3. Deploy the backend

This section details deploying a node for the ingen organization onto cluster-1.

You will need to repeat this for biotechnica onto cluster-2, with the appropriate values changed.

The backend depends on the orchestrator and will fail to run if the orchestrator is not available and operational.

3.1. Prepare your Helm values

See also

Full reference on Artifact Hub.

To configure your values:

  1. Create a Helm values file named backend-ingen-values.yaml with the following content:

    organizationName: ingen
    
  2. Configure your Substra backend Ingress. In the backend-ingen-values.yaml file add the following content:

    config:
      ALLOWED_HOSTS: '[".cluster-1.DOMAIN"]'
    
    server:
      defaultDomain: https://api.cluster-1.DOMAIN:443
      commonHostDomain: cluster-1.DOMAIN
    
      ingress:
        enabled: true
        hostname: api.cluster-1.DOMAIN
    

    Caution

    For ALLOWED_HOSTS, note that the leading dot is important.

  3. Configure your connection to the orchestrator. In the backend-ingen-values.yaml file add the following content:

    orchestrator:
      host: ORCHESTRATOR_HOSTNAME
      port: ORCHESTRATOR_PORT
      mspID: ingen
    
    ORCHESTRATOR_HOSTNAME should be orchestrator.cluster-1.DOMAIN if you are _outside_ the cluster, but if we are working on cluster-1 we should use its local name orchestrator-server.orchestrator (following the service-name.namespace convention).
    ORCHESTRATOR_PORT should be 443 if TLS is enabled, otherwise 80.
  1. Configure your Substra Channels. In the backend-values.yaml file, add the following content under the orchestrator key:

    channels:
      - our-channel:
          restricted: false
          model_export_enabled: true
          chaincode:
            name: mycc
    
    The channel name is our-channel, as configured in Orchestrator Substra Channels.
    restricted would prevent other organizations from joining the channel
    model_export_enabled allows users from this channel to download models produced by the platform
  2. Optional: If your orchestrator has TLS enabled:

    1. Retrieve the CA certificate from your orchestrator:

      The CA certificate is the orchestrator-ca.crt file generated at the Generate your Certificate Authority certificate step of the orchestrator deployment. If a public Certificate Authority was used to generate the orchestrator certificate, you need to fetch the certificate of the Certificate Authority.

    2. Create a ConfigMap containing the CA certificate:

      kubectl create configmap orchestrator-cacert --from-file=ca.crt=orchestrator-ca.crt
      
    3. Configure your backend to enable orchestrator TLS. In the backend-ingen-values.yaml file add the following content under the orchestrator key:

      tls:
        enabled: true
        cacert: orchestrator-cacert
      
  3. Add users to your backend. In the backend-ingen-values.yaml file add the following content:

    addAccountOperator:
      users:
        - name: admin
          secret: an3xtr4lengthyp@ssword
          channel: our-channel
    
    The password must be at least 20 characters long.

3.2. Deploy the Chart

  1. Deploy the backend Helm chart:

    helm install backend substra/substra-backend --version VERSION --values backend-values.yaml --namespace ingen --create-namespace
    
    Replace VERSION with the version of the Substra backend helm chart you want to deploy.
  2. Validate:

    curl -kL api.cluster-1.DOMAIN
    

    Should return a 401 with the message:

    {"detail":"Authentication credentials were not provided."}