Downloading container images

You may need to download all the container images for IBM Cloud Pak® for Integration--for example, to copy them to an internal registry or scan them for vulnerabilities. This procedure describes how to download container images; however, you may need to use different tools, depending on your environment.

  1. Follow the procedure for installing with a bastion host in Installing in an air-gapped environment, up to and including the step "Download the installer and image inventory", which does the following:

    • Downloads the CASE packages, which contain metadata for the container images required to deploy each capability. Each CASE package also contains the required scripts to mirror images to a private registry, and to configure the target cluster to use the private registry as a mirror.

    • Generates comma-separated value (CSV) files listing the images for all capabilities (a single CSV file is created for each capability and its dependencies). The CSV files, combined with your IBM Entitled Registry entitlement key, are used for downloading or mirroring the images manually in the following scripts.

  2. Log in to your container tool to access the entitled registry, using the username cp and your entitlement key.

  3. Use a shell script to process all images for all capabilities supported on the target architecture.

    For example, for x86/amd64 architecture:

    tail -q -n +2 $HOME/offline/*-images.csv | while IFS="," read registry image_name tag digest mtype os arch variant insecure digest_source image_type groups; do
  if [[ "$arch" == "amd64" ]]; then
    docker pull "$registry/$image_name@$digest"
    docker tag "$registry/$image_name@$digest" "$registry/$image_name:$tag"
  fi
done

    For the s390x architecture:

    tail -q -n +2 $HOME/offline/*-images.csv | while IFS="," read registry image_name tag digest mtype os arch variant insecure digest_source image_type groups; do
  if [[ "$arch" == "s390x" ]]; then
    docker pull "$registry/$image_name@$digest"
    docker tag "$registry/$image_name@$digest" "$registry/$image_name:$tag"
  fi
done

    Instead of docker, you can use alternative container tools such as podman or skopeo:

    • Use podman as a direct replacement for docker in the preceding commands.

    • Use one skopeocommand to replace the docker pull and docker tag commands. For example:

      skopeo copy --dest-tls-verify=false docker://$registry/$image_name@$digest docker-daemon:$registry/$image_name:$tag

      You can also use skopeo to save images to disk, or to copy them directly to another container registry.

Note: If you need your clusters to access these images from a private registry, the image digests must be preserved. If this is your intention, IBM recommends using the procedure in Mirroring for a restricted (air-gapped) network environment.