Run only one MinIO server for multi-tenancy

[wufeiwua]

Is your feature request related to a problem? Please describe.
To host multiple tenants on a single machine, I have to run multiple MinIO Servers.

Describe the solution you'd like
I want to be able to manage multiple tenants with one service, and would u tell me why MinIO needs to run one MinIO Server per tenant. What is the benefit of doing this? Thank u very much!

Describe alternatives you've considered

Additional context

[harshavardhana]

The use-case is very similar to why you would run multiple virtual machines on the same hardware, It provides isolation for data that doesn't need to share the same namespace.

It provides the best security and also the flexibility of managing multiple customers on the same hardware. MinIO is used in this fashion as well in many customer deployments.

[wufeiwua]

It's like MinIO provides storage services and a tenant is similar to the enterprise that uses the service, so they need to isolate their data in this way, right?

[harshavardhana]

Yes

[wufeiwua]

Got it! Thanks!

[olljanat]

I would also argue that MinIO is using term "multi-tenancy" incorrectly on its documentation because it is actually using "multi-instance" model.

However, it is very easy to enable real multi-tenancy to single MinIO instance by utilizing S3 policies.

Example, you might create policy like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "s3:*",
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::tenant1-*"
    }
  ]
}

Which allow users to do any operations for buckets which name starts with "tenant1-".

Alternatively you can use model where there is just one bucket per tenant and use one more level in folder structure.
This model works best on situation where MinIO admin wants to enforce certain policies to all the tenants (encryption, lifecycle rules, etc...)