How to deploy the Substra backend¶
This guide shows you how to deploy the backend component of Substra.
Prerequisites¶
To deploy a Substra backend you will need a fully configured Kubernetes cluster. You will also need to install Helm.
Preparing your Helm values¶
The Substra backend deployment is packaged using Helm. You can find the complete description of values that can be used to configure the chart on Artifact Hub.
To configure your values:
Add the Helm repository for Substra:
helm repo add substra https://substra.github.io/charts/
Create a Helm values file named
backend-values.yaml
with the following content:organizationName: ORGANIZATION
ReplaceORGANIZATION
with the name of your Organization. It should match one of the organizations present in the Orchestrator channel configuration.Configure your Substra backend Ingress. In the
backend-values.yaml
file add the following content:config: ALLOWED_HOSTS: '[".HOSTDOMAIN"]' server: defaultDomain: https://SUBDOMAIN.HOSTDOMAIN:443 commonHostDomain: HOSTDOMAIN ingress: enabled: true hostname: SUBDOMAIN.HOSTDOMAIN
ReplaceHOSTDOMAIN
with the domain of your server without the lowest subdomain (e.g. for a server exposed atapi.substra.org
HOSTDOMAIN
would besubstra.org
).ReplaceSUBDOMAIN
with the lowest subdomain (e.g. for a server exposed atapi.substra.org
SUBDOMAIN
would beapi
).Caution
For
ALLOWED_HOSTS
, note that the leading dot is important.Configure your connection to the orchestrator. In the
backend-values.yaml
file add the following content:orchestrator: host: ORCHESTRATOR_HOSTNAME port: ORCHESTRATOR_PORT mspID: ORGANIZATION
ReplaceORCHESTRATOR_HOSTNAME
with the hostname of the orchestrator.ReplaceORCHESTRATOR_PORT
with the port of your orchestrator (Should be80
if TLS is disabled, otherwise443
).ReplaceORGANIZATION
with the name of your Organization. It should be the same value as for theorganizationName
key.
Configure your Substra Channels. In the
backend-values.yaml
file, add the following content under theorchestrator
key:channels: - CHANNEL: restricted: RESTRICTED model_export_enabled: MODEL_EXPORT chaincode: name: mycc
ReplaceCHANNEL
with the name of a channel you want to be part of, it should match one of the channels defined in your Orchestrator Substra Channels.ReplaceRESTRICTED
withtrue
if your organization should be the only member of this channel elsefalse
.ReplaceMODEL_EXPORT
withtrue
if you want to allow users from this channel to be able to download models produced by the platform, elsefalse
.Optional: If your Orchestrator has TLS enabled:
Retrieve the CA certificate from your orchestrator:
The CA certificate is the
orchestrator-ca.crt
file generated at the Generate your Certificate Authority certificate step of the Orchestrator deployment. If a public Certificate Authority was used to generate the orchestrator certificate you will need to fetch the certificate of the Certificate Authority.Create a ConfigMap containing the CA certificate:
kubectl create configmap orchestrator-cacert --from-file=ca.crt=orchestrator-ca.crt
Configure your backend to enable Orchestrator TLS. In the
backend-values.yaml
file add the following content under theorchestrator
key:tls: enabled: true cacert: orchestrator-cacert
Optional: If the orchestrator requires your backend to be authenticated by using mTLS follow How to set up mTLS.
Add users to your backend. In the
backend-values.yaml
file add the following content:addAccountOperator: users: - name: USERNAME secret: PASSWORD channel: CHANNEL
ReplaceUSERNAME
with the name of the user you want to add.ReplacePASSWORD
with the password of the user you want to add. It should be at least 20 characters long.ReplaceCHANNEL
with the name of the channel this user is part of. It should match one of the channels defined in your Substra Channel configuration.Optional: Define configuration for inter organization communication. For this you can follow the guide How to link multiple Substra backends.
Deploy the Chart¶
To deploy the Substra Backend chart in your Kubernetes cluster follow these steps:
Deploy the backend Helm chart:
helm install RELEASE-NAME substra/substra-backend --version VERSION --values backend-values.yaml
ReplaceRELEASE-NAME
with the name of your Substra backend release (it can be an arbitrary name).ReplaceVERSION
with the version of the Substra backend helm chart you want to deploy.This will create all the Kubernetes resources required for a functional Substra backend in your Kubernetes cluster.