Announcements
Cloud
June 12, 2019 By Alex Parker 2 min read

To facilitate migrations to IAM and our new icr.io domains, IBM Cloud Container Registry will no longer allow the creation of registry tokens.

Recently, we introduced our new IBM Cloud Container Registry icr.io domain names. With this change, it was announced that an IAM API key—rather than a registry token—needs to be stored in an image pull secret in order to pull images from the new registry domains. In accordance with this, and to facilitate migrations to the new domains, the creation of registry tokens will be discontinued on July 1, 2019.

Since the announcement of the icr.io domains, new clusters have been deployed with both pull secrets that access bluemix.net domains with a registry token and with pull secrets that access icr.io domains with an IAM API key. Moving forward, all new clusters will be deployed with IAM API key pull secrets only, and you will be unable to create new registry tokens with ibmcloud cr token-add. This means that new clusters will have to pull images from the icr.io domains. Registry tokens have been marked as deprecated in the documentation for a few months (see here, for example), and during that time, anyone with questions about registry tokens has been pointed to IAM.

How will my existing clusters and registry tokens be affected?

Existing registry tokens will continue to provide access to IBM Cloud Container Registry using the deprecated bluemix.net domain names, so you can continue using existing registry tokens to access these domains without interruption.

However, the old domains, as well as registry tokens, will eventually be discontinued as well. To prepare yourself for this event, follow these steps to set up your clusters to pull images from the icr.io domains if you have not done so already. This action will kill two birds with one stone as you will migrate away from the deprecated bluemix.net domains while simultaneously migrating from registry tokens to IAM API keys.

What benefits are there to using IAM API keys for registry access?

There are lots of benefits to using IAM API keys instead of registry tokens. With IAM API keys, you can add IAM policies for more fine-grained control over access. For instance, you can create IAM access policies to restrict permissions to specific registry namespaces so that a cluster can only pull images from those namespaces.

Alex Parker
Offering Manager

More from Announcements
April 19, 2024

IBM Consulting augments expertise with AWS Competencies: A win-win for clients 

3 min read - In today's dynamic economic landscape, businesses demand continuous innovation and speed of execution. At IBM Consulting®, our unwavering focus on partnerships and shared commitment to delivering enterprise-level solutions to mutual clients have been core to our success.   We are thrilled to announce that IBM® has recently gained five competencies from Amazon Web Services (AWS) in vital domains including Cloud Operations, Internet of Things (IoT), Life Sciences, Mainframe Modernization, and Telecommunications. With these credentials, IBM further establishes its position as a…

April 18, 2024

Probable Root Cause: Accelerating incident remediation with causal AI 

5 min read - It has been proven time and time again that a business application’s outages are very costly. The estimated cost of an average downtime can run USD 50,000 to 500,000 per hour, and more as businesses are actively moving to digitization. The complexity of applications is growing as well, so Site Reliability Engineers (SREs) require hours—and sometimes days—to identify and resolve problems.   To alleviate this problem, we have introduced the new feature Probable Root Cause as part of Intelligent Incident…

April 11, 2024

Reflecting on IBM’s legacy of environmental innovation and leadership

4 min read - Upholding a legacy of more than 50 years of environmental responsibility through our company’s actions and commitments, IBM continues to be a leader in driving sustainability for our business, our communities and our clients—including a 34-year history of annual, public environmental reporting, which we continue today. As a hybrid cloud and artificial intelligence (AI) company, we believe that leveraging technology is key to unlocking impact, and it will play a substantial role in how society addresses, adapts to, and overcomes…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters