Installing with a portable computer or storage device
You can use a portable device, such as a portable computer or a USB storage device, to perform an air-gapped installation of API Connect Essentials on Red Hat OpenShift Container Platform (OCP) or Native Kubernetes environment when your cluster has no internet connectivity.
If your cluster is not connected to the internet, you can mirror product images to a registry in your network-restricted environment by using a portable device. You can download images from the public registries on the internet to the portable device; then you can bring that portable device into the network-restricted environment (or transfer the files to a different device within the network-restricted environment) and mirror the images to the local registry. You can pull the images from the local registry to the target cluster for installation.
- Set up the mirroring environment.
- Prepare the target cluster:
- Deploy a supported version of Red Hat OpenShift Container Platform (OCP)
or Native Kubernetes (K8S) as a cluster.
For information, see Installation requirements section in Deployment guidelines.
- Configure storage on the cluster and make sure that it is available.
- Deploy a supported version of Red Hat OpenShift Container Platform (OCP)
or Native Kubernetes (K8S) as a cluster.
- Prepare the portable device:
You must be able to connect your portable device to the internet and to the restricted network environment (with access to the Red Hat OpenShift Container Platform (OCP) or Native Kubernetes (K8S) cluster and the local registry). The portable device must be on a Linux x86_64 or Mac platform with any operating system that the Red Hat OpenShift Client or Native Kubernetes (K8S) supports (in Windows, execute the actions in a Linux x86_64 VM or from a Windows Subsystem for Linux terminal).
- Ensure that the portable device has sufficient storage to accommodate all of the software that is to be transferred to the local registry.
- Install the dependency packages on the portable device.
- For Red Hat OpenShift environment:
- Install Podman for managing containers. See the Podman
installation instructions for details. For example, on Red Hat Enterprise
Linux 9, install Podman with the following
command:
yum install podman
- Install the Red Hat OpenShift Client tool (
oc
) as explained in Getting started with the OpenShift CLI.The
oc
tool is used for managing Red Hat OpenShift resources in the cluster. - Download the IBM Catalog Management Plug-in for IBM Cloud Paks version
1.1.0 or later from GitHub.The
ibm-pak
plug-in enables you to access hosted product images, and to runoc ibm-pak
commands against the cluster. To confirm thatibm-pak
is installed, run the following command and verify that the response lists the command usage:oc ibm-pak --help
- Install Podman for managing containers. See the Podman
installation instructions for details. For example, on Red Hat Enterprise
Linux 9, install Podman with the following
command:
- For Native Kubernetes environment:
- Install
skopeo
.skopeo
is used for managing containers.For example, on Red Hat Enterprise Linux 9, installskopeo
with the following command:yum install skopeo
- Install kubectl tool.
- Download the IBM Catalog Management Plug-in for IBM Cloud Pak version
1.1.0 or later from GitHub. After extracting the IBM Cloud Pak version, enter the
following command inside the extracted IBM Cloud Pak folder.
cp oc-ibm_pak-<OS>-<architecture type> /usr/local/bin/kubectl-ibm_pak
For example, in Linux OS:cp oc-ibm_pak-linux-amd64 /usr/local/bin/kubectl-ibm_pak
Theibm-pak
plug-in enables you to access hosted product images, and to runkubectl ibm-pak
commands against the cluster. To confirm thatibm-pak
is installed, run the following command and verify that the response lists the command usage:kubectl ibm-pak --help
- Install
- For Red Hat OpenShift environment:
- Set up a local image registry and credentials.
The local Docker registry stores the mirrored images in your network-restricted environment.
- Install a registry, or get access to an existing registry.
You might already have access to one or more centralized, corporate registry servers to store the API Connect for GraphQL images. If not, then you must install and configure a production-grade registry before proceeding.
The registry product that you use must meet the following requirements:- Supports multi-architecture images through Docker Manifest V2, Schema
2
For details, see Docker Manifest V2, Schema 2.
- Is accessible from the Red Hat OpenShift Container Platform cluster nodes
- Allows path separators in the image name
Note: Do not use the Red Hat OpenShift image registry as your local registry because it does not support multi-architecture images or path separators in the image name. - Supports multi-architecture images through Docker Manifest V2, Schema
2
- Configure the registry to meet the following requirements:
- Supports auto-repository creation
- It has sufficient storage to accommodate all the software that is to be transferred
- Has the credentials of a user who can create and write to repositories (the mirroring process uses these credentials)
- Has the credentials of a user who can read all repositories (the Red Hat OpenShift Container Platform cluster uses these credentials)
To access your registries during an air-gapped installation, use an account that can write to the target local registry. To access your registries during runtime, use an account that can read from the target local registry.
- Install a registry, or get access to an existing registry.
- Prepare the target cluster:
- [This is applicable only for Red Hat OpenShift environment.] Mirror the cert-manager
operator for Red Hat OpenShift. Mirror the operator as explained in the Red Hat
instructions: Mirroring images for a disconnected installation using the oc-mirror
plugin . When you modify the
ImageSetConfiguration
, includeopenshift-cert-manager-operator
at channelstable-v1
as one of the packages, as shown in the following example:packages: - name: openshift-cert-manager-operator channels: - name: stable-v1
- Set the environment variables and download the CASE
files.
Create the environment variables to use while mirroring images, connect to the internet, and download the API Connect for GraphQL CASE files.
- Create the following environment variables with the installer image name and the image inventory
on your portable device:
export CASE_NAME=ibm-stepzen-case export CASE_VERSION=<version+timestamp> export ARCH=amd64
- Connect your portable device to the internet (it does not need to be connected to the network-restricted environment at this time).
- Download the CASE files to your portable device:
Be sure to download both CASE files as shown in the example:
For Red Hat OpenShift envt: oc ibm-pak get $CASE_NAME --version $CASE_VERSION For Native Kubernetes envt: kubectl ibm-pak get $CASE_NAME --version $CASE_VERSION
If you omit the
--version
parameter, the command downloads the latest version.
- Create the following environment variables with the installer image name and the image inventory
on your portable device:
- Mirror the images.
The process of mirroring images involves downloading them from the internet to your portable computer or storage device. Once the images are mirrored, disconnect your device from the internet and connect it to the target registry. Next, mirror the images from your portable device to the target registry. Finally, configure your cluster and pull the images to it before installing API Connect for GraphQL.
- Generate mirror manifests.
- Define the environment variable $TARGET_REGISTRY by running the following command:
Replaceexport TARGET_REGISTRY=<target-registry>
<target-registry>
with the IP address (or hostname) and port of the local registry; for example:172.16.0.10:5000
. If you want the images to use a specific namespace within the target registry, you can specify it here; for example:172.16.0.10:5000/registry_ns
. - Generate mirror manifests by running the following
command:
For Red Hat OpenShift envt: oc ibm-pak generate mirror-manifests $CASE_NAME file://<mirror_image_folder_name> --version $CASE_VERSION $TARGET_REGISTRY For Native Kubernetes envt: kubectl ibm-pak generate mirror-manifests $CASE_NAME dir://<mirror_image_folder_name> --version $CASE_VERSION $TARGET_REGISTRY
If you need to filter for a specific image group, add the parameter
--filter <image_group>
to the command.
Thegenerate
command creates the following files at ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION:- catalog-sources.yaml
- catalog-sources-linux-<arch>.yaml (if there are architecture-specific catalog sources)
- image-content-source-policy.yaml
- images-mapping-to-filesystem.txt
- images-mapping-from-filesystem.txt
The files are used when mirroring the images to the
TARGET_REGISTRY
. - Define the environment variable $TARGET_REGISTRY by running the following command:
- Obtain an entitlement key for the entitled registry where the images are hosted:
- Log in to the IBM Container Library.
- In the Container software library, select Get entitlement key.
- In the "Access your container software" section, click Copy key.
- Copy the key to a safe location; you will use it to log in to
cp.icr.io
in the next step.
- Authenticate with the entitled registry where the images are hosted.
The image pull secret allows you to authenticate with the entitled registry and access product images.
- Run the following command to export the path to the file that will store the authentication
credentials that are generated on a Podman
login:
export REGISTRY_AUTH_FILE=$HOME/.docker/config.json
The authentication file is typically located at $HOME/.docker/config.json on Linux or %USERPROFILE%/.docker/config.json on Windows.
- Log in to the
cp.icr.io
registry.- For Red Hat OpenShift, use Podman; for
example:
podman login cp.icr.io
Use
cp
as the username and your entitlement key as the password. - For Native Kubernetes, use
skopeo
; for example:skopeo login cp.icr.io
- For Red Hat OpenShift, use Podman; for
example:
- Run the following command to export the path to the file that will store the authentication
credentials that are generated on a Podman
login:
- Mirror the images from the internet to the portable computer or storage device.
- Define the environment variable $IMAGE_PATH by running the following
command:
whereexport IMAGE_PATH=<image-path>
<image-path>
indicates where the files will be stored on the portable device's file system. - Connect the portable computer or storage device to the internet and use the following command to
mirror the images:
- For Red Hat OpenShift, use the following command:
oc image mirror \ -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-filesystem.txt\ -a $REGISTRY_AUTH_FILE \ --filter-by-os '.*' \ --skip-multiple-scopes \ --max-per-registry=1
Note: If the local registry is not secured by TLS, or the certificate presented by the local registry is not trusted by your device, add the--insecure
option to the command.There might be a slight delay before you see a response to the command.
- For Native Kubernetes, use the following
command
This command generates the list ofcat ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-filesystem.txt | sed 's/file:/dir:/g' | awk -F'=' '{ print "skopeo copy --all docker://"$1" "$2 }'
skopeo
commands as shown in the example.Execute the
skopeo
commands sequentially.
- For Red Hat OpenShift, use the following command:
- Define the environment variable $IMAGE_PATH by running the following
command:
- Move the portable device to the restricted-network environment.The procedure depends
on the type of device that you are using:
If you are using a portable computer, disconnect the device from the internet and connect it to the restricted-network environment. The same environment variables can be used.
If you are using portable storage, complete the following steps:- Transfer the following files to a device in the restricted-network environment:
- The
~/.ibm-pak
directory. - The contents of the
<image-path>
that you specified in the previous step.
- The
- Create the same environment variables as on the original device; for
example:
export CASE_NAME=ibm-stepzen-case export CASE_VERSION=<version+timestamp> export ARCH=amd64
export REGISTRY_AUTH_FILE=$HOME/.docker/config.json
export IMAGE_PATH=<image-path>
- Transfer the following files to a device in the restricted-network environment:
- Authenticate with the local registry.
Log in to the local registry using an account that can write images to that registry; for example:
podman login $TARGET_REGISTRY
If the registry is insecure, add the following flag to the command:
--tls-verify=false
. - Mirror the product images to the target registry.
- If you are using a portable computer, connect it to the restricted-network environment that
contains the local registry.
If you are using portable storage, you already transferred files to a device within the restricted-network environment.
- Run the following command to copy the images to the local registry:
-
For Red Hat OpenShift, use the following command:
oc image mirror \ -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-filesystem.txt\ -a $REGISTRY_AUTH_FILE \ --filter-by-os '.*' \ --skip-multiple-scopes \ --max-per-registry=1
Note: If the local registry is not secured by TLS, or the certificate that is presented by the local registry is not trusted by your device, add the--insecure
option to the command.There might be a slight delay before you see a response to the command.
- For Native Kubernetes, use the following
command:
This command generates the list ofcat ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-filesystem.txt | sed 's/file:/dir:/g' |awk -F'=' '{ print "skopeo copy --all "$1" docker://"$2 }'
skopeo
commands as shown in the example.Execute the
skopeo
commands sequentially.
-
For Red Hat OpenShift, use the following command:
- If you are using a portable computer, connect it to the restricted-network environment that
contains the local registry.
- Configure the target cluster.
-
For Red Hat OpenShift Container Platform, perform the following steps:
-
Once the images have been mirrored to the local registry, you need to configure the target cluster to pull images from it. Follow these steps to set up the cluster's global pull secret with the local registry's credentials and direct the cluster to retrieve images from the local registry.
