Installer API

Instabase supports installation through the API, letting you integrate the installation process into CI/CD pipelines. This article outlines the required and optional Installer API endpoints used to perform an installation.

Table of Contents

Info

For installation using the Instabase Installer UI, see the Instabase Installer guide.

Overview of required and optional installation steps

To complete an API-based installation, you must complete the following API calls in this order. Calls are required unless noted as optional.

Database configuration
- (Optional) TLS authentication configuration
File system configuration
- (Amazon S3 storage only, optional) Upload custom Amazon S3 certificate
- (Google Cloud Storage only) Upload Google Cloud Storage service account credentials
Configure platform and Kubernetes cluster-related settings
Configure Kubernetes cluster resourcing
(Optional) Perform preflight checks to validate configured infrastructure before beginning installation:
Upload Instabase license
Upload base configurations
Upload default patches
(Optional) Upload network policies
(Optional) Create SAML configuration
(Optional) Upload SAML IdP metadata XML
(Optional) Clear SAML configuration
Finalize installation
(Optional) Complete SAML configuration
Run post-install actions
- Get the status of post-install actions

Note

After installation, complete next steps for the best experience.

Conventions and authentication

Requests

In this document {URL_BASE} defines where to route API requests for your Instabase instance.

During the initial Instabase installation, this should access Deployment Manager directly, either by port-forwarding the Deployment Manager port (9500) or by creating an ingress.

If using port-forwarding, the URL_BASE value is localhost:9500.
- For example, to use the Database configuration API, POST to localhost:9500/api/v1/control_plane/installer/db.
If creating an ingress, the URL_BASE value is the DNS defined to hook into the ingress, such as https://company.dev.instabase.com.
- For example, to use the Database configuration API, POST to https://company.dev.instabase.com/api/v1/control_plane/installer/db.

Responses

All Installer API endpoints (with the exception of Get the status of post-install actions) use the same response format:

The response body is a JSON object.
A statusCode of 200 indicates success. No additional information is returned in the data or error keys. For example:
```
{
  "statusCode": 200,
  "data": null,
  "error": null
}
```

A statusCode of 500 indicates an error. The response body contains parameter-specific error information under the error key, if applicable. For example:

{
  "statusCode": 500,
  "data": {
      "note": "",
      "ok": false
  },
  "error": "http conn serve: http conn serve: kubernetes client is nil"
}

Authentication

In this document {TOKEN} defines the Deployment Manager token.

All API requests must include your valid Deployment Manager token to authenticate the request.The Deployment Manager API Token is created in the cluster with a default, changeable value when the Deployment Manager YAML is applied.

To fetch the Deployment Manager API token, run the following command in the command line:

export TOKEN=$(kubectl -n $IB_NS get \
secret/control-plane-metadata \
--template={{.data.api_token}} | base64 -d)

You can then reference the token in your calls using $TOKEN in place of {TOKEN}.

Database configuration

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/db

Description

This API configures the connection to your relational database. The database contains all the metadata needed to run Instabase. This includes information for user accounts, repositories, organizations, access control, Marketplace solutions, and more.

Instabase supports connecting to the following databases:

MySQL
PostgreSQL
Microsoft SQL Server
- Connecting with username and password credentials
- Connecting with Azure AD credentials
Oracle

MySQL

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{DB_REQ_BODY}' \
--compressed

Your database configuration details are outlined in the DB_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
skip_db_setup	boolean	When set to `true` all other database configuration parameters are ignored, and the `db_secret_name` parameter becomes required. Enabling `skip_db_setup` lets you perform manual database setup without passing database credentials through the Installer API. Instead, you create a Kubernetes secret that contains a database connection string with the required parameters. The secret must be a data secret with `"db_string"` mapping to the database connection string. See Database connection string format for additional information.	true, false Set to `false` for most installations.
db_secret_name	string	Required if `skip_db_setup` is set to `true`, otherwise optional. The name of the Kubernetes secret where your database connection string is stored.	A string specifying the name of the Kubernetes secret where your database connection string is stored.
db_type	string	Defines the database type.	mysql, postgres, sqlserver, oci8 Use `mysql` for MySQL database setup.
azure_ad	boolean	Enables using Azure AD for database authentication. Note Applicable only to Microsoft SQL Server database setups.	true, false Set to `false` for MySQL database setup.
use_db_sid	boolean	Enables using the Oracle system identifier as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for MySQL database setup.
use_db_service_name	boolean	Enables using the Oracle service name as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for MySQL database setup.
enable_db_tls	boolean	Set to `true` to use TLS certificate-based authentication. While this setting is optional, it is strongly recommended to enable TLS in production environments to reduce security risks. Note If set to `true`, you must also call the /installer/db/tls endpoint to configure TLS. Info Instabase supports certificates from internal and external trusted certificate authorities (CAs). Instabase does not support self-signed TLS certificates.	true, false
fields	object	Contains the configuration details for your database setup.	An object containing additional settings.
fields/db_user	string	The database username.	A string specifying the database username.
fields/db_pass	string	The database password.	A string specifying the database password.
fields/db_name	string	Your database name.	A string specifying your database name.
fields/db_host	string	The server host or hostname.	A string specifying the server host or hostname.
fields/dp_port	integer	The port value. The common, default MySQL port value is 3306. If you have a custom port value, use it here.	An integer specifying the port value. The suggested value is `3306`, unless a custom port value is configured.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{
  "skip_db_setup": false,
  "db_type": "mysql",
  "azure_ad": false,
  "use_db_sid": false,
  "use_db_service_name": false,
  "enable_db_tls": false,
  "fields": {
    "db_user": "root",
    "db_pass": "{password}",
    "db_name": "ibdb",
    "db_host": "service-mysql.instabase.svc.cluster.local",
    "db_port": 3306
    }
  }' \
--compressed

PostgreSQL

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{DB_REQ_BODY}' \
--compressed

Your database configuration details are outlined in the DB_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
skip_db_setup	boolean	When set to `true` all other database configuration parameters are ignored, and the `db_secret_name` parameter becomes required. Enabling `skip_db_setup` lets you perform manual database setup without passing database credentials through the Installer API. Instead, you create a Kubernetes secret that contains a database connection string with the required parameters. The secret must be a data secret with `"db_string"` mapping to the database connection string. See Database connection string format for additional information.	true, false Set to `false` for most installations.
db_secret_name	string	Required if `skip_db_setup` is set to `true`, otherwise optional. The name of the Kubernetes secret where your database connection string is stored.	A string specifying the name of the Kubernetes secret where your database connection string is stored.
db_type	string	Defines the database type.	mysql, postgres, sqlserver, oci8 Use `postgres` for PostgreSQL database setup.
azure_ad	boolean	Enables using Azure AD for database authentication. Note Applicable only to Microsoft SQL Server database setups.	true, false Set to `false` for PostgreSQL database setup.
use_db_sid	boolean	Enables using the Oracle system identifier as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for PostgreSQL database setup.
use_db_service_name	boolean	Enables using the Oracle service name as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for PostgreSQL database setup.
enable_db_tls	boolean	Set to `true` to use TLS certificate-based authentication. While this setting is optional, it is strongly recommended to enable TLS in production environments to reduce security risks. Note If set to `true`, you must also call the /installer/db/tls endpoint to configure TLS. Info Instabase supports certificates from internal and external trusted certificate authorities (CAs). Instabase does not support self-signed TLS certificates.	true, false
fields	object	Contains the configuration details for your database setup.	An object containing additional settings.
fields/db_user	string	The database username.	A string specifying the database username.
fields/db_pass	string	The database password.	A string specifying the database password.
fields/db_name	string	Your database name.	A string specifying your database name.
fields/db_host	string	The server host or hostname.	A string specifying the server host or hostname.
fields/dp_port	integer	The port value. The common, default PostgreSQL port value is 5432. If you have a custom port value, use it here.	An integer specifying the port value. The suggested value is `5432`, unless a custom port value is configured.
fields/ssl_mode	string	Determines whether or with what priority a secure SSL TCP/IP connection is negotiated with the server.	There are six `ssl_mode` options. The following list is ordered from least secure to most secure: - `disable`: Try only a non-SSL connection. This option disables all encryption. - `allow`: First try a non-SSL connection; if that fails, try an SSL connection. - `prefer`: First try an SSL connection; if that fails, try a non-SSL connection. - `require`: Try only an SSL connection. If a root CA file is present, verify that the server certificate is issued by a trusted certificate authority (CA). The certificate itself is not verified. - `verify-ca`: Try only an SSL connection. Verify that the server certificate is issued by a trusted CA. - `verify-full`: Try only an SSL connection. Verify that the server certificate is issued by a trusted CA and that the requested server hostname matches that in the certificate. The SSL connection fails if the server certificate cannot be verified. In production environments, `verify-full` is typically the appropriate setting. `ssl_mode` is ignored for Unix domain socket communication. If PostgreSQL is compiled without SSL support, using options `require`, `verify-ca`, or `verify-full` causes an error, while options `allow` and `prefer` are accepted, but libpq doesn’t actually attempt an SSL connection. Info To learn more about SSL mode options, including a summary of the level of protection provided by each option, see the PostgreSQL SSL support documentation.

