Creating a tenant

As a system owner, you can create a new account for a tenant in IBM® Sovereign Core. When an account is ready, you can maintain the compliance of the account and environment, deploy clusters, and reallocate resources. Manage cloud infrastructure for your customers by creating secure and sovereign accounts by using IBM Sovereign Core.

Before you begin

  • To create a tenant account, you need the name and email address for the owner of the tenant account. The account owner receives an email with details about the tenant account.
  • You must publish at least one service in the system owner account to create a tenant.

About this task

Creating an account for the tenant owner is the first step in getting started with the IBM Sovereign Core.

Procedure

  1. Open the IBM Sovereign Core home page, and click Create tenant.
  2. Enter an account name and an optional description.
  3. Enter the account owner's details that include a display name and an email address.
    Make sure that the email address you enter for the tenant user is correct and current.
  4. Optional: Configure the storage class for all clusters that are published to the tenant's catalog to use. The storage class defines the storage type and how persistent storage is dynamically provisioned for clusters.
    To set or change the storage class after you create the tenant account, access the system account home page, select the tenant account, and click Edit storage class.
    Note: When you update the storage class configuration for a tenant account, the changes do not apply to existing clusters until you provision a new cluster. After you provision the new cluster, the updated configuration applies to both the new cluster and all existing tenant clusters.
    For details about preparing storage for the IBM Sovereign Core environment, see Planning storage provisioning.
  5. Click Create.
    A confirmation message is shown with the access URL for the new account. Copy the URL for your records. Only the account owner receives an email that contains the account details.

What to do next

The new account is visible on the IBM Sovereign Core home page with a Ready status. Click Open on the new tenant account card to view the account details.

After you create an account for the tenant, you must set up a Red Hat® Quay access token for the tenant account owner. For detailed steps, see Setting up a Red Hat Quay container registry for tenants.

Copy the root CA certificate from the vault-root-ca-secret secret in the vault namespace. Use the ca.crt key, and share the certificate with the tenant account owner through a trusted channel so that they can add it to their browser trustStore for the tenant OpenShift cluster.