3. Deploy the backend
This section details deploying a node for the ingen
organization onto cluster-1
.
You will need to repeat this for biotechnica
onto cluster-2
, with the appropriate values changed.
The backend depends on the orchestrator and will fail to run if the orchestrator is not available and operational.
3.1. Prepare your Helm values
See also
Full reference on Artifact Hub.
To configure your values:
Create a Helm values file named
backend-ingen-values.yaml
with the following content:organizationName: ingen
Configure your Substra backend Ingress. In the
backend-ingen-values.yaml
file add the following content:config: ALLOWED_HOSTS: '[".cluster-1.DOMAIN"]' server: defaultDomain: https://api.cluster-1.DOMAIN:443 commonHostDomain: cluster-1.DOMAIN ingress: enabled: true hostname: api.cluster-1.DOMAIN
Caution
For
ALLOWED_HOSTS
, note that the leading dot is important.Configure your connection to the orchestrator. In the
backend-ingen-values.yaml
file add the following content:orchestrator: host: ORCHESTRATOR_HOSTNAME port: ORCHESTRATOR_PORT mspID: ingen
ORCHESTRATOR_HOSTNAME
should beorchestrator.cluster-1.DOMAIN
if you are _outside_ the cluster, but if we are working oncluster-1
we should use its local nameorchestrator-server.orchestrator
(following theservice-name.namespace
convention).ORCHESTRATOR_PORT
should be443
if TLS is enabled, otherwise80
.
Configure your Substra Channels. In the
backend-values.yaml
file, add the following content under theorchestrator
key:channels: - our-channel: restricted: false model_export_enabled: true chaincode: name: mycc
The channel name isour-channel
, as configured in Orchestrator Substra Channels.restricted
would prevent other organizations from joining the channelmodel_export_enabled
allows users from this channel to download models produced by the platformOptional: If your orchestrator has TLS enabled:
Retrieve the CA certificate from your orchestrator:
The CA certificate is the
orchestrator-ca.crt
file generated at the Generate your Certificate Authority certificate step of the orchestrator deployment. If a public Certificate Authority was used to generate the orchestrator certificate, you need to fetch the certificate of the Certificate Authority.Create a ConfigMap containing the CA certificate:
kubectl create configmap orchestrator-cacert --from-file=ca.crt=orchestrator-ca.crt
Configure your backend to enable orchestrator TLS. In the
backend-ingen-values.yaml
file add the following content under theorchestrator
key:tls: enabled: true cacert: orchestrator-cacert
Add users to your backend. In the
backend-ingen-values.yaml
file add the following content:addAccountOperator: users: - name: admin secret: an3xtr4lengthyp@ssword channel: our-channel
The password must be at least 20 characters long.
3.2. Deploy the Chart
Deploy the backend Helm chart:
helm install backend substra/substra-backend --version VERSION --values backend-values.yaml --namespace ingen --create-namespace
ReplaceVERSION
with the version of the Substra backend helm chart you want to deploy.Validate:
curl -kL api.cluster-1.DOMAIN
Should return a
401
with the message:{"detail":"Authentication credentials were not provided."}