Installing with a portable computer or storage device

You can use a portable device, such as a portable computer or a USB storage device, to perform an air-gapped installation of API Connect Essentials on Red Hat OpenShift Container Platform (OCP) or Native Kubernetes environment when your cluster has no internet connectivity.

Attention: This task must be performed by a Red Hat OpenShift or Kubernetes administrator.

If your cluster is not connected to the internet, you can mirror product images to a registry in your network-restricted environment by using a portable device. You can download images from the public registries on the internet to the portable device; then you can bring that portable device into the network-restricted environment (or transfer the files to a different device within the network-restricted environment) and mirror the images to the local registry. You can pull the images from the local registry to the target cluster for installation.

  1. Set up the mirroring environment.
    1. Prepare the target cluster:
      • Deploy a supported version of Red Hat OpenShift Container Platform (OCP) or Native Kubernetes (K8S) as a cluster.

        For information, see Installation requirements section in Deployment guidelines.

      • Configure storage on the cluster and make sure that it is available.
    2. Prepare the portable device:

      You must be able to connect your portable device to the internet and to the restricted network environment (with access to the Red Hat OpenShift Container Platform (OCP) or Native Kubernetes (K8S) cluster and the local registry). The portable device must be on a Linux x86_64 or Mac platform with any operating system that the Red Hat OpenShift Client or Native Kubernetes (K8S) supports (in Windows, execute the actions in a Linux x86_64 VM or from a Windows Subsystem for Linux terminal).

      1. Ensure that the portable device has sufficient storage to accommodate all of the software that is to be transferred to the local registry.
      2. Install the dependency packages on the portable device.
        • For Red Hat OpenShift environment:
          1. Install Podman for managing containers. See the Podman installation instructions for details. For example, on Red Hat Enterprise Linux 9, install Podman with the following command:
            yum install podman
          2. Install the Red Hat OpenShift Client tool (oc) as explained in Getting started with the OpenShift CLI.

            The oc tool is used for managing Red Hat OpenShift resources in the cluster.

          3. Download the IBM Catalog Management Plug-in for IBM Cloud Paks version 1.1.0 or later from GitHub.
            The ibm-pak plug-in enables you to access hosted product images, and to run oc ibm-pak commands against the cluster. To confirm that ibm-pak is installed, run the following command and verify that the response lists the command usage:
            oc ibm-pak --help
        • For Native Kubernetes environment:
          1. Install skopeo. skopeo is used for managing containers.
            For example, on Red Hat Enterprise Linux 9, install skopeo with the following command:
            yum install skopeo
          2. Install kubectl tool.
          3. Download the IBM Catalog Management Plug-in for IBM Cloud Pak version 1.1.0 or later from GitHub. After extracting the IBM Cloud Pak version, enter the following command inside the extracted IBM Cloud Pak folder.
            cp oc-ibm_pak-<OS>-<architecture type> /usr/local/bin/kubectl-ibm_pak
            For example, in Linux OS:
            cp oc-ibm_pak-linux-amd64 /usr/local/bin/kubectl-ibm_pak
            The ibm-pak plug-in enables you to access hosted product images, and to run kubectl ibm-pak commands against the cluster. To confirm that ibm-pak is installed, run the following command and verify that the response lists the command usage:
            kubectl ibm-pak --help
    3. Set up a local image registry and credentials.

      The local Docker registry stores the mirrored images in your network-restricted environment.

      1. Install a registry, or get access to an existing registry.

        You might already have access to one or more centralized, corporate registry servers to store the API Connect for GraphQL images. If not, then you must install and configure a production-grade registry before proceeding.

        The registry product that you use must meet the following requirements:
        • Supports multi-architecture images through Docker Manifest V2, Schema 2

          For details, see Docker Manifest V2, Schema 2.

        • Is accessible from the Red Hat OpenShift Container Platform cluster nodes
        • Allows path separators in the image name
        Note: Do not use the Red Hat OpenShift image registry as your local registry because it does not support multi-architecture images or path separators in the image name.
      2. Configure the registry to meet the following requirements:
        • Supports auto-repository creation
        • It has sufficient storage to accommodate all the software that is to be transferred
        • Has the credentials of a user who can create and write to repositories (the mirroring process uses these credentials)
        • Has the credentials of a user who can read all repositories (the Red Hat OpenShift Container Platform cluster uses these credentials)

      To access your registries during an air-gapped installation, use an account that can write to the target local registry. To access your registries during runtime, use an account that can read from the target local registry.

  2. [This is applicable only for Red Hat OpenShift environment.] Mirror the cert-manager operator for Red Hat OpenShift. Mirror the operator as explained in the Red Hat instructions: Mirroring images for a disconnected installation using the oc-mirror plugin .
    When you modify the ImageSetConfiguration, include openshift-cert-manager-operator at channel stable-v1 as one of the packages, as shown in the following example:
        packages:
        - name: openshift-cert-manager-operator
          channels:
          - name: stable-v1
  3. Set the environment variables and download the CASE files.

    Create the environment variables to use while mirroring images, connect to the internet, and download the API Connect for GraphQL CASE files.

    1. Create the following environment variables with the installer image name and the image inventory on your portable device:
      export CASE_NAME=ibm-stepzen-case
      export CASE_VERSION=<version+timestamp>
      export ARCH=amd64
    2. Connect your portable device to the internet (it does not need to be connected to the network-restricted environment at this time).
    3. Download the CASE files to your portable device:

      Be sure to download both CASE files as shown in the example:

      For Red Hat OpenShift envt: oc ibm-pak get $CASE_NAME --version $CASE_VERSION
      For Native Kubernetes envt: kubectl ibm-pak get $CASE_NAME --version $CASE_VERSION

      If you omit the --version parameter, the command downloads the latest version.

  4. Mirror the images.

    The process of mirroring images involves downloading them from the internet to your portable computer or storage device. Once the images are mirrored, disconnect your device from the internet and connect it to the target registry. Next, mirror the images from your portable device to the target registry. Finally, configure your cluster and pull the images to it before installing API Connect for GraphQL.

    1. Generate mirror manifests.
      1. Define the environment variable $TARGET_REGISTRY by running the following command:
        export TARGET_REGISTRY=<target-registry>
        Replace <target-registry> with the IP address (or hostname) and port of the local registry; for example: 172.16.0.10:5000. If you want the images to use a specific namespace within the target registry, you can specify it here; for example: 172.16.0.10:5000/registry_ns.
      2. Generate mirror manifests by running the following command:
        For Red Hat OpenShift envt: oc ibm-pak generate mirror-manifests $CASE_NAME file://<mirror_image_folder_name> --version $CASE_VERSION $TARGET_REGISTRY
        For Native Kubernetes envt: kubectl ibm-pak generate mirror-manifests $CASE_NAME dir://<mirror_image_folder_name> --version $CASE_VERSION $TARGET_REGISTRY

        If you need to filter for a specific image group, add the parameter --filter <image_group> to the command.

      The generate command creates the following files at ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION:
      • catalog-sources.yaml
      • catalog-sources-linux-<arch>.yaml (if there are architecture-specific catalog sources)
      • image-content-source-policy.yaml
      • images-mapping-to-filesystem.txt
      • images-mapping-from-filesystem.txt

      The files are used when mirroring the images to the TARGET_REGISTRY.

    2. Obtain an entitlement key for the entitled registry where the images are hosted:
      1. Log in to the IBM Container Library.
      2. In the Container software library, select Get entitlement key.
      3. In the "Access your container software" section, click Copy key.
      4. Copy the key to a safe location; you will use it to log in to cp.icr.io in the next step.
    3. Authenticate with the entitled registry where the images are hosted.

      The image pull secret allows you to authenticate with the entitled registry and access product images.

      1. Run the following command to export the path to the file that will store the authentication credentials that are generated on a Podman login:
        export REGISTRY_AUTH_FILE=$HOME/.docker/config.json

        The authentication file is typically located at $HOME/.docker/config.json on Linux or %USERPROFILE%/.docker/config.json on Windows.

      2. Log in to the cp.icr.io registry.
        1. For Red Hat OpenShift, use Podman; for example:
          podman login cp.icr.io

          Use cp as the username and your entitlement key as the password.

        2. For Native Kubernetes, use skopeo; for example:
          skopeo login cp.icr.io
    4. Mirror the images from the internet to the portable computer or storage device.
      1. Define the environment variable $IMAGE_PATH by running the following command:
        export IMAGE_PATH=<image-path>
        where <image-path> indicates where the files will be stored on the portable device's file system.
      2. Connect the portable computer or storage device to the internet and use the following command to mirror the images:
        • For Red Hat OpenShift, use the following command:
          oc image mirror \
            -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-filesystem.txt\
            -a $REGISTRY_AUTH_FILE \
            --filter-by-os '.*' \
            --skip-multiple-scopes \
            --max-per-registry=1
          Note: If the local registry is not secured by TLS, or the certificate presented by the local registry is not trusted by your device, add the --insecure option to the command.

          There might be a slight delay before you see a response to the command.

        • For Native Kubernetes, use the following command
          cat ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-filesystem.txt | sed 's/file:/dir:/g' | awk -F'=' '{ print "skopeo copy --all docker://"$1" "$2 }'
          This command generates the list of skopeo commands as shown in the example.Execute the skopeo commands sequentially.
    5. Move the portable device to the restricted-network environment.The procedure depends on the type of device that you are using:

      If you are using a portable computer, disconnect the device from the internet and connect it to the restricted-network environment. The same environment variables can be used.

      If you are using portable storage, complete the following steps:
      1. Transfer the following files to a device in the restricted-network environment:
        • The ~/.ibm-pak directory.
        • The contents of the <image-path> that you specified in the previous step.
      2. Create the same environment variables as on the original device; for example:
        export CASE_NAME=ibm-stepzen-case
        export CASE_VERSION=<version+timestamp>
        export ARCH=amd64
        export REGISTRY_AUTH_FILE=$HOME/.docker/config.json
        export IMAGE_PATH=<image-path>
    6. Authenticate with the local registry.

      Log in to the local registry using an account that can write images to that registry; for example:

      podman login $TARGET_REGISTRY

      If the registry is insecure, add the following flag to the command: --tls-verify=false.

    7. Mirror the product images to the target registry.
      1. If you are using a portable computer, connect it to the restricted-network environment that contains the local registry.

        If you are using portable storage, you already transferred files to a device within the restricted-network environment.

      2. Run the following command to copy the images to the local registry:
        • For Red Hat OpenShift, use the following command:
          oc image mirror \
            -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-filesystem.txt\
            -a $REGISTRY_AUTH_FILE \
            --filter-by-os '.*' \
            --skip-multiple-scopes \
            --max-per-registry=1
          Note: If the local registry is not secured by TLS, or the certificate that is presented by the local registry is not trusted by your device, add the --insecure option to the command.

          There might be a slight delay before you see a response to the command.

        • For Native Kubernetes, use the following command:
          cat ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-filesystem.txt | sed 's/file:/dir:/g' |awk -F'=' '{ print "skopeo copy --all "$1" docker://"$2 }'
          This command generates the list of skopeo commands as shown in the example.Execute the skopeo commands sequentially.
    8. Configure the target cluster.
      • For Red Hat OpenShift Container Platform, perform the following steps:
        1. Once the images have been mirrored to the local registry, you need to configure the target cluster to pull images from it. Follow these steps to set up the cluster's global pull secret with the local registry's credentials and direct the cluster to retrieve images from the local registry.

          1. Log in to your Red Hat OpenShift Container Platform cluster:
            oc login <openshift_url> -u <username> -p <password> -n <namespace>
          2. Update the global image pull secret for the cluster as explained in the Red Hat OpenShift Container Platform documentation.
            Note: If you have an insecure registry, add the registry to the cluster's insecureRegistries list by running the following command:
            oc edit image.config.openshift.io/cluster -o yaml
            and add the TARGET_REGISTRY to spec.registrySources.insecureRegistries as shown in the following example:
            spec:
              registrySources:
                insecureRegistries:
                - insecure0.svc:5001
                - <TARGET_REGISTRY>
            If the insecureRegistries field does not exist, you can add it.
          3. Create the ImageContentSourcePolicy, which instructs the cluster to pull the images from your local registry:
            oc apply -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/image-content-source-policy.yaml
          4. Verify that the ImageContentSourcePolicy resource was created:
            oc get imageContentSourcePolicy
          5. Verify your cluster node status:
            oc get MachineConfigPool -w

            Wait for all nodes to be updated before proceeding to the next step.

