Preparing to run IBM Concert installations from a private container registry
If you plan to use a private container registry to host the IBM Concert software images, you must mirror the images from the IBM Entitled Registry and configure the cluster to pull the images from the private container registry.
- Installation phase
- Preparing your cluster
- Who needs to complete this task?
-
Concert operations team Cluster administrator Registry administrator The IBM Concert operations team should work with private container registry administrator and the cluster administrator to complete the appropriate tasks for your environment.
- When to complete this task
-
One-time setup If you plan to install Concert from images in a private container registry, you must complete the tasks in this section. With careful planning, you can complete the tasks once. However, if you decide that you want to install additional services and the images are not in your private container registry, you might need to complete some of these tasks multiple times.
If you plan to pull images directly from the IBM Entitled Registry, you can skip this task and continue to Preparing your cluster for IBM Concert.
About this task
- Your cluster is air-gapped (also called an offline or disconnected cluster)
- Your cluster uses an allowlist to permit direct access by specific sites and the allow list does not include the IBM Entitled Registry
- Your cluster uses a blocklist to prevent direct access by specific sites and the blocklist includes the IBM Entitled Registry
- Run security scans against the software images before you install them on your cluster
- Ensure that you have the same images available for multiple deployments, such as development or test environments and production environments
The only situation in which you might consider pulling images directly from the IBM Entitled Registry is when your cluster is not air-gapped, your network is extremely reliable, and latency is not a concern. However, for predictable and reliable performance, you should mirror the images to a private container registry.
Use the manage script, ibm-concert-manage.sh
, to mirror images to your private
registry. You can also access the script from the IBM
Concert software GitHub repository. Run these steps from a device with access
to the IBM entitlement registry and the private registry.
Procedure
To prepare to run installs from a private container registry: