Preparing to run IBM Cloud Pak for Data installs from a private container registry

If you plan to use a private container registry to host the IBM Cloud Pak for Data software images, you must mirror the images from the IBM® Entitled Registry and configure the cluster to pull the images from the private container registry.

Who needs to complete this task?

Cloud Pak for Data operations team Cluster administrator Registry administrator The IBM Cloud Pak for Data operations team should work with private container registry administrator and the cluster administrator to complete the appropriate tasks for your environment.

When do you need to complete this task?

One-time setup If you plan to install Cloud Pak for Data from images in a private container registry, you must complete the tasks in this section. With careful planning, you can complete the tasks once. However, if you decide that you want to install additional services and the images are not in your private container registry, you might need to complete some of these tasks multiple times.

If you plan to pull images directly from the IBM Entitled Registry, you can skip this task and continue to Preparing your cluster for IBM Cloud Pak for Data.

About this task

Important:
You must mirror the necessary images to your private container registry in the following situations:
  • Your cluster is air-gapped (also called an offline or disconnected cluster)
  • Your cluster uses an allowlist to permit direct access by specific sites and the allowlist does not include the IBM Entitled Registry
  • Your cluster uses a blocklist to prevent direct access by specific sites and the blocklist includes the IBM Entitled Registry
Even if these situations do not apply to your environment, you should consider using a private container registry if you want to:
  • Run security scans against the software images before you install them on your cluster
  • Ensure that you have the same images available for multiple deployments, such as development or test environments and production environments

The only situation in which you might consider pulling images directly from the IBM Entitled Registry is when your cluster is not air-gapped, your network is extremely reliable, and latency is not a concern. However, for predictable and reliable performance, you should mirror the images to a private container registry.

Procedure

To prepare to run installs from a private container registry: