Configuring the cluster

Configuring Red Hat OpenShift Container Platform Cluster
Configuring Vanilla Kubernetes Cluster

Configuring Red Hat OpenShift Container Platform Cluster

Update the global image pull secret for your cluster.
The documented steps in the given link enable your cluster to have authentication credentials in place to pull images from your TARGET_REGISTRY as specified in the image-content-source-policy.yaml which you will apply to your cluster in the next step.
Create ImageContentSourcePolicy.
Note:
- Before you run the command in this step, you must be logged in to your {{site.data.keyword.open_s}} cluster. Using the oc login command, log in to the {{site.data.keyword.ocp_notm}} cluster where your final location resides. You can identify your specific oc login by clicking the user drop-down menu in the {{site.data.keyword.ocp_notm}} console, then clicking Copy Login Command.
- If you used the placeholder value of TARGET_REGISTRY as a parameter to --final-registry at the time of generating mirror manifests, then before running the following command, find and replace the placeholder value of TARGET_REGISTRY in file, ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/image-content-source-policy.yamlwith the actual registry where you want to mirror the images. For example, replace TARGET_REGISTRY with myregistry.com/mynamespace.
Run the following command to create ImageContentSourcePolicy:
```
oc apply -f  ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/image-content-source-policy.yaml
```
If you are using {{site.data.keyword.ocp_notm}} version 4.7 or earlier, this step might cause your cluster nodes to drain and restart sequentially to apply the configuration changes.
Verify that the ImageContentSourcePolicy resource is created.
```
oc get imageContentSourcePolicy
```

Verify your cluster node status and wait for all the nodes to be restarted before proceeding.

oc get MachineConfigPool

   
   $ oc get MachineConfigPool -w
   NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED   MACHINECOUNT   READYMACHINECOUNT   UPDATEDMACHINECOUNT   DEGRADEDMACHINECOUNT   AGE
   master   rendered-master-53bda7041038b8007b038c08014626dc   True      False      False      3              3                   3                     0                      10d
   worker   rendered-worker-b54afa4063414a9038958c766e8109f7   True      False      False      3              3                   3                     0                      10d

After the ImageContentsourcePolicy and global image pull secret are applied, the configuration of your nodes will be updated sequentially. Wait until all MachineConfigPools are in the `UPDATED=True` status before proceeding.

Create a new project for the CASE commands by running the following commands:
Note: You must be logged in to a cluster before performing the following steps.
```
export NAMESPACE=<YOUR_NAMESPACE>
```
```
oc new-project $NAMESPACE
```

Optional: If you use an insecure registry, you must add the target registry to the cluster insecureRegistries list.

oc patch image.config.openshift.io/cluster --type=merge \
-p '{"spec":{"registrySources":{"insecureRegistries":["'${TARGET_REGISTRY}'"]}}}'

Verify your cluster node status and wait for all the nodes to be restarted before proceeding.
```
oc get MachineConfigPool -w
```
After the ImageContentsourcePolicy and global image pull secret are applied, the configuration of your nodes will be updated sequentially. Wait until all MachineConfigPools are updated.

Configuring Vanilla Kubernetes Cluster

In a cluster where you don't have ICSP support,you can provide similar via daemonset to update registries.conf on nodes or you have to setup a registry mirror as expanded in Example: Setting up the Operator in an airgap environment.

Create a new project for the CASE commands by running the following commands:

Note: You must be logged in to a cluster before performing the following steps.

export NAMESPACE=<YOUR_NAMESPACE>

kubectl create namespace $NAMESPACE