      • For Native Kubernetes environment, perform the following steps:
        1. Add host aliases for cp.icr.io and icr.io so that it points to your local registry. You can set the host aliases based on pod level or cluster level settings. Refer to Adding entries to Pod /etc/hosts with HostAliases for more details.
        2. Make sure that the host aliases redirect to your target mirrored registry.
    9. Install the operator.
      1. Create a namespace (project).
        1. (Optional) Update the operator to define a custom namespace.

          By default, the operator looks for a namespace called stepzen. If you want to use the stepzen namespace, skip this step.

          Run the following command to replace all occurrences of the stepzen namespace in the operator.yaml file with your custom namespace, replacing <my-namespace> with your own name:

          sed -i.orig 's/namespace: stepzen/namespace: <my-namespace>/g' operator.yaml
        2. Create a namespace, and then set the context to the new namespace.

          Run the following commands, replacing <my-namespace> with the name of your namespace (stepzen if you did not update the operator.yaml) file:

          Red Hat OpenShift:
          oc new-project <my-namespace>
          oc project <my-namespace>
      2. Create the secrets.

        The operator needs two types of secrets: an image pull secret of the type kubernetes.io/dockerconfigjson, and the data source name (DSN) for your PostgreSQL database.

        1. Create an image pull secret using your IBM entitlement key.

          Create an image pull secret named ibm-entitlement-key:

          oc create secret docker-registry ibm-entitlement-key --docker-server=<mirror registry> --docker-username=<username to login to the mirror registry> --docker-password=<password/key for the mirror registry username>
        2. Create a generic secret for the PostgreSQL server.

          Create a generic secret containing the key DSN with a DSN pointing to your PostgreSQL server:

          oc create secret generic db-secret --from-literal=DSN=<dsn>

          where <dsn> is a string of the form postgresql://user:password@host/database.

        You can choose different secret names than those used in the examples. If you do, keep a record of the names and remember to use your own secrets when configuring the service).

      3. Download and extract the CASE bundle.
        1. Navigate to the ibm-stepzen-case folder:
          cd $HOME/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION
        2. Extract the CASE bundle by running the following command:
          tar zxvf ibm-stepzen-case--<$CASE_VERSION>.tgz

          The contents are the CASE bundle are stored in a new directory called ibm-stepzen-case.

      4. Apply the operator manifest files to your cluster.
        1. In the extracted CASE, navigate to the following directory, where the installation files are stored:
          ibm-stepzen-case/inventory/stepzenGraphOperator/files/deploy
        2. In the /deploy folder, locate the following files:
          • crd.yaml is the operator Custom Resource Definition (CRD), a schema for the Custom Resource (CR) used to configure the operator.
          • operator.yaml defines the operator resources, including the active service account and associated roles, webhook, and operator deployment configuration.
        3. Apply the files by running the following commands:
          oc apply -f crd.yaml 
          oc apply -f operator.yaml 
      5. Create a custom resource (CR) that defines the configuration settings for your deployment.

        The /deploy folder also contains a sample custom resource (CR) file named cr.yaml. Modify the CR to customize your GraphQL server.

        At minimum, make the following changes to enable installation:

        Tip: For information on settings, see CR configuration settings.
        1. Accept the license agreement.

          Review the API Connect for GraphQL License agreement, and then set the key spec.licence.accept to true in the CR file to indicate your agreement.

        2. Add your registry access token.

          Set spec.imagePullSecrets to contain the name of the registry access token you created in step ii a.

        3. Add your PostgreSQL secret.

          Set spec.controlDatabaseSecret to the name of the secret containing the PostgreSQL DSN (that is, containing a DSN key), which you created in step ii b.

          The following snippet shows an example CR with minimal contents, which configures horizontal pod autoscaling (HPA) for the graph and graph subscription services:

          apiVersion: stepzen-graph.ibm.com/v1beta1
          kind: StepZenGraphServer
          metadata:
            name: stepzen
          spec:
            license:
              accept: true
            controlDatabaseSecret: db-secret
            imagePullSecrets: 
              - ibm-entitlement-key
            graphServer:
              hpa:
                minReplicas: 1
                maxReplicas: 10
                targetCPUUtilizationPercentage: 80
            graphServerSubscription:
              hpa:
                minReplicas: 1
                maxReplicas: 5
                targetCPUUtilizationPercentage: 80

        For more information on the settings available in the CR, see Configuring API Connect Essentials.

      6. Configure API Connect Essentials by applying the CR.
        1. Apply the CR by running the following command:
          oc apply -f cr.yaml
        2. Verify that the operator is running:
          oc get StepZenGraphServer 

      When the installation completes successfully, you see a message similar to the following example, which indicates that the API Connect Essentials Graph Service is now running in your cluster:

      NAME      STATUS   SUMMARY              AGE
      stepzen   Ready    Services are ready   1m

      When you run oc get pods, you see three types of pods running:

      • stepzen-graph-operator-xxxx: Operator pod managing the service
      • stepzen-graph-server-xxxx: Graph Server handling single GraphQL requests (queries and mutations)
      • stepzen-graph-server-subscription-xxxx: Graph Server handling GraphQL subscriptions (persistent queries)

Troubleshoot the installation

If you see a message stating that the server doesn't have the resource type StepZenGraphServer, then the operator installation failed and you should review your cluster logs. If the operator pod is stuck in the ImagePullBackOff state, review and correct your image pull secret.

Set up a route or an ingress

To expose the service to the internet, you must create a route (OpenShift) or an ingress (Kubernetes).

Traffic must be routed to the NodePort object created by the operator, which exposes the service on port 80 (HTTP). The routing object must also provide SSL termination to expose the service over HTTPS.

Setting up a route in OpenShift Container Platform

To set up a route, verify that you completed the following prerequisites:

  • Operator installation is completed successfully and the pods are running.
  • You have a cluster address of the form my-rosa-cluster.abcd.p1.openshiftapps.com.
  • You installed cert-manager in your cluster.
  • You can use a different CA (such as self-signed issuer) for your deployment.
  1. Install OpenShift Route Support for cert-manager (openshift-routes).

    OpenShift Route Support is an OpenShift add-on that supports annotation-based certificate assignment for OpenShift routes. For instructions, see the openshift-routes documentation. Be sure to install openshift-routes in the same namespace as cert-manager.

  2. Set up a stepzen-graph-server route for the stepzen account.

    This is the "root" account of the API Connect Essentials service, which is used to host endpoints that modify the metadata database but does not serve application requests. The stepzen-graph-server route is required for the API Connect Essentials CLI to function.

    1. Create a file named stepzen-route.yaml with the following contents (replace my-rosa-cluster.abcd.p1 with actual cluster domain:
      apiVersion: route.openshift.io/v1
      kind: Route
      metadata:
        labels:
          route: stepzen-service
        name: stepzen-to-graph-server
        namespace: stepzen
      spec:
        host: stepzen.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com
        port:
          targetPort: stepzen-graph-server
        tls:
          termination: edge
          insecureEdgeTerminationPolicy: None
          certificate: |
            -----BEGIN CERTIFICATE-----
            [...]
            -----END CERTIFICATE-----
          key: |
            -----BEGIN PRIVATE KEY-----
            [...]
            -----END PRIVATE KEY-----
          caCertificate: |
            -----BEGIN CERTIFICATE-----
            [...]
            -----END CERTIFICATE-----
        wildcardPolicy: None
        to:
          kind: Service
          name: stepzen-graph-server
          weight: 200
    2. Run the following command to apply the file, which installs the new route into the cluster:
      oc apply -f stepzen-route.yaml
    3. To verify that the service is reachable, run the following command:
      curl https://stepzen.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com/version

      The response is a JSON object containing a few fields with server build information (such as GitSha).

  3. Set up stepzen-graph-server and stepzen-graph-server-subscriptions routes for the graphql account.

    This is the default account for serving application requests.

