Creating secrets for services that use Multicloud Object Gateway

If you plan to install services with a dependency on Multicloud Object Gateway in this instance of IBM Cloud Pak for Data, you must create the secrets that the services use to communicate with Multicloud Object Gateway.

Installation phase

Setting up a client workstation

Setting up a cluster

Collecting required information

Preparing to run installs from a private container registry

Preparing the cluster for Cloud Pak for Data

Preparing to install an instance of Cloud Pak for Data

Installing an instance of Cloud Pak for Data

Who needs to complete this task?

Cluster administrator A cluster administrator must complete this task.

When do you need to complete this task?

Complete this task only if you plan to install one or more of the following services in this instance of Cloud Pak for Data:

Watson™ Assistant
Watson Discovery
Watson Knowledge Studio
Watson Speech services

Repeat as needed If you plan to install multiple instances of Cloud Pak for Data on the cluster, repeat this task for each instance.

Before you begin

Best practice: You can run many of the commands in this task exactly as written if you set up environment variables for your installation. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

About this task

Use the setup-mcg command to create secrets for one or more of the following services:

Watson Assistant
Watson Discovery
Watson Knowledge Studio
Watson Speech services

The secrets enable the services to access the following secrets in the openshift-storage project:

The secret that contains the NooBaa account credentials.
The secret that contains the NooBaa account certificate.

Procedure

Run the cpd-cli manage login-to-ocp command to log in to the cluster as a user with sufficient permissions to complete this task. For example:
```
cpd-cli manage login-to-ocp \
--username=${OCP_USERNAME} \
--password=${OCP_PASSWORD} \
--server=${OCP_URL}
```
Tip: The login-to-ocp command takes the same input as the oc login command. Run oc login --help for details.
Get the names of the secrets that contain the NooBaa account credentials and certificate:
```
oc get secrets --namespace=openshift-storage
```
Set the following environment variables based on the names of the secrets on your cluster.
1. Set NOOBAA_ACCOUNT_CREDENTIALS_SECRET to the name of the secret that contains the NooBaa account credentials. The default name is noobaa-admin.
  If you created multiple backing stores, ensure that you specify the credentials for the appropriate backing store.
```
export NOOBAA_ACCOUNT_CREDENTIALS_SECRET=<secret-name>
```
2. Set NOOBAA_ACCOUNT_CERTIFICATE_SECRET to the name of the secret that contains the NooBaa account certificate. The default name is noobaa-s3-serving-cert.
```
export NOOBAA_ACCOUNT_CERTIFICATE_SECRET=<secret-name>
```
If you plan to install Watson Assistant in this instance, create the secrets that Watson Assistant uses to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secrets:
```
cpd-cli manage setup-mcg \
--components=watson_assistant \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-assistant \
noobaa-cert-watson-assistant \
noobaa-uri-watson-assistant
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.
If you plan to install Watson Discovery in this instance, create the secret that Watson Discovery uses to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secret:
```
cpd-cli manage setup-mcg \
--components=watson_discovery \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the secret was created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-discovery
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.
If you plan to install Watson Knowledge Studio in this instance, create the secrets that Watson Knowledge Studio uses to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secrets:
```
cpd-cli manage setup-mcg \
--components=watson_ks \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-ks \
noobaa-cert-watson-ks
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.
If you plan to install the Watson Speech services in this instance, create the secrets that the Watson Speech services use to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secrets:
```
cpd-cli manage setup-mcg \
--components=watson_speech \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-speech
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.

What to do next

Now that you've created secrets for services that use Multicloud Object Gateway, you're ready to complete Installing an instance of IBM Cloud Pak for Data.