Authenticating the registry

To authenticate the registry you must store the authentication credentials for all source Docker registries and configure credentials for all target registries that require authentication.

Procedure

Complete the following steps to authenticate your registries.

  1. Store authentication credentials for all source Docker registries. Your product might require one or more authenticated registries. The following registries require authentication:
    • cp.icr.io
    • your-registry.com:5000 (if there is any)
  2. Run the following command to configure credentials for all target registries that require authentication. Run the command separately for each registry:
    Note: Run the export REGISTRY_AUTH_FILE command only once.
    export REGISTRY_AUTH_FILE=<path to the file which will store the auth credentials generated on podman login>
    podman login <TARGET_REGISTRY
    Important: When you log in to cp.icr.io, you must specify the user as cp and the password which is your Entitlement key from the IBM Cloud Container Registry. For example,
    podman login cp.icr.io
    Username: cp
    Password:
    Login Succeeded!

    For example, if you export REGISTRY_AUTH_FILE=~/.ibm-pak/auth.json, then after performing podman login, you can see that the file is populated with registry credentials.

    If you use docker login, the authentication file is typically located at $HOME/.docker/config.json on Linux or %USERPROFILE%/.docker/config.json on Windows. After docker login you should export REGISTRY_AUTH_FILE to point to that location. For example, in Linux you can issue the following command:
    export REGISTRY_AUTH_FILE=$HOME/.docker/config.json
    Directory Description
    ~/.ibm-pak/config Stores the default configuration of the plug-in and has information about the public GitHub URL from where the cases are downloaded.
    ~/.ibm-pak/data/cases This directory stores the CASE files when they are downloaded by issuing the oc ibm-pak get command.
    ~/.ibm-pak/data/mirror This directory stores the image-mapping files, ImageContentSourcePolicy manifest in image-content-source-policy.yaml and CatalogSource manifest in one or more catalog-sourcesXXX.yaml. The files images-mapping-to-filesystem.txt and images-mapping-from-filesystem.txt are inputs to the oc image mirror command, which copies the images to the file system and from the file system to the registry respectively.
    ~/.ibm-pak/data/logs This directory contains the oc-ibm_pak.log file, which captures all the logs that are generated by the plug-in.