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{
  "skip_db_setup": false,
  "db_type": "postgres",
  "azure_ad": false,
  "use_db_sid": false,
  "use_db_service_name": false,
  "enable_db_tls": false,
  "fields": {
    "db_user": "test-user",
    "db_pass": "test-pass",
    "db_name": "test-db-name",
    "db_host": "test-host",
    "db_port": 1234,
    "ssl_mode": "disable"
    }
  }' \
--compressed

Microsoft SQL Server: Connect with username and password

Request parameters

The general form of the request body is:

curl --location --request POST  '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{DB_REQ_BODY}' \
--compressed

Your database configuration details are outlined in the DB_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
skip_db_setup	boolean	When set to `true` all other database configuration parameters are ignored, and the `db_secret_name` parameter becomes required. Enabling `skip_db_setup` lets you perform manual database setup without passing database credentials through the Installer API. Instead, you create a Kubernetes secret that contains a database connection string with the required parameters. The secret must be a data secret with `"db_string"` mapping to the database connection string. See Database connection string format for additional information.	true, false Set to `false` for most installations.
db_secret_name	string	Required if `skip_db_setup` is set to `true`, otherwise optional. The name of the Kubernetes secret where your database connection string is stored.	A string specifying the name of the Kubernetes secret where your database connection string is stored.
db_type	string	Defines the database type.	mysql, postgres, sqlserver, oci8 Use `mysql` for MySQL database setup.
azure_ad	boolean	Enables using Azure AD for database authentication.	true, false Set to `false` when connecting to Microsoft SQL Server with username and password credentials.
use_db_sid	boolean	Enables using the Oracle system identifier as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for Microsoft SQL Server database setup.
use_db_service_name	boolean	Enables using the Oracle service name as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for Microsoft SQL Server database setup.
enable_db_tls	boolean	Set to `true` to use TLS certificate-based authentication. While this setting is optional, it is strongly recommended to enable TLS in production environments to reduce security risks. Note If set to `true`, you must also call the /installer/db/tls endpoint to configure TLS. Info Instabase supports certificates from internal and external trusted certificate authorities (CAs). Instabase does not support self-signed TLS certificates.	true, false
fields	object	Contains the configuration details for your database setup.	An object containing additional settings.
fields/db_user	string	The database username.	A string specifying the database username.
fields/db_pass	string	The database password.	A string specifying the database password.
fields/db_name	string	Your database name.	A string specifying your database name.
fields/db_host	string	The server host or hostname.	A string specifying the server host or hostname.
fields/dp_port	integer	The port value. The common, default MySQL port value is 3306. If you have a custom port value, use it here.	An integer specifying the port value. The suggested value is `3306`, unless a custom port value is configured.
fields/db_conn_timeout	integer	Defines the database timeout period. This option is useful when working with high latency or load.	An integer specifying the database timeout, in seconds.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{
  "skip_db_setup": false,
  "db_type": "sqlserver",
  "azure_ad": false,
  "use_db_sid": false,
  "use_db_service_name": false,
  "enable_db_tls": true,
  "fields": {
    "db_user": "test-user",
    "db_pass": "test-pass",
    "db_name": "test-db-name",
    "db_host": "test-host",
    "db_port": 1234,
    "db_conn_timeout": 30
    }
  }' \
--compressed

Microsoft SQL Server: Connect with Azure AD

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{DB_REQ_BODY}' \
--compressed

Your database configuration details are outlined in the DB_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
skip_db_setup	boolean	When set to `true` all other database configuration parameters are ignored, and the `db_secret_name` parameter becomes required. Enabling `skip_db_setup` lets you perform manual database setup without passing database credentials through the Installer API. Instead, you create a Kubernetes secret that contains a database connection string with the required parameters. The secret must be a data secret with `"db_string"` mapping to the database connection string. See Database connection string format for additional information.	true, false Set to `false` for most installations.
db_secret_name	string	Required if `skip_db_setup` is set to `true`, otherwise optional. The name of the Kubernetes secret where your database connection string is stored.	A string specifying the name of the Kubernetes secret where your database connection string is stored.
db_type	string	Defines the database type.	mysql, postgres, sqlserver, oci8 Use `sqlserver for Microsoft SQL Server database setup.
azure_ad	boolean	Enables using Azure AD for database authentication.	true, false Set to `true` when connecting to Microsoft SQL Server with Azure AD credentials.
use_db_sid	boolean	Enables using the Oracle system identifier as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for Microsoft SQL Server database setup.
use_db_service_name	boolean	Enables using the Oracle service name as the database identifier. Note Applicable only to Oracle database setups.	true, false Set to `false` for Microsoft SQL Server database setup.
enable_db_tls	boolean	Set to `true` to use TLS certificate-based authentication. While this setting is optional, it is strongly recommended to enable TLS in production environments to reduce security risks. Note If set to `true`, you must also call the /installer/db/tls endpoint to configure TLS. Info Instabase supports certificates from internal and external trusted certificate authorities (CAs). Instabase does not support self-signed TLS certificates.	true, false
fields	object	Contains the configuration details for your database setup.	An object containing additional settings.
fields/db_user	string	This parameter is optional when connecting to Microsoft SQL Server with Azure AD credentials. The database username.	A string specifying the database username.
fields/db_pass	string	This parameter is optional when connecting to Microsoft SQL Server with Azure AD credentials. The database password.	A string specifying the database password.
fields/db_name	string	Your database name.	A string specifying your database name.
fields/db_host	string	The server host or hostname.	A string specifying the server host or hostname.
fields/db_port	integer	The port value. The common, default Microsoft SQL Server port value is 1433. If you have a custom port value, use it here.	An integer specifying the port value. The suggested value is `1433`, unless a custom port value is configured.
fields/db_conn_params	string	Specifies database connection parameters including: - `Connection Timeout`: Timeout for connection attempt, in seconds. - `ConnectRetryCount`: Maximum number of connection retries. - `ConnectRetryInterval`: Interval to wait between connection retries, in seconds.	A string defining connection parameters, joined by semi-colons.
fields/db_azure_tenant_id	string	The tenant ID or directory ID of your app registration.	A string specifying the tenant/directory ID.
fields/db_azure_client_id	string	The client ID or application ID for your app registration.	A string specifying the client/application ID.
fields/db_azure_client_secret	string	The client secret for your app registration.	A string specifying the client secret.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{
  "skip_db_setup": false,
  "db_type": "sqlserver",
  "azure_ad": true,
  "use_db_sid": false,
  "use_db_service_name": false,
  "enable_db_tls": true,
  "fields": {
    "db_name": "test-db-name",
    "db_host": "test-host",
    "db_port": 1234,
    "db_conn_params": "Connection Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10",
    "db_azure_tenant_id": "azure-tenant-id",
    "db_azure_client_id": "azure-client-id",
    "db_azure_client_secret": "azure-secret"
    }
  }' \
--compressed

Oracle

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{DB_REQ_BODY}' \
--compressed

Your database configuration details are outlined in the DB_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
skip_db_setup	boolean	When set to `true` all other database configuration parameters are ignored, and the `db_secret_name` parameter becomes required. Enabling `skip_db_setup` lets you perform manual database setup without passing database credentials through the Installer API. Instead, you create a Kubernetes secret that contains a database connection string with the required parameters. The secret must be a data secret with `"db_string"` mapping to the database connection string. See Database connection string format for additional information.	true, false Set to `false` for most installations.
db_secret_name	string	Required if `skip_db_setup` is set to `true`, otherwise optional. The name of the Kubernetes secret where your database connection string is stored.	A string specifying the name of the Kubernetes secret where your database connection string is stored.
db_type	string	Defines the database type.	mysql, postgres, sqlserver, oci8 Use `oci8` for Oracle database setup.
azure_ad	boolean	Enables using Azure AD for database authentication. Note Applicable only to Microsoft SQL Server database setups.	true, false Set to `false` for Oracle database setup.
use_db_sid	boolean	Enables using the Oracle system identifier (SID) as the database identifier. When set to `true`, the parameter `db_sid` must also be included in the request body.	true, false Set to `true` to use the SID as the database identifier.
use_db_service_name	boolean	Enables using the Oracle service name as the database identifier. When set to `true`, the parameter `db_service_name` must also be included in the request body.	true, false Set to `true` to use the service name as the database identifier.
enable_db_tls	boolean	Enables use of TLS certificate-based authentication. Note TLS authentication is supported with MySQL, PostgreSQL, and Microsoft SQL Server databases.	true, false Set to `false` for Oracle database setup.
fields	object	Contains the configuration details for your database setup.	An object containing additional settings.
fields/db_user	string	The database username.	A string specifying the database username.
fields/db_pass	string	The database password.	A string specifying the database password.
fields/db_name	string	Your database name. If `use_db_service_name` and `use_db_sid` are both set to `false`, the `db_name` value is used as the database identifier.	A string specifying your database name. Leave empty if using the SID or service name as your Oracle database identifier.
fields/db_host	string	The server host or hostname.	A string specifying the server host or hostname.
fields/dp_port	integer	The port value. The common, default PostgreSQL port value is 5432. If you have a custom port value, use it here.	An integer specifying the port value. The suggested value is `5432`, unless a custom port value is configured.
fields/db_sid	string	Required if `use_db_sid` is set to `true`, otherwise optional. The database SID.	A string specifying the database SID.
fields/db_service_name	string	Required if `use_db_service_name` is set to `true`, otherwise optional. The database service name.	A string specifying the database service name.

Examples

Request example if using the database name as the database identifier:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header  'Token: {TOKEN}' \
--data-raw '{
  "skip_db_setup": false,
  "db_type": "oci8",
  "azure_ad": false,
  "use_db_sid": false,
  "use_db_service_name": false,
  "enable_db_tls": false,
  "fields": {
    "db_user": "test-user",
    "db_pass": "test-pass",
    "db_name": "normal-db-name",
    "db_host": "test-host",
    "db_port": 1234
    }
  }' \
--compressed

Request example if using the SID as the database identifier:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{
  "skip_db_setup": false,
  "db_type": "oci8",
  "azure_ad": false,
  "use_db_sid": true,
  "use_db_service_name": false,
  "enable_db_tls": false,
  "fields": {
    "db_user": "test-user",
    "db_pass": "test-pass",
    "db_name": "",
    "db_host": "test-host",
    "db_port": 1234,
    "db_sid": "db sid"
    }
  }' \
--compressed

Request example if using the service name as the database identifier:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db' \
--header 'Accept: application/json, text/plain, */*' \
--header 'Token: {TOKEN}' \
--data-raw '{
  "skip_db_setup": false,
  "db_type": "oci8",
  "azure_ad": false,
  "use_db_sid": false,
  "use_db_service_name": true,
  "enable_db_tls": false,
  "fields": {
    "db_user": "test-user",
    "db_pass": "test-pass",
    "db_name": "",
    "db_host": "test-host",
    "db_port": 1234,
    "db_service_name": "service name"
    }
  }' \
--compressed

Database connection string format

If skip_db_setup is enabled, you must create a Kubernetes secret that contains a database connection string with the required parameters. Refer to the following table for guidance on how to format the database connection string:

Database	Connection string format	Notes
MySQL	INSTABASE_BACKEND_DB_PARAMS = “–username= –password= –host= –database= –port=”
PostgreSQL	INSTABASE_BACKEND_DB_PARAMS = “–dialect=postgres –url=postgres://:@:/?sslmode=”	To add multiple parameters, use `&`. For example: ?sslmode=require&sslkey=/etc/path/tls.key&sslcert=/etc/path/tls.cert The string supports a full PostgreSQL DSN. You can append other parameters to the end of the string. Refer to the PostgreSQL Database Connection Control documentation for the full list of parameters.
Microsoft SQL Server	INSTABASE_BACKEND_DB_PARAMS = “–dialect=sqlserver –url=sqlserver://:@:?database=&connection+timeout=30”	The string supports a full SQL Server DSN. You can append other parameters to the end of the string. Refer to the Microsoft DSN and Connection String Keywords and Attributes documentation for the full list of parameters.
Microsoft SQL Server with password-protected TLS private key file	INSTABASE_BACKEND_DB_PARAMS = “–dialect=sqlserver –url=sqlserver://:@:?database=&connection+timeout=30&certificate=file:<file_location>[,password:]&hostNameInCertificate=”	If the password keyword contains any commas, enter a second comma in the password string. For example a keyword of `a,b,c` is written as `a,,b,,c` in the string. The string supports a full SQL Server DSN. You can append other parameters to the end of the string. Refer to the Microsoft DSN and Connection String Keywords and Attributes documentation for the full list of parameters.
Oracle (standard)	INSTABASE_BACKEND_DB_PARAMS = “–dialect=oci8 –database=/@:/”
Oracle (tsnames.ora, using SID)	INSTABASE_BACKEND_DB_PARAMS = “–dialect=oci8 –database=/@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=))(CONNECT_DATA=(SID=)))”
Oracle (tsnames.ora, using service name)	INSTABASE_BACKEND_DB_PARAMS "–dialect=oci8 –database=/@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=))(CONNECT_DATA=(SERVICE_NAME=)))"

TLS authentication configuration

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/db/tls

Description

Configures SSL certificates in Deployment Manager, for databases using TLS authentication for database connections. This endpoint is only required if enable_db_tls was set to true when configuring your database configuration.

Note

TLS authentication is supported with MySQL, PostgreSQL, and Microsoft SQL Server databases.

MySQL

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
db_tls_client_key	string	The file path to the client key file. Supported file types are `.crt`, `.key`, `.pem`, and `.cer`.	A string specifying the file path to the client key file.
db_tls_client_cert	string	The file path to the client cert file. Supported file types are `.crt`, `.key`, `.pem`, and `.cer`.	A string specifying the file path to the client cert file.
db_tls_root_cert	string	The file path to the root ca file. Supported file types are `.crt`, `.key`, `.pem`, and `.cer`.	A string specifying the file path to the root ca file.
db_tls_cert_hostname	string	Optional. Use this parameter if the certificate subject’s common name (CN) does not match the hostname (the value defined in the `db_host` parameter).	A string specifying the cert subject’s common name.
db_tls_skip_verify	string	Enable (set to `True`) to skip validating if the certificate is valid. Setting to `True` presents a significant security risk and should be used only for testing and debugging purposes, such as if you need to establish if the certificate is working as intended.	A string specifying `True` or `False`.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db/tls' \
--header 'Content-Type: multipart/form-data' \
--header 'Token: {TOKEN}' \
--form 'db_tls_client_key=@"/path/to/file"' \
--form 'db_tls_client_cert=@"/path/to/file"' \
--form 'db_tls_root_cert=@"/path/to/file"' \
--form 'db_tls_cert_hostname="hostname"' \
--form 'db_tls_skip_verify="False"'

PostgreSQL

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
db_tls_root_cert	string	The file path to the root ca file. Supported file types are `.crt`, `.key`, and `.pem`.	A string specifying the file path to the root ca file.
db_tls_client_key	string	Optional. The file path to the client key file. Supported file types are `.crt`, `.key`, and `.pem`.	A string specifying the file path to the client key file.
db_tls_client_cert	string	Optional. The file path to the client cert file. Supported file types are `.crt`, `.key`, and `.pem`.	A string specifying the file path to the client cert file.
db_tls_root_crl	string	Optional. The file path to the root crl file. Supported file type is `.crl`.	A string specifying the file path to the root crl file.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db/tls' \
--header 'Content-Type: multipart/form-data' \
--header 'Token: {TOKEN}' \
--form 'db_tls_root_cert=@"/path/to/file"' \
--form 'db_tls_client_key=@"/path/to/file"' \
--form 'db_tls_client_cert=@"/path/to/file"' \
--form 'db_tls_root_crl=@"/path/to/file"'

Microsoft SQL Server

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
ss_cert	string	The public certificate of the CA that signed the SQL Server certificate. This certificate overrides the Go platform specific CA certificates. Supported file types are `.pem`, `.pfx`, `.crt`, and `.cer`.	A string specifying the file path to the client cert file.
ss_trust_server_cert	string	Defines whether to trust the server certificate. When set to `False`, the server certificate is checked. When set to `True`, the server certificate is not checked. The driver accepts any certificate presented by the server and any hostname in that certificate. When set to `True`, TLS is susceptible to man-in-the-middle attacks; use this for testing only.	A string specifying `True` or `False`.
ss_cert_hostname	string	Optional. Use this parameter if the certificate subject’s common name (CN) does not match the hostname (the value defined in the `db_host` parameter).	A string specifying the cert subject’s common name.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/db/tls' \
--header 'Content-Type: multipart/form-data' \
--header 'Token: {TOKEN}' \
--form 'ss_cert=@"/path/to/file"' \
--form 'ss_trust_server_cert="False"' \
--form 'ss_cert_hostname="hostname"'

File system configuration

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/storage

Description

This API configures the connection to your file storage provider. Instabase Installer supports four file storage options:

Amazon S3
Local file storage
Azure Blob Storage
Google Cloud Storage

Amazon S3

Info

If your S3 server requires a custom certificate for SSL validation, after completing this call, call the Upload custom S3 certificate API.

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{STORAGE_REQ_BODY}'

Your database configuration details are outlined in the STORAGE_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
file_storage	string	Defines the file storage type.	s3, localfs, azblobstore, googlecloudstorage Use `s3` for Amazon S3 file storage setup.
fields	object	Contains the configuration details for your file storage setup.	An object containing additional settings.
fields/s3_server_url	string	The URL of your Amazon S3 instance. The URL should follow this format: `https://s3.[your region code].amazonaws.com`. Do not include the bucket name in the URL. Examples of valid URLs include `https://s3.us-west-2.amazonaws.com` and `https://s3.us-east-1.amazonaws.com`. Info See the AWS Virtual hosting of buckets documentation for more information.	A string specifying the URL of your Amazon S3 instance.
fields/s3_server_is_secure	boolean	Defines whether to use HTTP or HTTPS to communicate with S3 resources. Setting to `rue` enables using HTTPS. We recommend always having S3 Server Is Secure set to `true`. This setting should be disabled only for testing or non-production environments.	true, false
fields/s3_key_id	string	Your AWS Identity and Access Management (IAM) key. If not using IAM keys to connect, and instead using IAM roles, enter a placeholder value and connect with your Instabase representative to manually configure the connection.	A string specifying your AWS IAM key.
fields/s3_access_key	string	Your AWS IAM secret key. If not using IAM keys to connect, and instead using IAM roles, enter a placeholder value and connect with your Instabase representative to manually configure the connection.	A string specifying your AWS IAM secret key.
fields/s3_aws_region	string	The region code for your AWS account, such as `us-east-1`.	A string specifying your AWS region code.
fields/s3_bucket_name	string	The name of the Amazon S3 bucket to use for file storage.	A string specifying the name of your Amazon S3 bucket.
fields/s3_encryption_type	string	Define the type of encryption used for server-side encryption of files. - `none`: No server-side encryption. - `aws_sse_s3`: Uses Amazon-managed server-side encryption of files. Also called S3 SSE (AES-256). - `aws_sse_kms`: Uses Amazon KMS for server-side encryption of files.	none, aws_sse_s3, aws_sse_kms
fields/s3_sse_kms_key_id	string	Required if `s3_encryption_type` is set to `aws_sse_kms`, otherwise optional. The Amazon resource name (ARN) for the KMS key. Info See the AWS Finding the key ID and key ARN documentation for additional information.	A string specifying the Amazon resource name (ARN) for the KMS key.
fields/s3_use_virtual_style_url	string	Set to `false` to use an Amazon S3 path-style URL. When set to `true` Amazon S3 virtual-hosted-style URLs are used. Info AWS has scheduled path-style URLs for deprecation. See the AWS Virtual hosting of buckets documentation for more information.	true, false
fields/enable_file_cache	boolean	Configures whether to cache file contents in a standalone Redis. When set to `true`, the file cache is enabled. When set to `false`, the file cache is not enabled and Instabase requires permission to deploy a standalone Redis. For most installations, it’s recommended to set to `true`. The exception is if you own your own managed Redis and require Instabase to integrate with your Redis. In that case, you might need to set this parameter to `false` due to limitations surrounding Instabase deploying a standalone Redis.	true, false

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "file_storage": "s3",
    "fields": {
        "s3_server_url": "test-server-url",
        "s3_server_is_secure": true,
        "s3_access_key_id": "test-access-key",
        "s3_secret_access_key": "test-secret-key",
        "s3_aws_region": "us-east-1",
        "s3_bucket_name": "test-bucket-name",
        "s3_encryption_type": "none",
        "s3_use_virtual_style_url": "true",
        "enable_file_cache": true
      }
  }'

Local file storage

Instabase supports using a network file system (NFS) as your file storage. For security reasons, however, Instabase does not support directly connecting to the NFS. You must first mount your NFS as a Kubernetes Persistent Volume Claim (PVC).

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw  '{STORAGE_REQ_BODY}'

Your database configuration details are outlined in the STORAGE_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
file_storage	string	Defines the file storage type.	s3, localfs, azblobstore, googlecloudstorage Use `localfs` for local file storage setup.
fields	object	Contains the configuration details for your file storage setup.	An object containing additional settings.
fields/local_mount_dir	string	Defines the local mount directory.	A string specifying the local mount directory. `/home/ibuser/data` is the most common value.
fields/nfs_pvc_name	string	The name of the Persistent Volume Claim the NFS was mounted to.	A string specifying the name of the Persistent Volume Claim the NFS was mounted to.
fields/enable_file_cache	boolean	Configures whether to cache file contents in a standalone Redis. When set to `true`, the file cache is enabled. When set to `false`, the file cache is not enabled and Instabase requires permission to deploy a standalone Redis. For most installations, it’s recommended to set to `true`. The exception is if you own your own managed Redis and require Instabase to integrate with your Redis. In that case, you might need to set this parameter to `false` due to limitations surrounding Instabase deploying a standalone Redis.	true, false

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "file_storage": "localfs",
    "fields": {
        "local_mount_dir": "/home/ibuser/data",
        "nfs_pvc_name": "test-pvc",
        "enable_file_cache": true
      }
  }'

Azure Blob Storage

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw  '{STORAGE_REQ_BODY}'

Your database configuration details are outlined in the STORAGE_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
file_storage	string	Defines the file storage type.	s3, localfs, azblobstore, googlecloudstorage Use `azblobstore` for Azure Blob Storage setup.
fields	object	Contains the configuration details for your file storage setup.	An object containing additional settings.
fields/azure_connection_str	string	The connection string for your Azure storage account.	A string specifying the connection string for your Azure storage account.
fields/az_blob_store_container	string	The name of your Azure Blob Storage container.	A string specifying the name of Azure Blob Storage container.
fields/enable_file_cache	boolean	Configures whether to cache file contents in a standalone Redis. When set to `true`, the file cache is enabled. When set to `false`, the file cache is not enabled and Instabase requires permission to deploy a standalone Redis. For most installations, it’s recommended to set to `true`. The exception is if you own your own managed Redis and require Instabase to integrate with your Redis. In that case, you might need to set this parameter to `false` due to limitations surrounding Instabase deploying a standalone Redis.	true, false

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "file_storage": "azblobstore",
    "fields": {
        "azure_connection_str": "test-connection-string",
        "az_blob_store_container": "test-container-name",
        "enable_file_cache": true
      }
  }'

Google Cloud Storage

Warning

If using Google Cloud Storage, before configuring your file storage options through this API, you must call the Upload Google Cloud Storage service account credentials API.

Note

Support for Google Cloud Storage is generally available as of release 23.04.

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{STORAGE_REQ_BODY}'

Your database configuration details are outlined in the STORAGE_REQ_BODY object. The following parameters are required, unless marked as optional:

Name	Type	Description	Values
file_storage	string	Defines the file storage type.	s3, localfs, azblobstore, googlecloudstorage Use `googlecloudstorage` for Google Cloud Storage setup.
fields	object	Contains the configuration details for your file storage setup.	An object containing additional settings.
fields/bucket_name	string	The name of your Google Cloud Storage bucket.	A string specifying the name of your Google Cloud Storage bucket.
fields/gcs_sse_encryption_type	string	Defines the type of encryption used for server-side encryption of the files. - `gcs_aes256`: Uses Google-managed server-side encryption of files. - `gcs_sse_kms`: Uses Google Cloud KMS for server-side encryption of files.	gcs_aes256, gcs_sse_kms
fields/gcs_sse_kms_key_id	string	Required if `gcs_sse_encryption_type` is set to `gcs_sse_kms`, otherwise optional. The Cloud KMS Resource ID. Info See the Google Cloud Getting a Cloud KMS Resource ID documentation for additional information.	A string specifying the Resource ID for the KMS key.
fields/enable_file_cache	boolean	Configures whether to cache file contents in a standalone Redis. When set to `true`, the file cache is enabled. When set to `false`, the file cache is not enabled and Instabase requires permission to deploy a standalone Redis. For most installations, it’s recommended to set to `true`. The exception is if you own your own managed Redis and require Instabase to integrate with your Redis. In that case, you might need to set this parameter to `false` due to limitations surrounding Instabase deploying a standalone Redis.	true, false

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "file_storage": "googlecloudstorage",
    "fields": {
        "bucket_name": "dummy-bucket",
        "gcs_sse_encryption_type": "gcs_aes256",
        "gcs_sse_kms_key_id": "",
        "enable_file_cache": true
      }
  }'

Upload custom Amazon S3 certificate

This API uploads a custom certificate for SSL verification, if required by your S3 server. Complete this API call after configuring Amazon S3 as your file storage.

Request parameters

The general form of the request body is:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage/cert' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: multipart/form-data' \
--form 's3_cert=@"/path/to/file"'

Name	Type	Description	Values
s3_cert	string	Your S3 certificate file. The only valid file type is `.crt`.	A string specifying the file path to your S3 certifcate file.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage/cert' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: multipart/form-data' \
--form 's3_cert=@"/path/to/file"'

Upload Google Cloud Storage service account credentials

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/storage/gcsserviceaccount

Description

This API uploads the service account credentials file for your Google Cloud Storage account. This API must be called before configuring Google Cloud Storage as your file storage.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
gcs_service_account_credentials	string	The `.json` credentials file for your Google Cloud Storage service account. See the instructions below for additional support.	A string specifying the file path to the `.json` file with your Google Cloud Storage service account credentials.

Configuring the Google Cloud Storage service account

To configure a Google Cloud Storage service account:

From the Google Cloud console, create a Google Cloud Storage bucket with uniform access control. For improved security, create it as a private bucket.
Create a service account in Google Cloud’s Identity and Access Management (IAM) system.
In the Google Cloud console, create a key pair for the service account, selecting JSON as the key type.
Download the JSON credentials file for the service account.
Assign the service account the Storage Admin and Storage Object Admin roles for bucket access.

Info

More detailed instructions can be found in the Google IAM permission documentation.
Find the Client ID for the service account (available on the Service accounts page).
Using a Google Workplace administrator account, search for the service account’s client ID, and grant the service account access to the Google Cloud Platform OAuth scope www.googleapis.com/auth/cloud-platform.

Info

More detailed instructions can be found in the Google Service account documentation.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/storage/gcsserviceaccount' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--form 'gcs_service_account_credentials=@"/path/to/gcscredentials.json"'

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/other

Description

This API configures platform and Kubernetes cluster-related settings, including admin login credentials and Persistent Volume Claim names.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
namespace	string	The Kubernetes namespace your Instabase deployment will run on. Note This parameter is scheduled for deprecation.	A string specifying the Kubernetes namespace your Instabase deployment will run on.
admin_username	string	The username for your default Instabase admin credentials. You define the username value in this step and use it for initial admin access to the Instabase platform upon installation.	A string specifying the username for your default Instabase admin credentials.
admin_email	string	The email for your default Instabase admin credentials. You define the email value in this step and use it for initial admin access to the Instabase platform upon installation.	A string specifying the email address for your default Instabase admin credentials.
admin_password	string	The password for your default Instabase admin credentials. You define the password value in this step and use it for initial admin access to the Instabase platform upon installation.	A string specifying the password for your default Instabase admin credentials. Must contain a minimum of 8 characters.
admin_password_confirmation	string	Confirm (re-enter) the password for your default Instabase admin credentials. `admin_password` and `admin_password_confirmation` must match.	A string specifying the password for your default Instabase admin credentials.
registry	string	The registry to pull Instabase images from. If not provided, will default to the Instabase public image registry.	A string specifying the image registry for your Instabase platform.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/other' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "namespace": "instabase",
    "admin_username": "test-user",
    "admin_email": "test@email.com",
    "admin_password": "password",
    "admin_password_confirmation": "password"
  }'

Configure Kubernetes cluster resourcing

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/resourcing

Description

This API sets the Kubernetes cluster resourcing size. The following preset cluster size options are available:

standard: 64 CPU cores/256 GB RAM
large: 128 CPU cores/512 GB RAM
xlarge: 256 CPU cores/1024 GB RAM

Select the option that meets but does not exceed your cluster size defined in Kubernetes. After installation, you can manually adjust the Instabase cluster size configuration using patches to more closely match your Kubernetes cluster size.

Info

Deployment Manager does not have cluster-level permissions to change cluster size; it can modify only Instabase components. Modifying your cluster size must be done from Kubernetes.

Note

Instabase release 23.07 introduces workload autoscaling as a public preview feature that’s disabled by default. Workload autoscaling lets Instabase autoscale data services based on demand rather than adhering to a set resourcing size. Autoscaling is available only for select services. To learn more about workload autoscaling, see the workload autoscaling documentation. To enable and configure workload autoscaling, follow the instructions in the 23.07 deployment guide. Be advised that workload autoscaling has several infrastructure requirements.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
cluster_size	string	Define the cluster size, using one of three preset values. See the API description for additional details.	standard, large, xlarge

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/resourcing' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "cluster_size": "standard"
}'

Preflight checks

Preflight checks validate your information to assess if installation can proceed. These checks are optional and require no parameter configuration, but they are helpful to verify that your infrastructure is set up correctly and is accessible.

The following checks are available:

Service accounts check
Role-based access control (RBAC) check
Persistent Volume Claim (PVC) check
File storage access check
Database check

Service accounts check

Method	Syntax
POST	URL_BASE/api/v1/control_plane/preflight/checks/service_accounts

Description

This check confirms the service account used by the Instabase observability monitoring services exists in the Kubernetes cluster.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/preflight/checks/service_accounts' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \

Role-based access control (RBAC) check

Method	Syntax
POST	URL_BASE/api/v1/control_plane/preflight/checks/rbac

Description

This check reports back any inconsistencies between permissions the Deployment Manager service account requires and permissions it has been granted. A success message indicates the Kubernetes role resource associated with the Deployment Manager service account matches the permissions Deployment Manager requires. A failure message shows the expected configuration alongside the configuration found in the cluster.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request 'POST {URL_BASE}/api/v1/control_plane/installer/preflight/checks/rbac' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \

File storage access check

Method	Syntax
POST	URL_BASE/api/v1/control_plane/preflight/checks/file_storage_access

Description

This check tests that the file system credentials entered can connect to your file storage platform. This check also verifies that Instabase has the permissions needed to perform all necessary file operations.

Note

As of Deployment Manager 23.01, the file storage access check is supported for Amazon S3 and Azure Blob Storage file storage options.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/preflight/checks/file_storage_access' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \

Database check

Method	Syntax
POST	URL_BASE/api/v1/control_plane/preflight/checks/database

Description

This check tests that the database credentials entered can connect to your database. This check also verifies that Instabase has appropriately scoped permissions for table creation, table reading, and table writing.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/preflight/checks/database' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \

Persistent Volume Claim (PVC) check

Method	Syntax
POST	URL_BASE/api/v1/control_plane/preflight/checks/pvc

Description

This check tests that all required PVCs are present, bound, and mountable.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/preflight/checks/pvc' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/json' \

Upload Instabase license

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/license

Description

This API uploads your Instabase license. Your license is provided by your customer success manager and is an .iblicense file.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
file	string	Your Instabase license file. The only valid file type is `.iblicense`.	A string specifying the file path to your Instabase license file.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/license' \
--header 'Token: {TOKEN}' \
--form 'file=@"/path/to/license.iblicense"'

Upload base configurations

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/baseconfig

Description

This API uploads your Instabase base configurations. The base configurations file, called base_configs.zip, is in the release’s installation.zip file.

Warning

To make configuration changes, use the configuration management options on the Configs and Base Configs tabs. Never directly edit the base configuration files. See the configuration management documentation for guidance on using patches to modify base configurations.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
file	string	A zipped file of Instabase base configurations. Supported file types are `.zip`, `.gz`, and `.tgz`.	A string specifying the file path to the Instabase base configurations file.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/baseconfig' \
--header 'Content-Type: multipart/form-data' \
--header 'Token: {TOKEN}' \
--form 'file=@"/path/to/baseconfig.zip"'

Upload default patches

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/defaultpatches

Description

This API uploads the required default patches to apply during installation. The default patches file is called default_patches.zip and is found in the installation.zip file.

The default_patches.zip file contains all patches that must be uploaded during installation, but you can optionally add additional patches to apply during installation. Any new patches must be added alongside the contents of the default_patches.zip file:

Unzip the installation.zip file.
Unzip the default_patches.zip file contained within the now unzipped installation folder.
Add any new custom patch files to the now unzipped default_patches folder.
Select all files in the default_patches folder and compress them, creating a new .zip file of patches. You can rename the .zip file, but there are no file name requirements.

This new .zip file is what you pass in the request.

Info

You can also apply patches after completing installation, from the Deployment Manager Configs tab. This process applies only if you have additional custom patches that must be applied during installation.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
file	string	A zipped file of default patches. Supported file types are `.zip`, `.gz`, and `.tgz`.	A string specifying the file path to your default patches file.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/defaultpatches' \
--header 'Content-Type: multipart/form-data' \
--header 'Token: {TOKEN}' \
--form 'file=@"/path/to/defaultpatches.zip"'

Upload network policies

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/network-policies

Description

This optional API uploads any network policies to apply during installation. If indicated, your installation.zip package includes a folder called network-policies containing a series of network policy files. After making any necessary changes to the network policy files, compress the network-policies folder.

Request parameters

Name	Type	Description	Values
file	string	The network policies file. Supported file types are `.zip`, `.gz`, and `.tgz`.	A string specifying the file path to your network policies file.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/network-policies' \
--header 'Content-Type: multipart/form-data' \
--header 'Token: {TOKEN}' \
--form 'file=@"/path/to/defaultnetworkpolicies.zip"'

Create SAML configuration

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/saml/config

Description

This API creates a security assertion markup language (SAML) configuration. Instabase supports SAML-based authentication to manage access to your Instabase deployment. Using SAML-based single sign-on (SSO) lets you leverage your existing SSO identity provider (IdP) to automatically create new user accounts on the Instabase platform upon initial login. You can also optionally map existing groups configured in your IdP to groups in your Instabase deployment.

Instabase uses service provider (SP)-initiated SSO authentication and supports IdPs that use SAML 2.0.

Creating a SAML connection is an optional part of installation. You can also create a SAML connection after installation is complete. The APIs used to complete a SAML connection are:

Create SAML configuration: Creates the SAML configuration.
(Optional) Upload IdP metadata XML: Uploads the IdP metadata XML file, if using local metadata access. If using remote metadata access, this call is not required.
Complete SAML configuration: Completes the SAML configuration connection.

Note

If configuring the SAML connection during installation, call the complete SAML configuration API only after installation is complete.
(Optional) Clear SAML configuration If needed, before completing the configuration, you can clear the latest configuration posted using the create SAML configuration API.

