Updating the global image pull secret for IBM Cloud Pak for Data

The global image pull secret ensures that your cluster has the necessary credentials to pull images. The credentials that you add to the global image pull secret depend on where you want to pull images from.

Installation phase

Setting up a client workstation
Setting up a cluster
Collecting required information
Preparing to run installs in a restricted network
Preparing to run installs from a private container registry
Preparing the cluster for Cloud Pak for Data
Preparing to install an instance of Cloud Pak for Data
Installing an instance of Cloud Pak for Data
Setting up the Cloud Pak for Data control plane
Installing solutions and services

Who needs to complete this task?

Cluster administrator A cluster administrator must complete this task.

When do you need to complete this task?

One-time setup You must complete this task before you install Cloud Pak for Data for the first time.

Before you begin

Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

About this task

Use the appropriate cpd-cli manage command to create or update the global image pull secret with the appropriate credentials:

IBM Entitled Registry: If you are pulling images from the IBM Entitled Registry, the global image pull secret must contain your IBM entitlement API key.
Use the cpd-cli manage add-icr-cred-to-global-pull-secret command to create or update the global image pull secret.
Private container registry: If you are pulling images from a private container registry, the global image pull secret must contain the credentials of an account that can pull images from the registry.
Use the cpd-cli manage add-cred-to-global-pull-secret command to create or update the global image pull secret.

Procedure

Log the cpd-cli in to the Red Hat® OpenShift® Container Platform cluster:
```
${CPDM_OC_LOGIN}
```
Remember: CPDM_OC_LOGIN is an alias for the cpd-cli manage login-to-ocp command.
Run the appropriate command to update the global image pull secret:
IBM Entitled Registry

Run the following command to provide your IBM entitlement API key to the global image pull secret:
```
cpd-cli manage add-icr-cred-to-global-pull-secret \
--entitled_registry_key=${IBM_ENTITLEMENT_KEY}
```
Private container registry

Run the following command to provide the credentials of a user that can pull images from the registry:
```
cpd-cli manage add-cred-to-global-pull-secret \
--registry=${PRIVATE_REGISTRY_LOCATION} \
--registry_pull_user=${PRIVATE_REGISTRY_PULL_USER} \
--registry_pull_password=${PRIVATE_REGISTRY_PULL_PASSWORD}
```
If you are installing Cloud Pak for Data on Red Hat OpenShift on IBM Cloud, you must manually reload the worker nodes in your cluster for the changes to take effect. For more information, see Adding a private registry to the global pull secret in the Red Hat OpenShift on IBM Cloud documentation.

Get the status of the nodes.

cpd-cli manage oc get nodes

Wait until all the nodes are Ready before you proceed to the next step. For example, if you see Ready,SchedulingDisabled, wait for the process to complete:

NAME                           STATUS                     ROLES    AGE     VERSION
master0                        Ready                      master   5h57m   v1.20.0
master1                        Ready                      master   5h57m   v1.20.0
master2                        Ready                      master   5h57m   v1.20.0
worker0                        Ready,SchedulingDisabled   worker   5h48m   v1.20.0
worker1                        Ready                      worker   5h48m   v1.20.0
worker2                        Ready                      worker   5h48m   v1.20.0

Tip: You can use the watch oc get nodes command to monitor the status of the nodes. The command provides an update every 2 seconds. When all of the nodes return Ready you can exit the command by pressing Ctrl+C.

Alternatively, if you find that the oc get nodes command returns Ready prematurely, you can use the oc get mcp command to get the real-time status of the nodes.

What to do next

Now that you've updated the global image pull secret, you're ready to complete Manually creating projects (namespaces) for the shared cluster components for IBM Cloud Pak for Data.