3. Deploy the backend

This section details deploying a node for the ingen organization onto cluster-1.

You will need to repeat this for biotechnica onto cluster-2, with the appropriate values changed.

The backend depends on the orchestrator and will fail to run if the orchestrator is not available and operational.

3.1. Prepare your Helm values

See also

Full reference on Artifact Hub.

To configure your values:

Create a Helm values file named backend-ingen-values.yaml with the following content:
```
organizationName: ingen
```

Configure your Substra backend Ingress. In the backend-ingen-values.yaml file add the following content:

config:
  ALLOWED_HOSTS: '[".cluster-1.DOMAIN"]'

server:
  defaultDomain: https://api.cluster-1.DOMAIN:443
  commonHostDomain: cluster-1.DOMAIN

  ingress:
    enabled: true
    hostname: api.cluster-1.DOMAIN

Caution

For ALLOWED_HOSTS, note that the leading dot is important.

Configure your connection to the orchestrator. In the backend-ingen-values.yaml file add the following content:
```
orchestrator:
  host: ORCHESTRATOR_HOSTNAME
  port: ORCHESTRATOR_PORT
  mspID: ingen
```
ORCHESTRATOR_HOSTNAME should be orchestrator.cluster-1.DOMAIN if you are _outside_ the cluster, but if we are working on cluster-1 we should use its local name orchestrator-server.orchestrator (following the service-name.namespace convention).

ORCHESTRATOR_PORT should be 443 if TLS is enabled, otherwise 80.

Configure your Substra Channels. In the backend-values.yaml file, add the following content under the orchestrator key:
```
channels:
  - our-channel:
      restricted: false
      model_export_enabled: true
      chaincode:
        name: mycc
```
The channel name is our-channel, as configured in Orchestrator Substra Channels.

restricted would prevent other organizations from joining the channel

model_export_enabled allows users from this channel to download models produced by the platform
Optional: If your orchestrator has TLS enabled:
1. Retrieve the CA certificate from your orchestrator:
  
  The CA certificate is the orchestrator-ca.crt file generated at the Generate your Certificate Authority certificate step of the orchestrator deployment. If a public Certificate Authority was used to generate the orchestrator certificate, you need to fetch the certificate of the Certificate Authority.
2. Create a ConfigMap containing the CA certificate:
```
kubectl create configmap orchestrator-cacert --from-file=ca.crt=orchestrator-ca.crt
```
3. Configure your backend to enable orchestrator TLS. In the backend-ingen-values.yaml file add the following content under the orchestrator key:
```
tls:
  enabled: true
  cacert: orchestrator-cacert
```

Add users to your backend. In the backend-ingen-values.yaml file add the following content:

addAccountOperator:
  users:
    - name: admin
      secret: an3xtr4lengthyp@ssword
      channel: our-channel

The password must be at least 20 characters long.

3.2. Deploy the Chart

Deploy the backend Helm chart:

helm install backend substra/substra-backend --version VERSION --values backend-values.yaml --namespace ingen --create-namespace

Replace VERSION with the version of the Substra backend helm chart you want to deploy.

Validate:

curl -kL api.cluster-1.DOMAIN

Should return a 401 with the message:

{"detail":"Authentication credentials were not provided."}