cleanstart/minio

Verified Publisher

By CleanStart

Updated about 10 hours ago

Secure by Design, Built for Speed, Hardened Container Images on a minimal base CleanStart OS.

Image
Web servers
1

50K+

cleanstart/minio repository overview

CleanStart Container for MinIO

MinIO is a high-performance, Kubernetes-native object storage solution. This container provides a production-ready MinIO server implementation, compatible with Amazon S3 APIs. It features distributed mode capabilities, encryption-at-rest, identity management, and ransomware protection. Designed for cloud-native applications, it supports both small-scale development environments and large enterprise deployments with petabyte-scale storage requirements.

📌 CleanStart Foundation: Security-hardened, minimal base OS designed for enterprise containerized environments.

Key Features

  • S3 API compatibility with high-performance object storage
  • Built-in encryption and key management
  • Multi-tenant support with IAM-style policies
  • Distributed architecture with erasure coding

Common Use Cases

  • Cloud-native application storage backend
  • Backup and archive storage solution
  • Machine learning data lake storage
  • Content distribution and media asset management

Quick Start

Pull Latest Image Download the container image from the registry

docker pull cleanstart/minio:latest
docker pull cleanstart/minio:latest-dev

Basic Run Run the container with basic configuration

docker run -d -p 9000:9000 -p 9001:9001 --name minio-test cleanstart/minio:latest server /data --console-address ':9001'

Production Deployment Deploy with production security settings

docker run -d --name minio-prod \
  --read-only \
  --security-opt=no-new-privileges \
  --user 1000:1000 \
  -p 9000:9000 -p 9001:9001 \
  -v /mnt/data:/data \
  -e MINIO_ROOT_USER=admin \
  -e MINIO_ROOT_PASSWORD=strongpassword \
  cleanstart/minio:latest server /data --console-address ':9001'

Volume Mount Mount local directory for persistent data

docker run -v $(pwd)/data:/data cleanstart/minio:latest server /data

Port Forwarding Run with custom port mappings

docker run -p 9000:9000 -p 9001:9001 cleanstart/minio:latest server /data --console-address ':9001'

Configuration

Environment Variables

VariableDefaultDescription
PATH/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binSystem PATH configuration
MINIO_ROOT_USERminioadminMinIO root user for initial setup
MINIO_ROOT_PASSWORDminioadminMinIO root password for initial setup
MINIO_REGION_NAMEus-east-1MinIO server region name

Security & Best Practices

Recommended Security Context

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  capabilities:
    drop: ['ALL']

Best Practices

  • Use specific image tags for production (avoid latest)
  • Configure resource limits: memory and CPU constraints
  • Enable read-only root filesystem when possible
  • Run containers with non-root user (--user 1000:1000)
  • Use --security-opt=no-new-privileges flag
  • Regularly update container images for security patches
  • Implement proper network segmentation
  • Monitor container metrics for anomalies

Architecture Support

Multi-Platform Images

docker pull --platform linux/amd64 cleanstart/minio:latest
docker pull --platform linux/arm64 cleanstart/minio:latest
## Documentation Resources Essential links and resources for further information

CleanStart Images: https://images.cleanstart.com/

Community Images:
Docker Hub: https://hub.docker.com/u/cleanstart
GitHub: https://github.com/cleanstart-containers
AWS ECR Public Gallery: https://gallery.ecr.aws/cleanstart/

Presence on Social Media:
Community: https://www.linkedin.com/groups/18324021/
YouTube: https://www.youtube.com/@CleanStartOfficial

Contribute to Container Use Cases: https://github.com/cleanstart-dev/cleanstart-use-cases/


Vulnerability Disclaimer

CleanStart offers Docker images that include third-party open-source libraries and packages maintained by independent contributors. While CleanStart maintains these images and applies industry-standard security practices, it cannot guarantee the security or integrity of upstream components beyond its control.

Users acknowledge and agree that open-source software may contain undiscovered vulnerabilities or introduce new risks through updates. CleanStart shall not be liable for security issues originating from third-party libraries, including but not limited to zero-day exploits, supply chain attacks, or contributor-introduced risks.

Security remains a shared responsibility: CleanStart provides updated images and guidance where possible, while users are responsible for evaluating deployments and implementing appropriate controls.

Tag summary

Content type

Image

Digest

sha256:1790272eb

Size

63.2 MB

Last updated

about 10 hours ago

docker pull cleanstart/minio:0.20260330.001845-amd64