minio.service.url" . }}
-{{- end }}
+  # S3 credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_ENDPOINT_URL_S3)
+  # are now loaded from the 's3-credentials' Secret via envFrom secretRef
   MLRUN_FUNCTION__SPEC__SERVICE_ACCOUNT__DEFAULT: {{ .Values.mlrun.api.functionSpecServiceAccountDefault | default "" | quote }}
   MLRUN_HTTPDB__REAL_PATH: s3://
   MLRUN_ARTIFACT_PATH: s3://{{ $bucket_name }}/projects/{{ `{{run.project}}` }}/artifacts

charts/mlrun-ce/templates/config/s3-credentials-secret.yaml

@@ -0,0 +1,15 @@
+{{- if not .Values.global.infrastructure.aws.s3NonAnonymous }}
+# S3 credentials secret for MLRun, Jupyter, and other components
+# Uses AWS SDK standard environment variable names
+apiVersion: v1
+kind: Secret
+metadata:
+  name: s3-credentials
+  labels:
+    {{- include "mlrun-ce.common.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+  AWS_ACCESS_KEY_ID: {{ include "mlrun-ce.s3.accessKey" . }}
+  AWS_SECRET_ACCESS_KEY: {{ include "mlrun-ce.s3.secretKey" . }}
+  AWS_ENDPOINT_URL_S3: {{ include "mlrun-ce.s3.service.url" . }}
+{{- end }}

charts/mlrun-ce/templates/pipelines/configmaps/pipeline-install-config.yaml

@@ -1,13 +1,13 @@
 {{- if .Values.pipelines.enabled -}}
 apiVersion: v1
 data:
-  minioServiceHost: {{ include "mlrun-ce.minio-pipeline.service.url" . }}
-  minioServicePort: "{{ .Values.pipelines.minio.endpointPort }}"
+  objectStoreServiceHost: {{ include "mlrun-ce.s3.service.host" . }}
+  objectStoreServicePort: {{ include "mlrun-ce.s3.service.port" . | quote }}
   ConMaxLifeTime: 120s
   appName: pipeline
   appVersion: {{ .Values.pipelines.images.apiServer.tag }}
   autoUpdatePipelineDefaultVersion: "false"
-  bucketName: "{{ .Values.pipelines.minio.bucket }}"
+  bucketName: "{{ include "mlrun-ce.s3.bucket" . }}"
   cacheDb: cachedb
   cacheImage: {{ .Values.pipelines.images.cacheImage.repository }}:{{ .Values.pipelines.images.cacheImage.tag }}
   cacheNodeRestrictions: "false"

charts/mlrun-ce/templates/pipelines/configmaps/workflow-controller-configmap.yaml

@@ -9,8 +9,8 @@ data:
   artifactRepository: |
     archiveLogs: true
     s3:
-      endpoint: "{{ include "mlrun-ce.minio-pipeline.service.url" . }}:{{ .Values.pipelines.minio.endpointPort }}"
-      bucket: "{{ .Values.pipelines.minio.bucket }}"
+      endpoint: "{{ include "mlrun-ce.s3.service.host" . }}:{{ include "mlrun-ce.s3.service.port" . }}"
+      bucket: "{{ include "mlrun-ce.s3.bucket" . }}"
       insecure: true
       accessKeySecret:
         name: mlpipeline-minio-artifact