Preparing the image pull secrets
If you plan to use the Operator Hub and the Form view, you must create the secrets to pull the images from the IBM Entitled Registry.
Before you begin
Make sure you prepared your cluster with the necessary infrastructure and software. For more information, see Preparing for a starter deployment.
About this task
You must choose to use either a global secret to pull the images or add an image pull secret to your target deployment namespace.
openshift-config
namespace or
the ibm-entitlement-key
secret in the target namespace of the CP4BA instance. If
your deployment includes Business Team Service (BTS), then you must also create the
ibm-entitlement-key
secret in the ibm-common-services
namespace.
BTS is installed with BAA, BAI, ADP, and ADS. If BTS is included in your deployment and this
namespace does not exist, then create it.If you want to install a namespace-scoped instance of
foundational services, then you need to create either a global pull-secret in the
openshift-config
namespace or the ibm-entitlement-key
secret in
the namespace of the CP4BA operator.
cp.icr.io
and
icr.io
, you must add the following hostnames to your firewall rules:- dd0.icr.io
- dd2.icr.io
- dd4.icr.io
- dd6.icr.io
- dd1-icr.ibm-zh.com
- dd3-icr.ibm-zh.com
- dd5-icr.ibm-zh.com
- dd7-icr.ibm-zh.com
You can also add wildcard characters to hostnames in your allowlist, for example
*.icr.io
and *.ibm-zh.com
.
The following diagram shows the options:

Procedure
What to do next
Go to and complete the next step in Installing the IBM Cloud Pak catalogs and operators.