Skip to main content

Tenant configuration

Chef 360 Platform uses a multi-tenant software architecture. A tenant is a group of users that share common access to a software application’s instance. In Chef 360 Platform, a tenant is represented by a unique domain name and unique identity store.

This configuration section describes how to set the default tenant for your installation.

Tenant configuration

In the Tenant Configuration section, configure Chef 360 Platform with the name of the tenant and the unique domain name attached to the tenant.

Warning

Currently, changing any value in this section is only supported during the initial installation.
FieldDescription
NameThis is a friendly name for the primary tenant. The tenant name must be unique and is typically the name of the company/organization.
Top Level Domain (TLD)This sets the top-level domain (TLD) name the tenant will use, for example chef.io.
SubdomainThis is the subdomain unique to this tenant. This is the subdomain users/nodes use to access chef-360.
Fully Qualified Domain Name(readonly) subdomain + TLD This will be Chef 360 Platform is deployed from.

Note

If you are evaluating Chef 360 Platform and can’t assign a routable domain, create a host file on every node that requires access to Chef 360 Platform.

Enable tenant APIs

A token is required to create or manage tenant APIs through the internal and public gateways.

Warning

This is a experimental feature and is subject to change.

To enable the tenant APIs, add a token to the API/UI settings.

To add the token, follow these steps:

  1. In the Replicated UI configuration screen during the Chef 360 Platform installation, enable Advanced Configuration.

  2. In the API/UI Settings, enter the token in the Install Admin Token field.

    • The token must be at least 16 characters long.
    • It can include alphanumeric characters, underscores _, and hyphens -.
  3. To enable the token for the public gateway, select the Enable Install Admin Token for Public Gateway checkbox. Without this, you won’t be able to access tenant APIs through the public gateway.

API/UI settings showing Install Admin token, Metrics API token, Gateway nginx Reverse Proxy NodePort.

API headers

Use the following headers when calling the tenant APIs:

  • API-Key: Set this to INSTALL-ADMIN-TOKEN.
  • API-Secret: Use the token value configured in the Replicated UI.

Example

This example uses curl to call the tenant APIs with an API token.

curl --location 'http://<HOST>:<PORT>/platform/system/v1/internal/tenants' \
--header 'API-Key: INSTALL-ADMIN-TOKEN' \
--header 'API-Secret: <INSTALL_ADMIN_TOKEN>'

Replace <INSTALL_ADMIN_TOKEN> with the API token entered in the Install Admin Token field.

Note

You can also call tenant APIs without a token by passing these valid service headers: Service-Id, Service-Role-Id, Service-Role-Name and Service-Role-Level.

Organizational unit

This is the default organization unit.

FieldDescription
NameThis is a friendly name for the primary organizational unit. The name must be unique.
Description(optional) A description of the organizational unit. Typically this describes the internal users or scope/intent of the organizational unit.

Warning

Be careful when naming the OU because changing this value later has implications.

SMTP configuration

An active SMTP server is required to use Chef 360 Platform. It’s used during the installation process to send the administrative account a one-time password that’s used to set the password.

SMTP Server Type add-on

If add-ons are enabled you are presented with the option to use Mailpit instead of an external mail server. Mailpit isn’t intended for use outside of evaluation or testing purposes. For additional information on Mailpit, refer to the following page: Mailpit.

Mailpit NodePort add-on advanced

The Kubernetes NodePort that the Mailpit web UI will use. For additional information on Kubernetes NodePorts, refer to the Kubernetes networking guide.

SMTP Server Name

This is the name of the SMTP integration registered to the tenant.

SMTP Host

This is the hostname, DNS entry, or IP Address of the SMTP server.

SMTP Port

The port number the SMTP server is listening on.

SMTP Retries Enabled

If enabled, Chef 360 Platform attempts to deliver email multiple times (upon a failure).

Number of Retries

The number of retries Chef 360 Platform should attempt.

Note

This is only visible if SMTP Retries are enabled.

SMTP Check TLS

Enable if Chef 360 Platform requires a valid TLS certificate.

Note

Only enable this if your email server doesn’t support TLS or you are using a self-signed certificate on the SMTP server.

Administrator

The Tenant Administrator is the user who is provisioned during installation. Upon creation, a One-Time Password (OTP) is emailed to this user for activation.

First Name

The first name of the tenant administrator.

Last Name

The last name of the tenant administrator.

Email Address

The email address of the tenant administrator. Upon creation, a One-Time Password (OTP) is emailed to this user for activation.

Thank you for your feedback!

×