- Capabilities
- Getting started
- Architecture center
- Platform updates
Connected hubs
The Connected hubs extension in Control Panel enables you to authenticate connections between your Foundry enrollment and Apollo hubs. Once a connection is established, you can add Marketplace stores to a publishing whitelist so that new product releases in those stores are automatically published to the connected Apollo hub.
This enables cross-network shipping of Marketplace products: users can build products on top of their own data, publish to an Apollo hub that they control, and install those products onto other Foundry environments without requiring any Palantir-specific permissions.
Individual Marketplace stores can be connected to multiple Apollo hubs, and each hub can receive products from multiple stores.
Prerequisites
To access the Connected hubs extension in Control Panel, you must have the Enrollment administrator role, granted in the Enrollment permissions extension. For more details, see Permissions.
Connect an Apollo hub
Before connecting an Apollo hub, ensure the following setup has been completed:
-
Network connectivity: The Apollo hub must allow inbound traffic from your Foundry enrollment. To configure this:
a. In your Foundry enrollment's Control Panel, navigate to the Network egress extension and select What IPs do connections from Foundry come from? to copy the CIDRs.
b. In the Apollo hub's Control Panel, navigate to the Network ingress extension and add those CIDRs.
-
Third-party application credentials: Create credentials on the Apollo hub that your Foundry enrollment will use to authenticate:
a. In the Apollo hub's Control Panel, navigate to the Third-party applications extension.
b. Create a new application and select Confidential client, then Client credentials grant.
c. Enable the application and turn on Organization level consent.
Once the setup is complete, connect the hub in Control Panel:
- Navigate to Control Panel and select Connected hubs from the side panel under Enrollment settings.
- Select Add.
- Provide the following information:
| Field | Description |
|---|---|
| Apollo hub URL | The URL of the Apollo hub to connect to. |
| Apollo Space ID | The identifier for the Apollo space associated with the hub. This value is case sensitive. |
| Client ID | The client ID generated when creating the third-party application on the Apollo hub. |
| Client secret | The client secret generated when creating the third-party application on the Apollo hub. |
- Select Submit to establish the connection.
Once the connection is saved, the extension displays the connection status, indicating whether the authentication is valid.
Verify a hub connection
After connecting an Apollo hub, the Connected hubs extension displays the current status of each connection. Use this to verify that authentication credentials are valid and the hub is reachable.
Publish products to a connected Apollo hub
To publish Marketplace products to a connected Apollo hub, ensure the following additional setup has been completed on the Apollo hub:
- Apollo hub permissions: Add the third-party application user to a team (or create a new team) that has the following permissions:
- Artifacts: Creator, Viewer
- Products: Release Creator, Creator, Viewer
Add Marketplace stores to the publishing whitelist
After the hub permissions are configured, you can add Marketplace stores to the publishing whitelist for that hub.
- Select the connected hub you want to configure.
- Select Configure, or the cog icon.
- Add the Marketplace store to the whitelist.
When a Marketplace store is on the publishing whitelist and the store requires approval for new releases, cutting a new release of a product in that store will automatically publish it to all Apollo hubs that the store is configured for. Only products that use strict folder tracking and have a Maven coordinate configured will be successfully published; products that do not meet these requirements will not block other products from publishing.
Publishing workflow
Once a store is on the whitelist and properly configured:
- In DevOps, create a release for a product in the whitelisted store. This requires sharing a draft and getting it approved by another editor.
- After approval, the product is automatically published to all connected Apollo hubs that the store is whitelisted for.
Install products from a connected Apollo hub
To install Foundry Products from Apollo, first make sure you have a valid connection to the corresponding hub. Then, contact Palantir Support to enable third-party Foundry Product installations from connected hubs.
Once the setup is complete, Foundry Products that exist in the connected Apollo hub can be installed into remote stores visible to your enrollment. More granular permissions can be set on the remote Marketplace stores page.