Downloading container images

You may need to download all the container images for IBM Cloud Pak® for Integration--for example, to copy them to an internal registry or scan them for vulnerabilities. This procedure describes how to download container images; however, you may need to use different tools, depending on your environment.

  1. Follow the mirroring procedure for a bastion host (in Mirroring images with a bastion host) or a portable compute or storage device (in Mirroring images with a bastion host), up to and including the steps in, "Set environment variables and download CASE files". These steps achieve the following:

    • Download the CASE packages, which contain metadata for the container images required to deploy each capability. Each CASE package also contains the required scripts to mirror images to a private registry, and to configure the target cluster to use the private registry as a mirror.

    • Generate comma-separated value (CSV) files that list the images for all capabilities (a single CSV file is created for each capability and its dependencies). The CSV files, combined with your IBM Entitled Registry entitlement key, are used in the following scripts to download or mirror the images manually. For more information about the entitlement key, see Finding and applying your entitlement key (online installation).

  2. Log in to your container tool to access the entitled registry, using the username cp and your entitlement key.

  3. Use a shell script to process all images for all capabilities supported on the target architecture.

    For example, for x86/amd64 architecture:

    tail -q -n +2 $HOME/offline/*-images.csv | while IFS="," read registry image_name tag digest mtype os arch variant insecure digest_source image_type groups; do
      if [[ "$arch" == "amd64" ]]; then
        docker pull "$registry/$image_name@$digest"
        docker tag "$registry/$image_name@$digest" "$registry/$image_name:$tag"
      fi
    done

    For the s390x architecture:

    tail -q -n +2 $HOME/offline/*-images.csv | while IFS="," read registry image_name tag digest mtype os arch variant insecure digest_source image_type groups; do
      if [[ "$arch" == "s390x" ]]; then
        docker pull "$registry/$image_name@$digest"
        docker tag "$registry/$image_name@$digest" "$registry/$image_name:$tag"
      fi
    done

    Instead of docker, you can use alternative container tools such as podman or skopeo:

    • Use podman as a direct replacement for docker in the preceding commands.

    • Use one skopeocommand to replace the docker pull and docker tag commands. For example:

      skopeo copy --dest-tls-verify=false docker://$registry/$image_name@$digest docker-daemon:$registry/$image_name:$tag

      You can also use skopeo to save images to disk, or to copy them directly to another container registry.

Note: If you need your clusters to access these images from a private registry, the image digests must be preserved. If this is your intention, IBM recommends using the procedure in Mirroring for a restricted (air-gapped) network environment.