Setting up an OAuth client for IBM Software Hub Control Center

In order for IBM Software Hub Control Center (Control Center) to get cluster capacity data, you must create an OAuth client for Control Center on the cluster where IBM Software Hub is installed.

Who needs to complete this task?

Cluster administrator A cluster administrator must complete this task.

When do you need to complete this task?

One-time setup You must complete this task after you install Control Center.

Before you begin

Best practice: You can run the commands in this task exactly as written if you use set up environment variables for IBM Software Hub Control Center in addition to the installation environment variables script for your IBM Software Hub installation. For instructions, see Setting up environment variables for IBM Software Hub Control Center
Before you run the commands in this task, ensure that you source the environment variables for:
  • Your IBM Software Hub installation
  • Your IBM Software Hub Control Center installation

About this task

Create an OAuth client on the cluster where the instances of IBM Software Hub that you want to monitor are installed.

Procedure

To create the OAuth client:

  1. Log in to Red Hat® OpenShift® Container Platform as a cluster administrator. 
    ${OC_LOGIN}
    Remember: OC_LOGIN is an alias for the oc login command.
  2. Set the OAUTH_CLIENT_ID environment variable to the ID that you want to use for this client.
    The recommended name is ibm-software-hub-cc. The following command uses the recommended name:
    export OAUTH_CLIENT_ID=ibm-software-hub-cc
  3. Set the OAUTH_SECRET environment variable to the password that you want to use to authenticate to the OAuth client: 
    export OAUTH_SECRET=<secret>
  4. Create the OAuth client: 
    cat <<EOF |oc apply -f -
kind: OAuthClient
apiVersion: oauth.openshift.io/v1
metadata:
  name: ${OAUTH_CLIENT_ID}
secret: ${OAUTH_SECRET}
redirectURIs:
  - 'https://${CONTROL_CENTER_ROUTE}/zen/oauth/redirect'
grantMethod: prompt
accessTokenMaxAgeSeconds: 120
accessTokenInactivityTimeoutSeconds: 300
scopeRestrictions:
  - clusterRole:
      allowEscalation: false
      namespaces:
        - '*' 
      roleNames: 
        - 'cluster-reader'
EOF

What to do next

Now that you've created the OAuth secret for IBM Software Hub Control Center, you're ready to complete Registering an IBM Software Hub cluster with IBM Software Hub Control Center.