Server
This section describes how to create new tenants (also called organizations) in the replex software.
The user who can set up another organization/tenant must have a
SUPER_ADMIN
role.If you do not yet have your authentication token, you must first log in to receive the token. If you already have the token, you can jump to step 3 and use the token in the authentication header.
- 1.Ensure the replex API is accessible.
If you have exposed the API over a public URL, then you can use that. Otherwise, access the API locally by port-forwarding the service with the following command:
kubectl port-forward --namespace replex svc/replex-server 3100
The following steps will assume the replex API is running at
http://localhost:3100
.- 1.Login with super admin credentials.
Next you'll login to the API to retrieve your authentication token for further requests to the API.
curl --location --request POST 'http://localhost:3100/api/v1/auth/login' \
--header 'Content-Type: application/json' \
--data-raw '{
"email": "<SUPER_ADMIN_EMAIL>",
"password": "<SUPER_ADMIN_PASSWORD>",
"tenant": "<UNIQUE_ORGANIZATION_ID>"
}'
The output will be similar to:
{
"status": true,
"data": { "token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJvcmdh...." }
}
The contents of the
data.token
field is the authentication token we need.- 1.Call the 'create organization' endpoint.
curl --location --request POST 'http://localhost:3100/api/v1/organizations' \
--header 'Authorization: Bearer <TOKEN_FROM_PREVIOUS_STEP>' \
--header 'Content-Type: application/json' \
--data-raw '{
"name": "<NEW_ORGANIZATION_NAME>",
"email": "<ORGANIZATION_EMAIL>",
"tenantID": "<NEW_UNIQUE_ORGANIZATION_ID>",
"admin":{
"firstName": "--",
"lastName": "--",
"password": "--"
}
}'
A user with the user details provided in
admin
is automatically created for the new tenant. The login details are the values in email
and admin.password
.NOTE: The user that creates the new tenant is not automatically a member of the new tenant, but they can login to the tenant because the software allows
SUPER_ADMIN
users to login to any tenant on an installation.The output will be similar to:
{
"status": true,
"data": {
"id": "eafedacd-4fba-4d31-be52-69567262a372",
"defaultCurrency": "USD",
"billingStatus": true,
"name": "New Organization",
"email": "[email protected]",
"tenantID": "neworganization",
"active": true,
"updated_at": "2020-10-20T15:54:48.100Z",
"created_at": "2020-10-20T15:54:48.100Z"
}
}
The new organization/tenancy has been successfully created.
Once the software detects that more than one tenant exists, it automatically adds a new 'Tenant ID' field to the login form. The value of this field is the tenant you want to log in to. The email / password combination must exist in the tenant.
- 1.Generate Replex token.
For configuring replex agents a Replex token is needed. To generate the token we need the organization ID from the previous step to specify for which organization we want to generate a token. The ID can be found in the response under
data.id
. We'll make use of the authentication token to get the Replex token:curl --location --request GET 'http://localhost:3100/api/v1/organizations/<ORGANIZATION_ID_FROM_PREVIOUS_STEP>/token' \
--header 'Authorization: Bearer <TOKEN_FROM_STEP_3>'
The response contains a new token which can be used as the replex.token Helm parameter in the agent Helm chart.
This section describes cluster stats querying basics and provides examples.
NOTE: Examples below require authentication token, that can be retrieved at 'http://localhost:3100/api/v1/auth/login' An instruction can be found in the section
Multitenancy Setup
above on the step 2.Cluster stats endpoints supports different parameters depending on the type of resource. Assume that a labels range stats endpoint is queried. It requires a couple of parameters:
- start: timestamp that represents the beginning of the period where to start aggregate metrics.
- end: timestamp that represents the end of the period where to stop aggregating metrics.
- clusterID: the unique ID of the cluster to query stats for.
Available lucene keys to filter by are:
labels.<LABEL_NAME>:<LABEL_VALUE>
- represents resource labels, where key isLABEL_NAME
and value isLABEL_VALUE
, e.g.labels.app:replex-server
.namespace:<NAMESPACE_NAME>
- represents resources namespace, e.g.namespace:monitoring
.key:<LABEL_NAME>
- represents label name that must appear in stats, e.g.key:app
.