    1. Create a file named graphql-route.yaml with the following contents (replace my-rosa-cluster.abcd.p1 with your actual cluster domain:
      apiVersion: route.openshift.io/v1
      kind: Route
      metadata:
        labels:
          route: stepzen-service
        name: graphql-to-graph-server
        namespace: stepzen
      spec:
        host: graphql.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com
        path: /
        port:
          targetPort: stepzen-graph-server
        tls:
          termination: edge
          insecureEdgeTerminationPolicy: None
          certificate: |
            -----BEGIN CERTIFICATE-----
            [...]
            -----END CERTIFICATE-----
          key: |
            -----BEGIN PRIVATE KEY-----
            [...]
            -----END PRIVATE KEY-----
          caCertificate: |
            -----BEGIN CERTIFICATE-----
            [...]
            -----END CERTIFICATE-----
        wildcardPolicy: None
        to:
          kind: Service
          name: stepzen-graph-server
          weight: 150
      
      ---
      
      apiVersion: route.openshift.io/v1
      kind: Route
      metadata:
        labels:
          route: stepzen-service
        name: graphql-to-graph-server-subscriptions
        namespace: stepzen
      spec:
        host: graphql.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com
        path: /stepzen-subscriptions/
        port:
          targetPort: stepzen-graph-server-subscription
        tls:
          termination: edge
          insecureEdgeTerminationPolicy: None
          certificate: |
            -----BEGIN CERTIFICATE-----
            [...]
            -----END CERTIFICATE-----
          key: |
            -----BEGIN PRIVATE KEY-----
            [...]
            -----END PRIVATE KEY-----
          caCertificate: |
            -----BEGIN CERTIFICATE-----
            [...]
            -----END CERTIFICATE-----
        wildcardPolicy: None
        to:
          kind: Service
          name: stepzen-graph-server-subscription
          weight: 150
    2. Run the following command to apply the file:
      oc apply -f graphql-route.yaml
    Attention: For each account that you want to add to your deployment, you must add a new pair of routes mapping <account>.graphserver.apps.my-rosa-cluster.abcd.p1/ and <account>.graphserver.apps.my-rosa-cluster.abcd.p1/stepzen-subscriptions to the stepzen-graph-server.
Setting up an ingress in Kubernetes
Note: The instructions in this section might not show the precise steps and commands that are needed for your deployment. The sequence of commands you need to run to expose the API Connect for GraphQL Graph Service through an ingress object depends on your DNS and SSL setup.

To set up an ingress, verify that you completed the following prerequisites:

  • Operator installation is completed successfully and the pods are running.
  • You obtained SSL certificates for the domains stepzen.my-domain.io and graphql.my-domain.io and stored them in secrets stepzen-cert and graphql-cert (alternatively, you can use a wildcard certificate for *.my-domain.io in a single secret).

In the steps that follow, replace my-domain.io with the domain that you want to use.

  1. Create the following ingress config file as stepzen-ingress.yaml.
        apiVersion: networking.k8s.io/v1
        kind: Ingress
        metadata:
          name: zenserv-ingress
          annotations:
            nginx.ingress.kubernetes.io/rewrite-target: /
        spec:
          defaultBackend:
            service:
              name: stepzen-graph-server
              port:
                number: 80
          tls:
          - hosts: ['stepzen.my-domain.io']
            secretName: stepzen-cert
          - hosts: ['graphql.my-domain.io']
            secretName: graphql-cert
          rules:
          - host: stepzen.my-domain.io
            http:
              paths:
              - path: /stepzen-subscriptions/
                pathType: Prefix
                backend:
                  service:
                    name: stepzen-graph-server-subscription
                    port:
                      number: 80
          - host: graphql.my-domain.io
            http:
              paths:
                - path: /stepzen-subscriptions/
                  pathType: Prefix
                  backend:
                    service:
                      name: stepzen-graph-server-subscription
                      port:
                        number: 80
  2. Apply the file with the following command to install the ingress:
    kubectl apply -f stepzen-ingress.yaml
  3. Add the load balancer IP address and hostname in DNS.

What to do next

After you verify that API Connect for GraphQL is successfully installed, you can: