Server

Multitenancy Setup

This section describes how to create new tenants (also called organizations) in the replex software.

The user who can set up another organization/tenant must have a SUPER_ADMIN role.

If you do not yet have your authentication token, you must first log in to receive the token. If you already have the token, you can jump to step 3 and use the token in the authentication header.

  1. Ensure the replex API is accessible.

If you have exposed the API over a public URL, then you can use that. Otherwise, access the API locally by port-forwarding the service with the following command:

kubectl port-forward --namespace replex svc/replex-server 3100

The following steps will assume the replex API is running at http://localhost:3100.

  1. Login with super admin credentials.

Next you'll login to the API to retrieve your authentication token for further requests to the API.

curl --location --request POST 'http://localhost:3100/api/v1/auth/login' \
--header 'Content-Type: application/json' \
--data-raw '{
    "email": "<SUPER_ADMIN_EMAIL>",
    "password": "<SUPER_ADMIN_PASSWORD>",
    "tenant": "<UNIQUE_ORGANIZATION_ID>"
}'

The output will be similar to:

{
  "status": true,
  "data": { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdh...." }
}

The contents of the data.token field is the authentication token we need.

  1. Call the 'create organization' endpoint.

curl --location --request POST 'http://localhost:3100/api/v1/organizations' \
--header 'Authorization: Bearer <TOKEN_FROM_PREVIOUS_STEP>' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name": "<NEW_ORGANIZATION_NAME>",
    "email": "<ORGANIZATION_EMAIL>",
    "tenantID": "<NEW_UNIQUE_ORGANIZATION_ID>",
    "admin":{
        "firstName": "--",
        "lastName": "--",
        "password": "--"
    }
}'

A user with the user details provided in admin is automatically created for the new tenant. The login details are the values in email and admin.password.

NOTE: The user that creates the new tenant is not automatically a member of the new tenant, but they can login to the tenant because the software allows SUPER_ADMIN users to login to any tenant on an installation.

The output will be similar to:

{
  "status": true,
  "data": {
    "id": "eafedacd-4fba-4d31-be52-69567262a372",
    "defaultCurrency": "USD",
    "billingStatus": true,
    "name": "New Organization",
    "email": "john.doe@hello.com",
    "tenantID": "neworganization",
    "active": true,
    "updated_at": "2020-10-20T15:54:48.100Z",
    "created_at": "2020-10-20T15:54:48.100Z"
  }
}

The new organization/tenancy has been successfully created.

Once the software detects that more than one tenant exists, it automatically adds a new 'Tenant ID' field to the login form. The value of this field is the tenant you want to log in to. The email / password combination must exist in the tenant.

  1. Generate Replex token.

For configuring replex agents a Replex token is needed. To generate the token we need the organization ID from the previous step to specify for which organization we want to generate a token. The ID can be found in the response under data.id. We'll make use of the authentication token to get the Replex token:

curl --location --request GET 'http://localhost:3100/api/v1/organizations/<ORGANIZATION_ID_FROM_PREVIOUS_STEP>/token' \
--header 'Authorization: Bearer <TOKEN_FROM_STEP_3>'

The response contains a new token which can be used as the replex.token Helm parameter in the agent Helm chart.

Replex filter query language

This section describes cluster stats querying basics and provides examples.

NOTE: Examples below require authentication token, that can be retrieved at 'http://localhost:3100/api/v1/auth/login' An instruction can be found in the section Multitenancy Setup above on the step 2.

Cluster stats endpoints supports different parameters depending on the type of resource. Assume that a labels range stats endpoint is queried. It requires a couple of parameters:

  • start: timestamp that represents the beginning of the period where to start aggregate metrics.

  • end: timestamp that represents the end of the period where to stop aggregating metrics.

  • filters: a query string in Lucene query syntax.

  • clusterID: the unique ID of the cluster to query stats for.

Available lucene keys to filter by are:

  • labels.<LABEL_NAME>:<LABEL_VALUE> - represents resource labels, where key is LABEL_NAME and value is LABEL_VALUE, e.g. labels.app:replex-server.

  • namespace:<NAMESPACE_NAME> - represents resources namespace, e.g. namespace:monitoring.

  • key:<LABEL_NAME> - represents label name that must appear in stats, e.g. key:app.

A basic examples of filters parameter to query stats:

Parameter value

Description

1

filters=labels.labelKey1:labelValue1 OR (labels.labelKey1:labelValue2 AND namespace:nsName1)

Query resources that have labels with key labelKey1 and value labelValue1 or resources that are in namespace nsName1 and have labels key labelKey1 with value labelValue2.

2

filters=labels.labelKey1:labelValue1 AND namespace:nsName1

Query resources that have labels with key labelKey1 and value labelValue1 and belong to namespace nsName1.

3

filters=namespace:nsName1 OR namespace:nsName2

Query resources that belong to namespace nsName1 or nsName2.

4

filters=namespace:nsName1 AND key:labelKey1

Query resources that belong to namespace nsName1 and have label keys such as labelKey1.

Environment Variables

These are the environment variables used by the application:

Variable

Required

Default

Description

1

POSTGRES_DB

Yes

2

POSTGRES_USER

Yes

3

POSTGRES_PASSWORD

Yes

4

POSTGRES_HOST

Yes

Database host, or Master if using replication

5

POSTGRES_PORT

No

5432

6

ENV

No

development

Options: production, development, test

7

PORT

No

3100

8

PUBLIC_KEY

Yes

Public key string (used for JWT). Prefix with file: if specifying a file path.

9

PRIVATE_KEY

Yes

Private key string (used for JWT). Prefix with file: if specifying a file path.

10

ADMIN_FIRST_NAME

No

Initial Admin user credentials

11

ADMIN_LAST_NAME

No

12

ADMIN_EMAIL

No

13

ADMIN_PASSWORD

No

14

ORGANIZATION_NAME

No

Initial organization name

15

SECRET

Yes

Used for internal password recovery token en-/decryption

16

CODE_ACTIVE_MINUTES

No

15

Token lifetime in minutes

17

EMAIL_MODE

No

enable

Options: enable, disable

18

SMTP_HOST

If EMAIL_MODE is enable

19

SMTP_PORT

If EMAIL_MODE is enable

20

SMTP_USER

If EMAIL_MODE is enable

21

SMTP_PASS

If EMAIL_MODE is enable

22

SMTP_SECURE

If EMAIL_MODE is enable

23

HOST_URL

No (required for on-prem)

https://replex.replex.io

Server host url.

24

PRICING_API_MODE

No

enable

Options: enable, disable

25

PRICING_API_KEY

If PRICING_API_MODE is enable

26

PRICING_API_HOST

If PRICING_API_MODE is enable

27

MAX_POOL_SIZE

No

20

Max database connection pool size

28

LOG_LEVEL

No

6

Higher value represents higher verbosity (correspond to syslog levels - https://en.wikipedia.org/wiki/Syslog#Severity_level)

29

INGRESS_NAME

No

Ingress to be configured with new host information for organization

30

INGRESS_HOST_SUFFIX

No

replex.io

Suffix appended to organization tenant ID to form Ingress host

31

STRIPE_API_KEY

No

Stripe API key. Used for Servicebot self checkout

32

STRIPE_WEBHOOK_SECRET

No

Stripe webhook secret. Used for verifying stripe webhook requests.

33

SERVICEBOT_PORTAL_ID

No

Servicebot Billing Page ID of the Customer Portal.

34

SERVICEBOT_CHECKOUT_ID

No

Servicebot Checkout Page ID.

35

STRIPE_PRODUCT_ID

No

Stripe Product ID.

36

SAML_DECRYPTION_PRIVATE_KEY

No

SAML SP Private Key to decrypt SAMLResponses. Prefix with file: if specifying a file path.

37

SAML_DECRYPTION_PUBLIC_CERT

No

SAML SP Public certificate to decrypt SAMLResponses. Prefix with file: if specifying a file path.

38

SAML_SIGNING_PRIVATE_KEY

No

SAML SP Private Key to sign SAMLRequests. Prefix with file: if specifying a file path.

39

SAML_SIGNING_PUBLIC_CERT

No

SAML SP Public Certificate to sign SAMLRequests. Prefix with file: if specifying a file path.

40

METRICS_RETENTION_THRESHOLD_DAYS

No

7

Represents the period when the raw metrics are saved in the db and could be accessed in short time range stats queries

41

CLOUDCOST_TAG_KEY_NAMESPACE

No

CLOUDCOST_TAG_KEY_NAMESPACE

Tag key representing namespaces in cloud billing data.

42

DB_READ_HOSTS

NO

Comma-separated list of read replica IP addresses, e.g. 1.1.1.1,8.8.9.9,192.168.5.255

PreviousPushgatewayNextPricing API

Last updated