Configuring the instance

Edit online

As an administrator, you can create the IBM® Engineering AI Hub instance from the supported cluster or by using the command line inputs. After you create the instance, you can configure the parameters.

About this task

The project is alternatively called namespace. You can follow the same steps to create multiple IBM Engineering AI Hub instances in multiple namespaces.

You can create IBM Engineering AI Hub instance by using Red Hat OpenShift console or command line inputs.

Procedure

To create IBM Engineering AI Hub instance by using the Red Hat® OpenShift® console, complete the following steps:

Log in to the Red Hat OpenShift Container platform by using the Red Hat OpenShift administrator credentials.
Go to Operators > Installed Operators.
From the Projects list, select the project where you want the IBM Engineering AI Hub application to be installed.
On the Installed Operators page, select IBM EngineeringAIHub from the Name column.
On the Details page, locate Engineering AIHub App and click the Create instance link.

On the Create EngineeringAIHubApp page, use one of the following options to edit the custom resource to create a new IBM Engineering AI Hub instance:

Form view

You can enter the details in a form. The following is a sample form.

Table 1. Creating IBM Engineering AI Hub instance
Property	Description	Sample values
`metadata.name`	Name of IBM Engineering AI Hub deployment instance.	`engineeringaihubapp-sample-1`
`version`	Provide the application version. If no version is set, latest version is installed version.	Default value is 1.0.0.
`imagePullSecret`	Provide a secret to pull images. For more information, seeCreating the image pull secret in the cluster.	`ibm-entitlement-key`
`imageRepo`	Provide image repository to pull the operand images from the given repository.	The default value is`cp.icr.io/cp/ibm-elmaihub`
`routing.hostname`	Host name for configuring the routes or ingress resources for IBM Engineering AI Hub applications.	`engineeringaihub.com`
`routing.tlsSecret`	Refers the external TLS certificates as a secret. For more information, seeCreating TLS certificates .	`aihub-tls-secret`
`routing.tlsSecretInternal`	Optional: Refers the`self-signed-internal-cert` secret which has a self-signed certificate, private key, and CA certificate of application service DNS hostnames. For more information, seeCreating TLS certificates for IBM Engineering AI Hub.	`aihub-tls-secret-internal`
`oidc.ClientId`	The client ID forms part of the credentials to use to communicate with your OIDC provider. This ID must be registered with your OIDC provider. Contact your OIDC provider to get this value.	`secret::engineering-ai-hub-application-secrets::oidcClientId`
`oidc.clientSecret`	The client secret forms part of the credentials to communicate with your ODIC provider. Contact your OIDC provider to get this value.	`secret::engineering-ai-hub-application-secrets::oidcClientSecret`
`oidc.wellKnownEndpoint`	A URL of your OIDC provider to reach the well-known-endpoint. Contact your OIDC provider to get this value.	`"https://elm-ai1.fyre.ibm.com:9643/oidc/endpoint/jazzop/.well-known/openid-configuration"`
`licensing.server.host`	Host details of your IBM Common Licensing server.	`myserver.ibm.com`
`licensing.server.id`	Server ID of IBM Common Licensing server. For more information, seeConfiguring IBM Common Licensing server.	`0242ac91000211`
`licensing.server.port`	Port number of your IBM Common Licensing server.	`27000`
`aiServicesSettings`	Settings required to connect toIBM watsonx.ai for IBM Cloud and IBM watsonx.ai software.	`WATSONX_APIKEY` `WATSONX_PROJECTID` `WATSONX_URL` `WATSONX_INSTANCE_ID` `WATSONX_USERNAME` For more information, see Creating ai- services- secret.
`server.adminConsoleUserId`	`AI Hub console User ID`	`<user_id1>@ibm.com` or `<user_id2>` Note: To ensure successful authentication, the AI Hub console user ID must be registered and available within the Jazz Authorization Server (JAS) environment used for validation. If the AI Hub console user ID is not present in JAS, authentication will fail.
`aihub-Settings`	Default settings of EngineeringAIHub.	By default it is empty and you can choose to override it later. For more information, seeCreating aihub-settings configuration map.
`rmaiui`	Optional: By default, a`rmaiui` operand is configured with two replicas.	For values, refer the yaml file.
`rmai`	Optional: By default, a`rmai`operand is configured with a single replica.	For values, refer the yaml file.
`ccmai`	Optional: By default, a`ccmai` operand is configured with a single replica.	For values, refer the yaml file.
`mbseai`	Optional: By default, a`mbseai` operand is configured with two replicas.	For values, refer the yaml file.
`dbcredentials.dbName`	Database name used byIBM Engineering AI Hub. The recommended database name is`elmaihub`.	`elmaihub`
`dbcredentials.dbUserName`	Username used to connect to the database.	`db_user`
`dbcredentials.dbPassword`	Password used to authenticate to the database.	`db_password`
`dbcredentials.dbHost`	Hostname of the PostgreSQL database server.	`db.example.com`
`dbcredentials.dbPort`	Port on which the PostgreSQL database is running.	`5432`
`dbcredentials.dbMinPoolSize`	Optional. Minimum database connection pool size. If not specified, the system uses the default value of 1.	`1`
`dbcredentials.dbMaxPoolSize`	Optional. Maximum database connection pool size. If not specified, the system uses the default value of 5.	`5`
`dbcredentials.sslmode`	Specifies the SSL/TLS mode used to secure the PostgreSQL database connection. Supported values are disable, require, verify-ca, and verify-full. The default value is disable. For more information, see SSL Mode Descriptions.	For example:`verify-ca`
`dbcredentials.sslCertSecret`	Directory that contains the SSL certificate files required for establishing a secure PostgreSQL database connection. For more information, see Creating database SSL certificate secret. Note: For SSL-enabled PostgreSQL connections, the required certificate files depend on the configured SSL mode and the server-side authentication settings: For verify-ca and verify-full modes, the ca.crt file is mandatory and is used to verify the server certificate against a trusted Certificate Authority. The tls.crt and tls.key files (client certificate and private key) are not required by default, even in verify-full mode. They become mandatory only when the PostgreSQL server is configured to require client certificate authentication, for example when pg_hba.conf uses the cert authentication method. In such cases, the server explicitly requests a client certificate, and the connection will fail if tls.crt and tls.key are not provided. All certificate files must use the exact filenames ca.crt, tls.crt, and tls.key in the referenced Kubernetes/OpenShift secret. Any deviation from these filenames is not supported and can cause SSL connection failures.	`aihubdbsslsecret`
verifySSL	Controls whether SSL certificate verification is enforced for MCP tools outgoing requests to ELM servers. When set to `false`, self-signed certificates are allowed. The default value is `true`.	true \| false

YAML view

You can create objects. Click the YAML tab and populate the Engineering AI Hub instance details in the custom resource specification YAML.

Click Create. The Engineering AI Hub instance is created.

To create the Engineering AI Hub instance by using command line, complete the following steps:

Create the YAML file.

Generate the exact values for your deployment. Values defined in the following sample yaml is for illustration only. For more information, see Preparing to create IBM Engineering AI Hub instance.

apiVersion: engineeringaihub.ibm.com/v1beta1
kind: EngineeringAIHubApp
metadata:
  name: engineeringaihub-sample-1
  namespace: <aihub-namespace>
spec:
  routing:
    hostname: engineeringaihub.com
    tlsSecret: aihub-tls-secret
    tlsSecretInternal: aihub-tls-secret-internal
  aiServicesSettings: ai-services-settings
  imageRepo: cp.icr.io/cp/ibm-elmaihub
  imagePullSecret: ibm-entitlement-key
  aiHubSettings: aihub-settings
  oidc:
    clientId: 'secret::engineering-ai-hub-application-secrets::oidcClientId'
    clientSecret: 'secret::engineering-ai-hub-application-secrets::oidcClientSecret'
    wellKnownEndpoint: 'https://elm-ai1.fyre.ibm.com:9643/oidc/endpoint/jazzop/.well-known/openid-configuration'
  server:
    adminConsoleUserId: 'clmadmin'
  dbcredentials:
    dbName: 'secret::engineering-ai-hub-application-secrets::dbName'
    dbUserName: 'secret::engineering-ai-hub-application-secrets::dbUserName'
    dbPassword: 'secret::engineering-ai-hub-application-secrets::dbPassword'
    dbHost: 'secret::engineering-ai-hub-application-secrets::dbHost'
    dbPort: 'secret::engineering-ai-hub-application-secrets::dbPort'
    dbMinPoolSize: 'secret::engineering-ai-hub-application-secrets::dbMinPoolSize'
    dbMaxPoolSize: 'secret::engineering-ai-hub-application-secrets::dbMaxPoolSize'
    sslmode: 'disable'
    sslCertSecret: aihubdbsslsecret 
  licensing:
    server:
      host: myserver.ibm.com
      id: '72723889'
      port: 27000
  acceptLicense: true

Create a EngineeringAIHubApp resource by using the above YAML file by configuring the parameters.
Note: You can create only one instance of EngineeringAIHubApp in a namespace. If you want to create multiple environments for development, quality, staging, production, and more, create the respective namespaces and secrets in your cluster.
Red Hat OpenShift
```
oc create ns <namespace>
```
Kubernetes
```
kubectl create ns <namespace>
```
Run the following command to create the EngineeringAIHubApp in the namespace created previously.
Red Hat OpenShift
```
oc apply -f <EngineeringAIAub-yaml-file> -n <namespace>
```
Kubernetes
```
kubectl apply -f <EngineeringAIAub-yaml-file> -n <namespace>
```

Required: To start the application pods, run the following command:

oc adm policy add-scc-to-user nonroot -z engineering-ai-hub-sa -n <namespace>

After you create and configure the Engineering AI Hub instance, access the application by using the URL configured in routing.hostname. For example: https://www.engineeringaihub.example.com.