Mirroring IBM Cloud Pak for Data images to a private container registry

If your cluster is in a restricted network or if you want to ensure that all images are pulled from a trusted source, mirror the IBM Cloud Pak for Data images to your private container registry.

Installation phase
You are not here. Setting up a client workstation
You are not here. Setting up a cluster
You are not here. Collecting required information
You are here icon. Preparing to run installs from a private container registry
You are not here. Preparing the cluster for Cloud Pak for Data
You are not here. Preparing to install an instance of Cloud Pak for Data
You are not here. Installing an instance of Cloud Pak for Data
Who needs to complete this task?

Registry administrator A registry administrator or someone with the appropriate permissions to push images to the private container registry must complete this task.

When do you need to complete this task?

One-time setup If you plan to pull images from a private container registry, you must complete this task before you install Cloud Pak for Data.

With careful planning, you can complete the appropriate task once. However, if you decide that you want to install additional services and the images are not in your private container registry, you will need to repeat the appropriate task to mirror the images to your private container registry.

Before you begin

Ensure that your private container registry meets the Private container registry requirements.

About this task

There are several ways that you can mirror images from the IBM® Entitled Registry to your private container registry. Choose the most appropriate method for your environment by answering the following question:

Can you set up a client workstation that can connect to the internet and the private container registry?

Yes
You can mirror the images directly from the IBM Entitled Registry to the private container registry.
No, the private container registry is in a restricted network
You must mirror the images to an intermediary container registry before you can mirror the images to the private container registry.
The cpd-cli manage mirror-images command automatically sets up an intermediary container registry on the client workstation. You must be able to move the intermediary container registry behind your firewall. For example, you can use:
Options Details
Use a portable compute device, such as a laptop, that you can move behind your firewall.
You can use the same device to:
  • Mirror images from the IBM Entitled Registry to the intermediary container registry.
  • Mirror images from the intermediary container registry to the private container registry.
Use a portable storage device, such as a USB drive, that you can move behind your firewall.
You must set up two client workstations:
  • A workstation that can connect to the internet. From this workstation, you can mirror the images from the IBM Entitled Registry to the intermediary container registry on the portable storage device.
  • A workstation that can connect to the private container registry. After you move the portable storage device to this workstation, you can mirror the images from the intermediary container registry to the private container registry.
Use a file transfer protocol, such as scp or sftp, to move images behind your firewall.
You must set up two client workstations:
  • A workstation that can connect to the internet. From this workstation, you can mirror the images from the IBM Entitled Registry to the intermediary container registry.
  • A workstation that can connect to the private container registry. After you transfer the intermediary container registry to this workstation, you can mirror the images from the intermediary container registry to the private container registry.

Procedure

Complete the appropriate task to mirror images to your private container registry: