Installing the Grafbase Enterprise Platform

The Grafbase Enterprise Platform is distributed as a Helm chart that can be installed on any Kubernetes cluster. Please contact sales to get the needed credentials to access the charts and container images.

Before you start the installation, make sure you have the following prerequisites:

• A Kubernetes cluster with at least 4 CPU and 8 GB of memory.
• Helm 3 installed on your local machine.
• Helmfile installed on your local machine.
• Kubernetes CLI installed on your local machine.

The Grafbase Helm chart is hosted on our private repository. To install the Grafbase Enterprise Platform, you need to add the repository to your Helm configuration:

helm registry login helm.grafbase.com --username <username> --password-stdin

The next step is to create a Kubernetes namespace for the Enterprise Platform. When done, you can start defining the helmfile configuration:

releases:
  - name: enterprise-platform
    chart: oci://helm.grafbase.com/enterprise-platform/stable/enterprise-platform
    version: <version>
    namespace: default
    createNamespace: true
    values:
      - ./values.yaml.gotmpl
    secrets:
      - ./secrets.yaml

The values.yaml.gotmpl and secrets.yaml files should be created in the same directory as the helmfile configuration. The values.yaml.gotmpl file should contain the configuration for the Grafbase Enterprise Platform, and the secrets.yaml file should contain the secrets for the platform.

The first thing is to define the services that you want to install to the Grafbase Enterprise Platform cluster. To start, you can enable all services to play with the cluster:

global:
  zitadel:
    enabled: true
  postgres:
    enabled: true
  clickhouse:
    enabled: true
  minio:
    enabled: true
  kafka:
    enabled: true
  telemetrySink:
    enabled: true
  otelCollector:
    enabled: true
  dashboard:
    enabled: true

In a production environment, you might want to disable some services that you don't need. In general it is advised to have at least the following services enabled:

• API: The core API of the platform. (configuration values)
• Dashboard: Allows you to manage your graphs from the browser. (configuration values)
• Telemetry Sink: Collects telemetry data from the Grafbase Gateway. (configuration values)
• OpenTelemetry Collector: Aggregates telemetry data from Kafka to ClickHouse. (configuration values)
• Zitadel: The identity provider for the platform (configuration values)

Additionally, you might want to enable the following services:

• Postgres: Database that stores the core platform data. (configuration values)
• ClickHouse: Database that stores the analytics data. (configuration values)
• MinIO: Object storage that stores the platform files. (configuration values)
• Kafka: Message broker that stores the telemetry data. (configuration values)

By default, the Grafbase CLI uses the Grafbase Cloud Platform. To use the Grafbase Enterprise Platform, you need to configure the CLI to use your platform. You can do this by defining the URL to your local installation in the CLI login command:

grafbase login --url https://<your-enterprise-platform-url>

After logging in, you can use the CLI to interact with your Grafbase Enterprise Platform installation.

The Grafbase Gateway uses the Enterprise Platform to store telemetry data for the analytics and tracing dashboards.

Additionally, the Enterprise Platform is responsible for composing subgraph schemas. The latest federated graph schema (supergraph schema) for a graph can be fetched using the Grafbase CLI:

Assuming you have logged in interactively with grafbase login using the --url argument to point to your own instance of the enterprise platform, you can run:

grafbase schema account-name/graph-name@branch-name

In a non-interactive environment (like CI), you can use the GRAFBASE_API_URL and GRAFBASE_ACCESS_TOKEN environment variables:

GRAFBASE_ACCESS_TOKEN="..." GRAFBASE_API_URL=https://api.grafbase.com/graphql grafbase schema account-name/graph-name@branch-name

Replace api.grafbase.com with the address of your instance of the enterprise platform, as well as the account and graph name in the example above. The branch name is optional, and will default to the production branch of the graph. The token in GRAFBASE_ACCESS_TOKEN must be authorized for the specific graph or have full access to the organization.

You can then start the Gateway with the downloaded schema:

grafbase schema account-name/graph-name@branch-name > schema.graphql
GRAFBASE_OTEL_URL=https://custom-telemetry-sink-deployment.dev grafbase-gateway --schema ./schema.graphql --config grafbase.toml

Note that you must change the telemetry sink URL by setting the GRAFBASE_OTEL_URL environment variable in the Grafbase Gateway deployment to the URL of the Telemetry Sink chart.

The Gateway watches the schema file for changes, so if you update it in your filesystem, or for example as part of a Kubernetes ConfigMap, the gateway will automatically pick up the new schema and serve new requests with it, without restarting or losing state.