- Log in to your Red Hat OpenShift Container Platform
cluster:
oc login <openshift_url> -u <username> -p <password> -n <namespace>
- Update the global image pull secret for the cluster as
explained in the Red Hat OpenShift Container Platform documentation.Note: If you have an insecure registry, add the registry to the cluster's
insecureRegistries
list by running the following command:
and add the TARGET_REGISTRY tooc edit image.config.openshift.io/cluster -o yaml
spec.registrySources.insecureRegistries
as shown in the following example:
If thespec: registrySources: insecureRegistries: - insecure0.svc:5001 - <TARGET_REGISTRY>
insecureRegistries
field does not exist, you can add it. - Create the ImageContentSourcePolicy, which instructs the cluster to pull the images from your
local
registry:
oc apply -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/image-content-source-policy.yaml
- Verify that the ImageContentSourcePolicy resource was
created:
oc get imageContentSourcePolicy
- Verify your cluster node status:
oc get MachineConfigPool -w
Wait for all nodes to be updated before proceeding to the next step.
- Log in to your Red Hat OpenShift Container Platform
cluster:
-
- For Native Kubernetes environment, perform the following steps:
- Add host aliases for
cp.icr.io
andicr.io
so that it points to your local registry. You can set the host aliases based on pod level or cluster level settings. Refer to Adding entries to Pod /etc/hosts with HostAliases for more details. - Make sure that the host aliases redirect to your target mirrored registry.
- Add host aliases for
-
For Red Hat OpenShift Container Platform, perform the following steps:
- Install the operator.
- Create a namespace (project).
- (Optional) Update the operator to define a custom namespace.
By default, the operator looks for a namespace called
stepzen
. If you want to use thestepzen
namespace, skip this step.Run the following command to replace all occurrences of the
stepzen
namespace in theoperator.yaml
file with your custom namespace, replacing<my-namespace>
with your own name:sed -i.orig 's/namespace: stepzen/namespace: <my-namespace>/g' operator.yaml
- Create a namespace, and then set the context to the new namespace.
Run the following commands, replacing
Red Hat OpenShift:<my-namespace>
with the name of your namespace (stepzen
if you did not update the operator.yaml) file:oc new-project <my-namespace> oc project <my-namespace>
- (Optional) Update the operator to define a custom namespace.
- Create the secrets.
The operator needs two types of secrets: an image pull secret of the type
kubernetes.io/dockerconfigjson
, and the data source name (DSN) for your PostgreSQL database.- Create an image pull secret using your IBM entitlement key.
Create an image pull secret named
ibm-entitlement-key
:oc create secret docker-registry ibm-entitlement-key --docker-server=<mirror registry> --docker-username=<username to login to the mirror registry> --docker-password=<password/key for the mirror registry username>
- Create a generic secret for the PostgreSQL server.
Create a generic secret containing the key
DSN
with a DSN pointing to your PostgreSQL server:oc create secret generic db-secret --from-literal=DSN=<dsn>
where
<dsn>
is a string of the formpostgresql://user:password@host/database
.
You can choose different secret names than those used in the examples. If you do, keep a record of the names and remember to use your own secrets when configuring the service).
- Create an image pull secret using your IBM entitlement key.
- Download and extract the CASE bundle.
- Navigate to the
ibm-stepzen-case
folder:cd $HOME/.ibm-pak/data/cases/$CASE_NAME/$CASE_VERSION
- Extract the CASE bundle by running the following
command:
tar zxvf ibm-stepzen-case--<$CASE_VERSION>.tgz
The contents are the CASE bundle are stored in a new directory called
ibm-stepzen-case
.
- Navigate to the
- Apply the operator manifest files to your cluster.
- In the extracted CASE, navigate to the following directory, where the installation files are
stored:
ibm-stepzen-case/inventory/stepzenGraphOperator/files/deploy
- In the
/deploy
folder, locate the following files:crd.yaml
is the operator Custom Resource Definition (CRD), a schema for the Custom Resource (CR) used to configure the operator.operator.yaml
defines the operator resources, including the active service account and associated roles, webhook, and operator deployment configuration.
- Apply the files by running the following commands:
oc apply -f crd.yaml oc apply -f operator.yaml
- In the extracted CASE, navigate to the following directory, where the installation files are
stored:
- Create a custom
resource (CR) that defines the configuration settings for your deployment.
The
/deploy
folder also contains a sample custom resource (CR) file namedcr.yaml
. Modify the CR to customize your GraphQL server.At minimum, make the following changes to enable installation:
Tip: For information on settings, see CR configuration settings.- Accept the license agreement.
Review the API Connect for GraphQL License agreement, and then set the key
spec.licence.accept
totrue
in the CR file to indicate your agreement. - Add your registry access token.
Set
spec.imagePullSecrets
to contain the name of the registry access token you created in step ii a. - Add your PostgreSQL secret.
Set
spec.controlDatabaseSecret
to the name of the secret containing the PostgreSQL DSN (that is, containing aDSN
key), which you created in step ii b.The following snippet shows an example CR with minimal contents, which configures horizontal pod autoscaling (HPA) for the graph and graph subscription services:
apiVersion: stepzen-graph.ibm.com/v1beta1 kind: StepZenGraphServer metadata: name: stepzen spec: license: accept: true controlDatabaseSecret: db-secret imagePullSecrets: - ibm-entitlement-key graphServer: hpa: minReplicas: 1 maxReplicas: 10 targetCPUUtilizationPercentage: 80 graphServerSubscription: hpa: minReplicas: 1 maxReplicas: 5 targetCPUUtilizationPercentage: 80
For more information on the settings available in the CR, see Configuring API Connect Essentials.
- Accept the license agreement.
- Configure API Connect Essentials by applying the CR.
- Apply the CR by running the following command:
oc apply -f cr.yaml
- Verify that the operator is running:
oc get StepZenGraphServer
- Apply the CR by running the following command:
When the installation completes successfully, you see a message similar to the following example, which indicates that the API Connect Essentials Graph Service is now running in your cluster:
NAME STATUS SUMMARY AGE stepzen Ready Services are ready 1m
When you run
oc get pods
, you see three types of pods running:stepzen-graph-operator-xxxx
: Operator pod managing the servicestepzen-graph-server-xxxx
: Graph Server handling single GraphQL requests (queries and mutations)stepzen-graph-server-subscription-xxxx
: Graph Server handling GraphQL subscriptions (persistent queries)
- Create a namespace (project).
- Generate mirror manifests.
Troubleshoot the installation
If you see a message stating that the server doesn't have the resource type
StepZenGraphServer
, then the operator installation failed and you should review
your cluster logs. If the operator pod is stuck in the ImagePullBackOff
state,
review and correct your image pull secret.
Set up a route or an ingress
To expose the service to the internet, you must create a route
(OpenShift) or an
ingress
(Kubernetes).
Traffic must be routed to the NodePort
object created by the operator, which
exposes the service on port 80 (HTTP). The routing object must also provide SSL termination to
expose the service over HTTPS.
-
Red Hat OpenShift: Follow the instructions in Setting up a route in OpenShift Container Platform to use
Route
objects that expose your service at the cluster domain (a URL ending withp1.openshiftapps.com/
) usingcert-manager
and self-signed or CA provided certificate. -
Kubernetes: Follow the instructions in Setting up an ingress in Kubernetes to set up an
Ingress
object with SSL.
- Setting up a route in OpenShift Container Platform
-
To set up a route, verify that you completed the following prerequisites:
- Operator installation is completed successfully and the pods are running.
- You have a cluster address of the form
my-rosa-cluster.abcd.p1.openshiftapps.com
. - You installed cert-manager in your cluster.
- You can use a different CA (such as self-signed issuer) for your deployment.
- Install OpenShift Route Support for cert-manager
(
openshift-routes
).OpenShift Route Support is an OpenShift add-on that supports annotation-based certificate assignment for OpenShift routes. For instructions, see the
openshift-routes
documentation. Be sure to installopenshift-routes
in the same namespace ascert-manager
. - Set up a
stepzen-graph-server
route for thestepzen
account.This is the "root" account of the API Connect Essentials service, which is used to host endpoints that modify the metadata database but does not serve application requests. The
stepzen-graph-server
route is required for the API Connect Essentials CLI to function.- Create a file named
stepzen-route.yaml
with the following contents (replacemy-rosa-cluster.abcd.p1
with actual cluster domain:apiVersion: route.openshift.io/v1 kind: Route metadata: labels: route: stepzen-service name: stepzen-to-graph-server namespace: stepzen spec: host: stepzen.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com port: targetPort: stepzen-graph-server tls: termination: edge insecureEdgeTerminationPolicy: None certificate: | -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- key: | -----BEGIN PRIVATE KEY----- [...] -----END PRIVATE KEY----- caCertificate: | -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- wildcardPolicy: None to: kind: Service name: stepzen-graph-server weight: 200
- Run the following command to apply the file, which installs the new route into the
cluster:
oc apply -f stepzen-route.yaml
- To verify that the service is reachable, run the following
command:
curl https://stepzen.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com/version
The response is a JSON object containing a few fields with server build information (such as
GitSha
).
