# Installing the Grafbase Enterprise Platform

The Grafbase Enterprise Platform is distributed as a Helm chart that can be installed on any Kubernetes cluster. Please [contact sales](/contact/sales) to get the needed credentials to access the charts and container images.

## Prerequisites

Before you start the installation, make sure you have the following prerequisites:

- A Kubernetes cluster with at least 4 CPU and 8 GB of memory.
- Helm 3 installed on your local machine.
- Helmfile installed on your local machine.
- Kubernetes CLI installed on your local machine.

## Installation

The Grafbase Helm chart is hosted on our private repository. To install the Grafbase Enterprise Platform, you need to add the repository to your Helm configuration:

```bash
helm registry login helm.grafbase.com --username <username> --password-stdin
```

The next step is to create a Kubernetes namespace for the Enterprise Platform. When done, you can start defining the helmfile configuration:

```yaml
releases:
  - name: enterprise-platform
    chart: oci://helm.grafbase.com/enterprise-platform/stable/enterprise-platform
    version: <version>
    namespace: default
    createNamespace: true
    values:
      - ./values.yaml.gotmpl
    secrets:
      - ./secrets.yaml
```

The `values.yaml.gotmpl` and `secrets.yaml` files should be created in the same directory as the helmfile configuration. The `values.yaml.gotmpl` file should contain the configuration for the Grafbase Enterprise Platform, and the `secrets.yaml` file should contain the secrets for the platform.

The first thing is to define the services that you want to install to the Grafbase Enterprise Platform cluster. To start, you can enable all services to play with the cluster:

```yaml
global:
  zitadel:
    enabled: false
  postgres:
    enabled: true
  clickhouse:
    enabled: true
  minio:
    enabled: true
  kafka:
    enabled: true
  telemetrySink:
    enabled: true
  otelCollector:
    enabled: true
  dashboard:
    enabled: true
```

In a production environment, you might want to disable some services that you don't need. In general it is advised to have at least the following services enabled:

- **API**: The core API of the platform. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/api.md))
- **Dashboard**: Allows you to manage your graphs from the browser. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/dashboard.md))
- **Telemetry Sink**: Collects telemetry data from the Grafbase Gateway. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/telemetry-sink.md))
- **OpenTelemetry Collector**: Aggregates telemetry data from Kafka to ClickHouse. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/otel-collector.md))
- **Zitadel**: The identity provider for the platform ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/zitadel.md)). It is being deprecated in favor of integrating directly with your own IdP: see [the single sign-on docs](https://grafbase.com/docs/platform/self-hosting/single-sign-on.md).

Additionally, you might want to enable the following services:

- **Postgres**: Database that stores the core platform data. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/postgres.md))
- **ClickHouse**: Database that stores the analytics data. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/clickhouse.md))
- **MinIO**: Object storage that stores the platform files. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/minio.md))
- **Kafka**: Message broker that stores the telemetry data. ([configuration values](https://grafbase.com/docs/platform/self-hosting/charts/kafka.md))

## CLI Setup

By default, the [Grafbase CLI](https://grafbase.com/docs/cli/installation.md) uses the Grafbase Cloud Platform. To use the Grafbase Enterprise Platform, you need to configure the CLI to use your platform. You can do this by defining the URL to your local installation in the CLI login command:

```bash
grafbase login --url https://<your-enterprise-platform-url>
```

After logging in, you can use the CLI to interact with your Grafbase Enterprise Platform installation.

## Gateway Setup

The [Grafbase Gateway](https://grafbase.com/docs/gateway/installation.md) uses the Enterprise Platform to store telemetry data for the analytics and tracing dashboards.

Additionally, the Enterprise Platform is responsible for composing subgraph schemas. The latest federated graph schema (supergraph schema) for a graph can be fetched using the Grafbase CLI:

Assuming you have logged in interactively with `grafbase login` using the `--url` argument to point to your own instance of the enterprise platform, you can run:

```bash
grafbase schema account-name/graph-name@branch-name
```

In a non-interactive environment (like CI), you can use the `GRAFBASE_API_URL` and `GRAFBASE_ACCESS_TOKEN` environment variables:

```bash
GRAFBASE_ACCESS_TOKEN="..." GRAFBASE_API_URL=https://api.grafbase.com/graphql grafbase schema account-name/graph-name@branch-name
```

Replace `api.grafbase.com` with the address of your instance of the enterprise platform, as well as the account and graph name in the example above. The branch name is optional, and will default to the production branch of the graph. The token in `GRAFBASE_ACCESS_TOKEN` must be authorized for the specific graph or have full access to the organization.

You can then start the Gateway with the downloaded schema:

```bash
grafbase schema account-name/graph-name@branch-name > schema.graphql
GRAFBASE_OTEL_URL=https://custom-telemetry-sink-deployment.dev grafbase-gateway --schema ./schema.graphql --config grafbase.toml
```

Note that you must change the telemetry sink URL by setting the `GRAFBASE_OTEL_URL` environment variable in the Grafbase Gateway deployment to the URL of the [Telemetry Sink chart](https://grafbase.com/docs/platform/self-hosting/charts/telemetry-sink.md). Also set `GRAFBASE_OBJECT_STORAGE_URL` to the root url of the object-storage service in your enterprise platform deployment.

The Gateway watches the schema file for changes, so if you update it in your filesystem, or for example as part of a Kubernetes ConfigMap, the gateway will automatically pick up the new schema and serve new requests with it, without restarting or losing state.