Updating the global image pull secret

The global image pull secret ensures that your cluster has the necessary credentials to pull images. The credentials that you add to the global image pull secret depend on where you want to pull images from.

Installation phase
You are not here. Setting up a client workstation
You are not here. Collecting required information
You are here icon. Preparing your cluster
You are not here. Installing the Cloud Pak for Data platform and services
Who needs to complete this task?
A cluster administrator must complete this task.
When do you need to complete this task?
You must complete this task before you install Cloud Pak for Data for the first time.

Before you begin

Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

About this task

Use the appropriate cpd-cli manage command to create or update the global image pull secret with the appropriate credentials:

IBM® Entitled Registry
If you are pulling images from the IBM Entitled Registry, the global image pull secret must contain your IBM entitlement API key.

Use the cpd-cli manage add-icr-cred-to-global-pull-secret command to create or update the global image pull secret.

Private container registry
If you are pulling images from a private container registry, the global image pull secret must contain the credentials of an account that can pull images from the registry.

Use the cpd-cli manage add-cred-to-global-pull-secret command to create or update the global image pull secret.

Procedure

  1. Run the cpd-cli manage login-to-ocp command to log in to the cluster as a user with sufficient permissions to complete this task. For example: 
    cpd-cli manage login-to-ocp \
--username=${OCP_USERNAME} \
--password=${OCP_PASSWORD} \
--server=${OCP_URL}
    Tip: The login-to-ocp command takes the same input as the oc login command. Run oc login --help for details.
  2. Run the appropriate command to update the global image pull secret:
    IBM Entitled Registry

    Run the following command to provide your IBM entitlement API key to the global image pull secret:

    cpd-cli manage add-icr-cred-to-global-pull-secret \
${IBM_ENTITLEMENT_KEY}
    Private container registry

    Run the following command to provide the credentials of a user that can pull images from the registry:

    cpd-cli manage add-cred-to-global-pull-secret \
${PRIVATE_REGISTRY_LOCATION} \
${PRIVATE_REGISTRY_PULL_USER} \
${PRIVATE_REGISTRY_PULL_PASSWORD}
  3. If you are installing Cloud Pak for Data on Red Hat® OpenShift® on IBM Cloud®, you must manually reload the worker nodes in your cluster for the changes to take effect. For details, see Adding a private registry to the global pull secret in the Red Hat OpenShift on IBM Cloud documentation.
  4. Get the status of the nodes. 
    cpd-cli manage oc get nodes

    Wait until all the nodes are Ready before you proceed to the next step. For example, if you see Ready,SchedulingDisabled, wait for the process to complete:

    NAME                           STATUS                     ROLES    AGE     VERSION
master0                        Ready                      master   5h57m   v1.20.0
master1                        Ready                      master   5h57m   v1.20.0
master2                        Ready                      master   5h57m   v1.20.0
worker0                        Ready,SchedulingDisabled   worker   5h48m   v1.20.0
worker1                        Ready                      worker   5h48m   v1.20.0
worker2                        Ready                      worker   5h48m   v1.20.0
    Tip: You can use the watch oc get nodes command to monitor the status of the nodes. The command provides an update every 2 seconds. When all of the nodes return Ready you can exit the command by pressing Ctrl+C.

    Alternatively, if you find that the oc get nodes command returns Ready prematurely, you can use the oc get mcp command to get the real-time status of the nodes.

What to do next