- Create a file named
- Set up
stepzen-graph-server
andstepzen-graph-server-subscriptions
routes for thegraphql
account.This is the default account for serving application requests.
- Create a file named
graphql-route.yaml
with the following contents (replacemy-rosa-cluster.abcd.p1
with your actual cluster domain:apiVersion: route.openshift.io/v1 kind: Route metadata: labels: route: stepzen-service name: graphql-to-graph-server namespace: stepzen spec: host: graphql.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com path: / port: targetPort: stepzen-graph-server tls: termination: edge insecureEdgeTerminationPolicy: None certificate: | -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- key: | -----BEGIN PRIVATE KEY----- [...] -----END PRIVATE KEY----- caCertificate: | -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- wildcardPolicy: None to: kind: Service name: stepzen-graph-server weight: 150 --- apiVersion: route.openshift.io/v1 kind: Route metadata: labels: route: stepzen-service name: graphql-to-graph-server-subscriptions namespace: stepzen spec: host: graphql.zen.apps.my-rosa-cluster.abcd.p1.openshiftapps.com path: /stepzen-subscriptions/ port: targetPort: stepzen-graph-server-subscription tls: termination: edge insecureEdgeTerminationPolicy: None certificate: | -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- key: | -----BEGIN PRIVATE KEY----- [...] -----END PRIVATE KEY----- caCertificate: | -----BEGIN CERTIFICATE----- [...] -----END CERTIFICATE----- wildcardPolicy: None to: kind: Service name: stepzen-graph-server-subscription weight: 150
- Run the following command to apply the
file:
oc apply -f graphql-route.yaml
Attention: For each account that you want to add to your deployment, you must add a new pair of routes mapping<account>.graphserver.apps.my-rosa-cluster.abcd.p1/
and<account>.graphserver.apps.my-rosa-cluster.abcd.p1/stepzen-subscriptions
to thestepzen-graph-server
. - Create a file named
- Setting up an ingress in Kubernetes
-
Note: The instructions in this section might not show the precise steps and commands that are needed for your deployment. The sequence of commands you need to run to expose the API Connect for GraphQL Graph Service through an ingress object depends on your DNS and SSL setup.
To set up an ingress, verify that you completed the following prerequisites:
- Operator installation is completed successfully and the pods are running.
- You obtained SSL certificates for the domains
stepzen.my-domain.io
andgraphql.my-domain.io
and stored them in secretsstepzen-cert
andgraphql-cert
(alternatively, you can use a wildcard certificate for*.my-domain.io
in a single secret).
In the steps that follow, replace
my-domain.io
with the domain that you want to use.- Create the following ingress config file as
stepzen-ingress.yaml.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: zenserv-ingress annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: defaultBackend: service: name: stepzen-graph-server port: number: 80 tls: - hosts: ['stepzen.my-domain.io'] secretName: stepzen-cert - hosts: ['graphql.my-domain.io'] secretName: graphql-cert rules: - host: stepzen.my-domain.io http: paths: - path: /stepzen-subscriptions/ pathType: Prefix backend: service: name: stepzen-graph-server-subscription port: number: 80 - host: graphql.my-domain.io http: paths: - path: /stepzen-subscriptions/ pathType: Prefix backend: service: name: stepzen-graph-server-subscription port: number: 80
- Apply the file with the following command to install the
ingress:
kubectl apply -f stepzen-ingress.yaml
- Add the load balancer IP address and hostname in DNS.
What to do next
- Install the optional on-premises Introspection Service, and
- Add user accounts