# Content Delivery Server for Multitenancy
An Entando Content Delivery Server (CDS) is required in order to enable multiple tenants to be served by the same Entando Application. This tutorial describes the steps required to setup CDS and configure the Entando App Engine to use it.
# Prerequisites
- A working instance of Entando based on the default Tomcat server image
# Create the CDS Resources
A set of resources are necessary to separate the storage and user data for the primary and each secondary tenant. For secondary tenants, simply provide a new tenant identifier referred to as YOUR-TENANT-NAME.
- Log in to the Keycloak admin console and get the RSA key for your realm by going to
Realm Settings→Keys. - Click on
Public Keyforrsa-generatedprovider and copy the content. This will beYOUR-PUBLIC-KEYCLOAK-KEYbelow. - Download the template
entando-cds.yaml:
curl -sLO "https://raw.githubusercontent.com/entando/entando-releases/v7.2.2/dist/ge-1-1-6/samples/entando-cds.yaml"- Replace the placeholders in
entando-cds.yamlwith the appropriate values for your environment.
Conventions:
- The storage limit and request is set to 1Gi and can be modified on the persistent volume claim.
- The file upload size limit is set to 150m and can be configured via the ingress annotations.
- In order to enable TLS, add a TLS secret and configure it on the ingress. Note that public URLs (e.g.,
CDS_PUBLIC_URL) should use the same http or https protocol as the Entando Application. Private/cluster-level URLs (e.g.,CDS_PRIVATE_URL) should use http. - The same Keycloak public key can be used if all the tenants share a Keycloak instance using different realms.
| Placeholder | Description |
|---|---|
| YOUR-APP-NAME | The name of the application, e.g., quickstart |
| YOUR-HOST-NAME | The base host name of the application, e.g., your-domain.com |
| YOUR-TENANT-NAME | The identifying name of the current tenant. In most cases it will also be used to determine the base URL of the tenant. For example, yoursite results in yoursite.your-domain.com. |
| YOUR-PUBLIC-KEYCLOAK-KEY | The public RSA key for the corresponding Keycloak instance. Make sure to retain the wrapping text with linefeeds: ---BEGIN PUBLIC KEY... END PUBLIC KEY---\n. |
- Create the CDS resources:
kubectl apply -f entando-cds-YOUR-TENANT-NAME.yaml -n YOUR-NAMESPACE
# Configure the EntandoApp to use CDS
TIP
The Entando App Engine needs to be reconfigured just for the initial or primary tenant so all tenants use CDS in the same way.
- Scale the EntandoApp deployment down to 0 replicas:
kubectl scale deploy/YOUR-APP-NAME-deployment --replicas=0 -n YOUR-NAMESPACE
- Edit the deployment YAML and add these environment variables:
spec:
containers:
- env:
- name: CDS_ENABLED
value: "true"
- name: CDS_PUBLIC_URL
value: http://YOUR-APP-NAME-cds.YOUR-HOST-NAME/YOUR-TENANT-NAME
- name: CDS_PRIVATE_URL
value: http://YOUR-TENANT-NAME-cds-service:8080
- name: CDS_PATH
value: /api/v1
- Remove the volume and volumeMount which were automatically created by the initial install process:
volumeMounts:
- mountPath: /entando-data
name: YOUR-APP-NAME-server-volume
volumes:
- name: YOUR-APP-NAME-server-volume
persistentVolumeClaim:
claimName: YOUR-APP-NAME-server-pvc
- Scale the deployment back up to 1 or more replicas:
kubectl scale deploy/YOUR-APP-NAME-deployment --replicas=1 -n YOUR-NAMESPACE
- Confirm the CDS is working by checking that digital assets are served from the
CDS_PUBLIC_URL. This includes images displayed on the sample page created by the Welcome Wizard.