Note

See the SAML authentication documentation for details on app registration requirements.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
configureSaml	boolean	Defines whether to enable SAML configuration in the deployment. Set to `true` to enable configuring the SAML connection.	`true`, `false`
authProvider	string	Defines how the IdP metadata XML is provided: -`local`: By referencing a static `metadata.xml` file that is stored as a Kubernetes secret in the deployment. -`remote`: By referencing a metadata-server endpoint where the XML file is hosted on the SAML provider metadata server. Note If set to `local`, you must provide the IdP metadata XML using the upload metadata XML API.	`local`, `remote`
authProviderUri	string	Required if `authProvider` is set to `remote`. The location of the IdP metadata XML.	A string specifying the endpoint URL where the IdP metadata XML is hosted on the IdP metadata server.
spName	string	The label associated with the Instabase entity in the IdP.	A string specifying the SP name. Typically `InstabaseSP`.
spEntityId	string	The entity ID value set in the IdP. An exact match between this value and the entity ID set in the IdP is required.	A string specifying the SP entity ID. Typically `{Your Instabase URL}`. For example, `https://dev.instabase.com`.
httpAcsUrl	string	The access consumer service (ACS) URL where the IdP redirects after the user successfully authenticates, entered with an HTTPS (not HTTP) scheme.	A string specifying the ACS URL, with an HTTPS scheme. Typically `https://{Your Instabase URL}/account/sso/saml2`.
httpsAcsUrl	string	The access consumer service (ACS) URL where the IdP redirects after the user successfully authenticates, entered with an HTTP (not HTTPS) scheme.	A string specifying the ACS URL, with an HTTP scheme. Typically `http://{Your Instabase URL}/account/sso/saml2`.
requiredAttributes	string	The required SAML attributes (claims) provided to Instabase by the IdP.	A string listing any required attributes, separated by a comma and a space. Typically `email, uid`.
optionalAttributes	string	(Optional) The optional SAML attributes (claims) provided to Instabase by the IdP.	A string listing any optional attributes. Typically `groups`, if group mapping is used.
allowUnsolicited	boolean	(Optional) For SP instances, if set to true (turned on), the SP consumes unsolicited SAML responses for which it has not sent a respective SAML authentication request.	`true`, `false`. Default: `true`.
authRequestsSigned	boolean	(Optional) For SP instances, indicates if the authentication requests sent by this SP should be signed by default.	`true`, `false`. Default: `false`.
logoutRequestsSigned	boolean	(Optional) Indicates if this entity will sign the logout requests originated from it.	`true`, `false`. Default: `true`.
wantAssertionsSigned	boolean	(Optional) Indicates that the assertions contained within the response that is sent to this SP must be signed.	`true`, `false`. Default: `true`.
wantResponseSigned	boolean	(Optional) Indicates that the authentication response to this SP must be signed.	`true`, `false`. Default: `true`.

Examples

Request example:

curl --location '{URL_BASE}/api/v1/control_plane/installer/saml/config' \
--header 'token: {TOKEN}' \
--header 'Content-Type: application/json' \
--data '{
    "configureSaml": true,
    "authProvider": "remote",
    "authProviderUri": "http://authprovider.com/metadata-server-endpoint",
    "requiredAttributes": "email, uid",
    "optionalAttributes": "groups",
    "spEntityId": "https://client-dev.instabase.com",
    "spName": "InstabaseSP",
    "httpAcsUrl": "https://client.instabase.com/account/sso/saml2",
    "httpsAcsUrl": "http://client.instabase.com/account/sso/saml2",
    "allowUnsolicited": true,
    "authRequestsSigned": false,
    "logoutRequestsSigned": true,
    "wantAssertionsSigned": true,
    "wantResponseSigned": true
}'

Upload IdP metadata XML

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/saml/metadata

Description

This API uploads the IdP metadata XML file for the SAML connection. This API is required if the auth_provider field in the create SAML configuration request is set to local.

When the complete SAML configuration API is called, a Kubernetes secret containing this metadata file is created. The secret is what is referenced during SAML authentication.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
samlMetadata	string	The file containing your IdP metadata XML. The only supported file type is `.xml`.	A string specifying the file path to your IdP metadata XML, such as `"/Users/janedoe/metadata.xml"`.

Examples

Request example:

curl --location '{URL_BASE}/api/v1/control_plane/installer/saml/metadata' \
--header 'token: {TOKEN}' \
--form 'samlMetadata=@"/Users/janedoe/metadata.xml"'

Clear SAML configuration

Method	Syntax
DELETE	URL_BASE/api/v1/control_plane/installer/saml

Description

This API lets you clear the SAML configuration most recently posted using the create SAML configuration and upload IdP metadata XML APIs. This API has no effect if the complete SAML configuration API has been called. This API only clears unfinished configurations, it does not delete completed SAML connections.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request DELETE '{URL_BASE}/api/v1/control_plane/installer/saml' \
--header 'Token: {TOKEN}'

Finalize installation

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/finalize

Description

This API initiates installation. If an installation is unsuccessful, this API is also used to retry installation.

Request parameters

The following parameters are required, unless marked as optional:

Name	Type	Description	Values
clean_install	boolean	Cleans up Deployment Manager tables from partial installations before retrying the installation. When set to `true`, any previously created Deployment Manager tables are removed before retrying the install.	true, false Can be set to `false` for initial installation attempt. Set to `true` for any installation retries.

Examples

Request example:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/finalize' \
--header 'Token: {TOKEN}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'clean_install=true'

Complete SAML configuration

Method	Syntax
POST	URL_BASE/api/v1/control_plane/installer/saml

Description

Note

If configuring the SAML connection during installation, call the complete SAML configuration API only after installation is complete.

This API completes the SAML configuration connection, using the configuration (and, if present, IdP metadata XML) most recently posted using the create SAML configuration and upload IdP metadata XML APIs.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/installer/saml' \
--header 'Token: {TOKEN}'

Run post-install actions

Method	Syntax
POST	URL_BASE/api/v1/control_plane/deployment/postinstall/actions/run

Description

Note

Automated post-install actions are available as of Deployment Manager 23.01. For previous versions, follow steps 4-9 of the Post Deployment Steps section of the Installation guide to complete post-install actions manually.

This API initiates post-install actions. The API needs to be called only once, after installation has completed.

The simplest way to confirm a successful installation is to use the Deployment Manager infra dashboard. From the infra dashboard, you can view the state of various components of your Kubernetes infrastructure. You can access the infra dashboard at {YOUR-INSTABASE-URL}/deployment-manager/dashboard/deployments.

Use the dashboard tabs to see which Deployments, StatefulSets, and Services have spun up and are working as expected. Items with a green checkmark are ready to use, items with a spinning icon are still spinning up, and items with a red X have encountered an error or other event. If any deployments display a red X, you can connect with Instabase Support for next steps, and provide events history and logs for the affected pods and containers.

After confirming a successful installation, you can run the following post-install actions:

Base model image upload action: Downloads all Instabase base models required for running ML Studio offline training, along with numerous entity detection models, and publishes them to the Marketplace so they’re ready to use.
Deployed Solutions consistency action: Migrates Deployed Solutions published on releases < 23.07, to ensure compatibility with the current Instabase version.
License action: Applies the license uploaded to Instabase Installer.
ML Studio config setup action: Performs the post-deployment configuration of ML Studio using the latest version of the .ibformers training script.
Setup system retention rules: Sets up system-level rules used to support user-defined file retention settings (applicable onlyto SaaS deployments).
System repo setup action: Sets up backing file system infrastructure required to publish new models to the platform.
Test Runner setup action: Sets up a Test Runner test suite used in the Test Runner test action. The test suite includes a variety of tasks commonly performed with the Instabase platform, providing broad coverage of expected functionality. Tested functionality includes:
- Verify solutions (including flows, flow binaries, and .ibsolutions) can successfully run end-to-end.
- Verify a variety of common input file types can be processed successfully.
- Assess the performance of a variety of Instabase components, including apps and services.
- Assess the performance of a variety of OCR engines.
Test Runner test action: Runs the Test Runner test suite set up in the previous action. When complete, solution diagnostics display for each test, including a status for the test and comparison details if expected (base_value) and actual (compare_value) solution results differ.

Info

The test suite includes tests that assess the performance of a variety of OCR engines. If your deployment does not use a given OCR engine, that test will result in an error. Connect with your customer success manager if you have any questions or concerns about a failed test.

If your post-install actions encounter errors and fail (see the Get the status of post-install actions API), this API can also be used to retry running all post-install actions, after the source of error has been resolved.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/deployment/postinstall/actions/run' \
--header 'Token: {TOKEN}'

Run a single post-install action

Method	Syntax
POST	URL_BASE/api/v1/control_plane/deployment/postinstall/actions/run/{ACTION_NAME}

Description

Use this API to run a single post-install action. This API can be used if, after calling the Run post-install actions API, a single post-install action has failed but its dependencies completed successfully. If the failed action’s dependencies did not complete successfully, rerun the Run post-install actions API, rather than the single failed action.

After confirming a successful installation, you can run the following post-install actions, using the corresponding URL-encoded ACTION-NAME value in the request URL:

Post-install action	ACTION_NAME value
ML Studio config setup action	ML%20Studio%20Config%20Setup%20Action
Test Runner test action	Test%20Runner%20Test%20Action
System tests runner action	System%20Tests%20Runner%20Action

Request

Make the following request, using your own URL_BASE, TOKEN, and ACTION_NAME values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/deployment/postinstall/actions/run/{ACTION_NAME}' \
--header 'Token: {TOKEN}'

Get the status of post-install actions

Method	Syntax
GET	URL_BASE/api/v1/control_plane/deployment/postinstall/actions/statuses

Description

This API gets the status of post-install actions initiated using the Run post-install actions API. Completing the post-install actions takes some time.

Request

There are no customizable parameters. Make the following request, using your own URL_BASE and TOKEN values:

curl --location '{URL_BASE}/api/v1/control_plane/deployment/postinstall/actions/statuses' \
--header 'Token: {TOKEN}'

Response

The response is a JSON object, with the following keys:

Name	Description
status	The status of the call. `200` indicates success, and is the response even if errors with the post-install actions have occurred. `500` indicates an error in getting statuses.
data	An object containing information about the post-install actions.
data/{Action name}	An object containing information about a specific post-install action.
data/{Action name}/state	Describes the state of the post-install action: `Unstarted`, `Running`, or `Aborted`.
data/{Action name}/note	Provides further details on the state of the action, such as `License upload has started.`
error	Contains information about any errors that have led to a `500` status. `null` if no errors have occurred.

Examples

Sample response with no errors running post-install actions:

{
  "statusCode": 200,
  "data": {
    "Base Model Image Upload Action": {
      "State": "Unstarted",
      "Note": "Action is not started yet."
    },
    "License Action": {
      "State": "Running",
      "Note": "License upload has started."
    },
    "ML Studio Config Setup Action": {
      "State": "Unstarted",
      "Note": "ML studio config setup action has not started."
    },
    "System Repo Setup Action": {
      "State": "Running",
      "Note": "System repo setup has started."
    }
  },
  "error": null
}

Sample response with errors running post-install actions:

{
  "statusCode": 200,
  "data": {
    "Base Model Image Upload Action": {
      "State": "Aborted",
      "Note": "actions base model image upload action wait for dependencies: dependency is in Aborted state"
    },
    "License Action": {
      "State": "Aborted",
      "Note": "actions license action license: actions license action decrypt: Post \"http://service-api-server.instabase.svc.cluster.local:25555/api/v1/license-service/preview\": dial tcp: lookup service-api-server.instabase.svc.cluster.local: no such host"
    },
    "ML Studio Config Setup Action": {
      "State": "Aborted",
      "Note": "dependency is in Aborted state"
    },
    "System Repo Setup Action": {
      "State": "Aborted",
      "Note": "actions system repo setup action setup system repo: Post \"http://service-api-server.instabase.svc.cluster.local:25555/api/v1/site/setup-system-repo\": dial tcp: lookup service-api-server.instabase.svc.cluster.local: no such host"
    }
  },
  "error": null
}

Info

dependency is in Aborted state indicates that the action cannot proceed without another action being completed. no such host errors indicate a failed connection; verify that the service is running before retrying.

Sample response with error getting statuses:

{
  "statusCode": 500,
  "data": {},
  "error": "GetActionStatuses: http conn serve: actionHelper.GetActionData: RegistryManager.GetActionData: RegistryManager.getValue: Error 1146 (42S02): Table 'ibdb.key_values' doesn't exist"
}

Roll back all post-install actions

Method	Syntax
POST	URL_BASE/api/v1/control_plane/deployment/postinstall/actions/rollback

Description

This API undoes the operations of the most recent runs of all of the following actions:

Base model image upload action
Deployed Solutions consistency action
ML Studio set up action

Only use this API if the most recent run of one of these actions has caused undesirable platform behavior.

Request

Make the following request, using your own URL_BASE and TOKEN values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/deployment/postinstall/actions/rollback' \
--header 'Token: {TOKEN}'

Set the status of a single post-install action

Method	Syntax
POST	URL_BASE/api/v1/control_plane/deployment/postinstall/actions/statuses/{ACTION_ID}

Description

Use this API to manually reset the status of a post-install action initiated using the Run post-install actions API. This API is used when Deployment Manager has crashed during the execution of a post-install action. In this situation, the status tracking of the running action can become corrupted, and the action’s status must be reset to unstarted. When Deployment Manager comes up again after crashing, use this API to reset any action showing a status of in progress. When all actions show a state of unstarted, you can rerun the Run post-install actions API.

Each in progress action must be reset individually. To specify the action to reset, pass the action’s corresponding ACTION_ID value in the request URL. Valid ACTION_ID values are listed:

Post-install action	ACTION_ID value
Base model image upload action	BASE_MODEL_IMAGE_UPLOAD
Deployed Solutions consistency action	DEPLOYED_SOLUTIONS_CONSISTENCY
License action	LICENSE
ML Studio config setup action	ML_STUDIO_CONFIG_SETUP
Setup system retention rules	RETENTION_SETUP
System repo setup action	SYSTEM_REPO_SETUP
System tests runner action	SYSTEM_TESTS_RUNNER
Test Runner test action	TEST_RUNNER
Test Runner setup action	TEST_RUNNER_SETUP

{"state":"Unstarted","note":"Action status set manually.","executionId":"00000000-0000-0000-0000-000000000000"}

Request

Make the following request, using your own URL_BASE, TOKEN, and ACTION_ID values:

curl --location --request POST '{URL_BASE}/api/v1/control_plane/deployment/postinstall/actions/statuses/{ACTION_ID}' \
--header 'Token: {TOKEN}' \
--data '{"state":"Unstarted","note":"Action status set manually.","executionId":"00000000-0000-0000-0000-000000000000"}'

Installer API

Overview of required and optional installation steps

Conventions and authentication

Requests

Responses

Authentication

Database configuration

Description

MySQL

Request parameters

Examples

PostgreSQL

Request parameters

Microsoft SQL Server: Connect with username and password

Request parameters

Examples

Microsoft SQL Server: Connect with Azure AD

Request parameters

Examples

Oracle

Request parameters

Examples

Database connection string format

TLS authentication configuration

Description

MySQL

Request parameters

Examples

PostgreSQL

Request parameters

Examples

Microsoft SQL Server

Request parameters

Examples

File system configuration

Description

Amazon S3

Request parameters

Examples

Local file storage

Request parameters

Examples

Azure Blob Storage

Request parameters

Examples

Google Cloud Storage

Request parameters

Examples

Upload custom Amazon S3 certificate

Request parameters

Examples

Upload Google Cloud Storage service account credentials

Description

Request parameters

Configuring the Google Cloud Storage service account

Examples

Configure platform and Kubernetes cluster-related settings

Description

Request parameters

Examples

Configure Kubernetes cluster resourcing

Description

Request parameters

Examples

Preflight checks

Service accounts check

Description

Request

Role-based access control (RBAC) check

Description

Request

File storage access check

Description

Request

Database check

Description

Request

Persistent Volume Claim (PVC) check

Description

Request