manage add-cred-to-global-pull-secret

Update the global image pull secret to enable the cluster to pull images from your private container registry.

Note: The add-cred-to-global-pull-secret command is applicable only if you mirror the IBM Cloud Pak® for Data software images to a private container registry.

If you pull images from the IBM® Entitled Registry, see manage add-icr-cred-to-global-pull-secret.

Extended description

If your cluster pulls images from a private container registry, the global image pull secret must contain the credentials of an account that can pull images from the registry.

Run this command to update the global image pull secret with the appropriate credentials.

Important: This process will temporarily disable scheduling on each node in the cluster, so you might notice that resources are temporarily unavailable. However, this process happens on one node at a time. The cluster will temporarily disable scheduling on a node, apply the configuration change, and then re-enable scheduling before starting the process on the next node.

After you run the command, get the status of the nodes:

oc get nodes

Wait until all the nodes are Ready before you run other commands. For example, if you see Ready,SchedulingDisabled, wait for the process to complete:

NAME                           STATUS                     ROLES    AGE     VERSION
master0                        Ready                      master   5h57m   v1.20.0
master1                        Ready                      master   5h57m   v1.20.0
master2                        Ready                      master   5h57m   v1.20.0
worker0                        Ready,SchedulingDisabled   worker   5h48m   v1.20.0
worker1                        Ready                      worker   5h48m   v1.20.0
worker2                        Ready                      worker   5h48m   v1.20.0

You can use the watch oc get nodes command to monitor the status of the nodes. The command provides an update every 2 seconds. When all of the nodes return Ready you can exit the command by pressing Ctrl+C.

Alternatively, if you find that the oc get nodes command returns Ready prematurely, you can use the oc get mcp command to get the real-time status of the nodes.

Syntax

cpd-cli manage add-cred-to-global-pull-secret \
PRIVATE_REGISTRY_LOCATION \
PRIVATE_REGISTRY_PULL_USER \
PRIVATE_REGISTRY_PULL_PASSWORD

Arguments

Argument Description
PRIVATE_REGISTRY_LOCATION The host name or IP address of the private container registry.
PRIVATE_REGISTRY_PULL_USER The username of a user who has the required privileges to pull images from the private container registry.
PRIVATE_REGISTRY_PULL_PASSWORD The password of the user who has the required privileges to pull images from the private container registry.

Options

The add-cred-to-global-pull-secret command has no options.

Examples

Best practice: The following example uses the recommended installation environment variables.

Use a script to create environment variables with the correct values for your environment. For details, see Best practice: Setting up install variables.

Add your private container registry credentials to the global pull secret
cpd-cli manage add-cred-to-global-pull-secret \
${PRIVATE_REGISTRY_LOCATION} \
${PRIVATE_REGISTRY_PULL_USER} \
${PRIVATE_REGISTRY_PULL_PASSWORD}