A basic examples of
filters
parameter to query stats: | Parameter value | Description |
1 | filters=labels.labelKey1:labelValue1 OR (labels.labelKey1:labelValue2 AND namespace:nsName1) | Query resources that have labels with key labelKey1 and value labelValue1 or resources that are in namespace nsName1 and have labels key labelKey1 with value labelValue2 . |
2 | filters=labels.labelKey1:labelValue1 AND namespace:nsName1 | Query resources that have labels with key labelKey1 and value labelValue1 and belong to namespace nsName1 . |
3 | filters=namespace:nsName1 OR namespace:nsName2 | Query resources that belong to namespace nsName1 or nsName2 . |
4 | filters=namespace:nsName1 AND key:labelKey1 | Query resources that belong to namespace nsName1 and have label keys such as labelKey1 . |
These are the environment variables used by the application:
| Variable | Required | Default | Description |
1 | POSTGRES_DB | Yes | | |
2 | POSTGRES_USER | Yes | | |
3 | POSTGRES_PASSWORD | Yes | | |
4 | POSTGRES_HOST | Yes | | Database host, or Master if using replication |
5 | POSTGRES_PORT | No | 5432 | |
6 | ENV | No | development | Options: production , development , test |
7 | PORT | No | 3100 | |
8 | PUBLIC_KEY | Yes | | Public key string (used for JWT). Prefix with file: if specifying a file path. |
9 | PRIVATE_KEY | Yes | | Private key string (used for JWT). Prefix with file: if specifying a file path. |
10 | ADMIN_FIRST_NAME | No | | Initial Admin user credentials |
11 | ADMIN_LAST_NAME | No | | |
12 | ADMIN_EMAIL | No | | |
13 | ADMIN_PASSWORD | No | | |
14 | ORGANIZATION_NAME | No | | Initial organization name |
15 | SECRET | Yes | | Used for internal password recovery token en-/decryption |
16 | CODE_ACTIVE_MINUTES | No | 15 | Token lifetime in minutes |
17 | EMAIL_MODE | No | enable | Options: enable , disable |
18 | SMTP_HOST | If EMAIL_MODE is enable | | |
19 | SMTP_PORT | If EMAIL_MODE is enable | | |
20 | SMTP_USER | If EMAIL_MODE is enable | | |
21 | SMTP_PASS | If EMAIL_MODE is enable | | |
22 | SMTP_SECURE | If EMAIL_MODE is enable | | |
23 | HOST_URL | No (required for on-prem) | Server host url. | |
24 | PRICING_API_MODE | No | enable | Options: enable , disable |
25 | PRICING_API_KEY | If PRICING_API_MODE is enable | | |
26 | PRICING_API_HOST | If PRICING_API_MODE is enable | | |
27 | MAX_POOL_SIZE | No | 20 | Max database connection pool size |
28 | LOG_LEVEL | No | 6 | Higher value represents higher verbosity (correspond to syslog levels - https://en.wikipedia.org/wiki/Syslog#Severity_level) |
29 | INGRESS_NAME | No | | Ingress to be configured with new host information for organization |
30 | INGRESS_HOST_SUFFIX | No | replex.io | Suffix appended to organization tenant ID to form Ingress host |
31 | STRIPE_API_KEY | No | | Stripe API key. Used for Servicebot self checkout |
32 | STRIPE_WEBHOOK_SECRET | No | | Stripe webhook secret. Used for verifying stripe webhook requests. |
33 | SERVICEBOT_PORTAL_ID | No | | Servicebot Billing Page ID of the Customer Portal. |
34 | SERVICEBOT_CHECKOUT_ID | No | | Servicebot Checkout Page ID. |
35 | STRIPE_PRODUCT_ID | No | | Stripe Product ID. |
36 | SAML_DECRYPTION_PRIVATE_KEY | No | | SAML SP Private Key to decrypt SAMLResponses. Prefix with file: if specifying a file path. |
37 | SAML_DECRYPTION_PUBLIC_CERT | No | | SAML SP Public certificate to decrypt SAMLResponses. Prefix with file: if specifying a file path. |
38 | SAML_SIGNING_PRIVATE_KEY | No | | SAML SP Private Key to sign SAMLRequests. Prefix with file: if specifying a file path. |
39 | SAML_SIGNING_PUBLIC_CERT | No | | SAML SP Public Certificate to sign SAMLRequests. Prefix with file: if specifying a file path. |
40 | METRICS_RETENTION_THRESHOLD_DAYS | No | 7 | Represents the period when the raw metrics are saved in the db and could be accessed in short time range stats queries |
41 | CLOUDCOST_TAG_KEY_NAMESPACE | No | CLOUDCOST_TAG_KEY_NAMESPACE | Tag key representing namespaces in cloud billing data. |
42 | DB_READ_HOSTS | NO | | Comma-separated list of read replica IP addresses, e.g. 1.1.1.1,8.8.9.9,192.168.5.255 |
Last modified 2yr ago