Creating secrets for services that use Multicloud Object Gateway

If you plan to install services with a dependency on Multicloud Object Gateway in this instance of IBM Software Hub, you must create the secrets that the services use to communicate with Multicloud Object Gateway.

Installation phase

Setting up a client workstation
Setting up a cluster
Collecting required information
Preparing to run installs in a restricted network
Preparing to run installs from a private container registry
Preparing the cluster for IBM Software Hub
Preparing to install an instance of IBM Software Hub
Installing an instance of IBM Software Hub
Setting up the control plane
Installing solutions and services

Who needs to complete this task?

Cluster administrator A cluster administrator must complete this task.

When do you need to complete this task?

Complete this task only if you plan to install one or more of the following services in this instance of IBM Software Hub:

Watson Discovery
Watson Speech services
watsonx Assistant
watsonx™ Orchestrate

Repeat as needed If you plan to install multiple instances of IBM Software Hub on the cluster, repeat this task for each instance.

Before you begin

Best practice: You can run many of the commands in this task exactly as written if you set up environment variables for your installation. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

About this task

Use the setup-mcg command to create secrets for one or more of the following services:

Watson Discovery
Watson Speech services
watsonx Assistant
watsonx Orchestrate

The secrets enable the services to access the following secrets in the openshift-storage project:

The secret that contains the NooBaa account credentials.
The secret that contains the NooBaa account certificate.

Procedure

Log the cpd-cli in to the Red Hat® OpenShift® Container Platform cluster:
```
${CPDM_OC_LOGIN}
```
Remember: CPDM_OC_LOGIN is an alias for the cpd-cli manage login-to-ocp command.
Get the names of the secrets that contain the NooBaa account credentials and certificate:
```
oc get secrets --namespace=openshift-storage
```
Set the following environment variables based on the names of the secrets on your cluster.
1. Set NOOBAA_ACCOUNT_CREDENTIALS_SECRET to the name of the secret that contains the NooBaa account credentials. The default name is noobaa-admin.
  If you created multiple backing stores, ensure that you specify the credentials for the appropriate backing store.
```
export NOOBAA_ACCOUNT_CREDENTIALS_SECRET=<secret-name>
```
2. Set NOOBAA_ACCOUNT_CERTIFICATE_SECRET to the name of the secret that contains the NooBaa account certificate. The default name is noobaa-s3-serving-cert.
```
export NOOBAA_ACCOUNT_CERTIFICATE_SECRET=<secret-name>
```
Watson Discovery users only. If you plan to install Watson Discovery in this instance, create the secrets that Watson Discovery uses to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secrets:
```
cpd-cli manage setup-mcg \
--components=watson_discovery \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-discovery
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.
Watson Speech services users only. If you plan to install the Watson Speech services in this instance, create the secrets that the Watson Speech services use to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secrets:
```
cpd-cli manage setup-mcg \
--components=watson_speech \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-speech
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.
watsonx Assistant users only. If you plan to install watsonx Assistant in this instance, create the secrets that watsonx Assistant uses to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secrets:
```
cpd-cli manage setup-mcg \
--components=watson_assistant \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-assistant \
noobaa-cert-watson-assistant \
noobaa-uri-watson-assistant
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.
watsonx Orchestrate users only. If you plan to install watsonx Orchestrate in this instance, create the secrets that watsonx Orchestrate uses to connect to Multicloud Object Gateway:
1. Run the setup-mcg command to create the secrets for watsonx Assistant, which is automatically installed with watsonx Orchestrate:
```
cpd-cli manage setup-mcg \
--components=watson_assistant \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
2. Confirm that the watson-assistant secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watson-assistant \
noobaa-cert-watson-assistant \
noobaa-uri-watson-assistant
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.
3. Run the setup-mcg command to create the secrets for watsonx Orchestrate:
```
cpd-cli manage setup-mcg \
--components=watsonx_orchestrate \
--cpd_instance_ns=${PROJECT_CPD_INST_OPERANDS} \
--noobaa_account_secret=${NOOBAA_ACCOUNT_CREDENTIALS_SECRET} \
--noobaa_cert_secret=${NOOBAA_ACCOUNT_CERTIFICATE_SECRET}
```
  Wait for the cpd-cli to return the following message before proceeding to the next step:
```
[SUCCESS] ... setup-mcg completed successfully.
```
4. Confirm that the secrets were created in the operands project for the instance:
```
oc get secrets --namespace=${PROJECT_CPD_INST_OPERANDS} \
noobaa-account-watsonx-orchestrate \
noobaa-cert-watsonx-orchestrate \
noobaa-uri-watsonx-orchestrate
```
  If the command returns Error from server (NotFound), re-run the setup-mcg command in the preceding step.

What to do next

Now that you've created secrets for services that use Multicloud Object Gateway, you're ready to complete Installing an instance of IBM Software Hub.