Configure the registry credentials, image pull secrets, and optional Watsonx
credentials that are required to deploy DataPower Interact
Gateway.
About this task
In this task, you perform the following tasks.
- Set the environment variables that are required for the deployment.
- Create Kubernetes secrets for accessing the target container registries.
- Optionally, create a Watsonx credentials secret to enable GenAI features.
Procedure
-
Prepare the environment for operator installation and IDIG cluster deployment.
Set the following environment variables that are required for the operator installation.
#Set the endpoint domain that clients use to access the IDIG platform. Replace example.com with your domain name.
export ENDPOINT_DOMAIN="example.com"
#Set your docker registry credentials to pull container images.
export DOCKER_USER="your-username"
export DOCKER_PASSWORD="your-password"
#Target registry URL
export APIC_DOCKER_REGISTRY="target_registry_path"
- Navigate to the directory that contains the extracted release files.
-
Create Kubernetes secrets that DataPower Interact
Gateway uses
to authenticate with the target registry to pull container images.
-
Create a secret for the Docker registry to pull the container images from the target registry
(where you uploaded).
kubectl create secret docker-registry apic-registry-secret \
--docker-server=${APIC_DOCKER_REGISTRY} \
--docker-username=${DOCKER_USER} \
--docker-password=${DOCKER_PASSWORD} \
-n ${KUBE_NAMESPACE}
-
Verify that the secrets are created successfully.
kubectl get secret apic-registry-secret -n ${KUBE_NAMESPACE}
The output displays the secret with type kubernetes.io/dockerconfigjson.
- Create IBM entitlement key secret for the Docker registry to pull the DataPower Nano Gateway images
from the IBM Container Registry.
To install IDIG operators and IDIG cluster, the Docker registry must pull DataPower Nano Gateway images
from the IBM Container Registry (ICR). Therefore, you must create an entitlement key secret that
allows the Docker registry to authenticate with the ICR registry and pull the required images.
- Obtain an entitlement key.
- Sign in to IBM Container Library.
- From Entitlement keys section, click Add new key and copy the
entitlement key.
- Save the entitlement key for use in the next step.
- Create the entitlement key secret.
kubectl create secret docker-registry ibm-entitlement-key \
--docker-server=cp.icr.io/cp/datapower \
--docker-username=cp \
--docker-password=your-entitlement-key \
-n ${KUBE_NAMESPACE}
Where:
ibm-entitlement-key is the secret name.
cp.icr.io/cp/datapower is the IBM Container Registry URL.
cp is the user name.
your-entitlement-key is the entitlement key that you copied from the IBM
Container Registry.
- Verify that the secret is created.
kubectl get secret ibm-entitlement-key -n ${KUBE_NAMESPACE}
The output displays the secret with type kubernetes.io/dockerconfigjson.
- Optional:
Create the Watsonx credentials secret if you want to enable the GenAI service for AI-powered
enhancements.
Important: This step is optional. If you do not create the Watsonx credentials secret,
the GenAI service is not deployed. All other DataPower Interact
Gateway
components continue to function normally.
- If you have WatsonX credentials, create the secret.
#Set the Watsonx credentials.
export WATSONX_API_KEY="your-watsonx-api-key"
export WATSONX_PROJECT_ID="your-project-id"
#Create the Watsonx credentials secret.
cat <<EOF | kubectl -n ${KUBE_NAMESPACE} apply -f -
apiVersion: v1
kind: Secret
metadata:
name: watsonx-credentials
namespace: ${KUBE_NAMESPACE}
type: Opaque
stringData:
WATSONX_API_KEY: "${WATSONX_API_KEY}"
WATSONX_PROJECT_ID: "${WATSONX_PROJECT_ID}"
EOF
-
Verify that the secret is created successfully.
kubectl get secret watsonx-credentials -n ${KUBE_NAMESPACE}
- Continue to install
operators.