Creating image pull secrets for an instance of IBM Software Hub

You must create an image pull secret in the projects that are associated with an instance of IBM Software Hub. The image pull secrets ensure that any components that use Helm have access to the credentials for pulling images.

Installation phase
  • You are not here. Setting up a client workstation
  • You are not here. Setting up a cluster
  • You are not here. Collecting required information
  • You are not here. Preparing to run installs in a restricted network
  • You are not here. Preparing to run installs from a private container registry
  • You are not here. Preparing the cluster for IBM Software Hub
  • You are not here. Preparing to install an instance of IBM Software Hub
  • You are here icon. Installing an instance of IBM Software Hub
  • You are not here. Setting up the control plane
  • You are not here. Installing solutions and services
Who needs to complete this task?

Instance administrator An instance administrator can complete this task.

When do you need to complete this task?

This task is required.

Repeat as needed If you plan to install multiple instances of IBM Software Hub, you must repeat this task for each instance that you plan to install.

Before you begin

Best practice: You can run the commands in this task exactly as written if you use your installation environment variables script.

Ensure that you source the environment variables before you run the commands in this task.

About this task

Procedure

  1. Log in to Red Hat® OpenShift® Container Platform as a user with sufficient permissions to complete the task. 
    ${OC_LOGIN}
    Remember: OC_LOGIN is an alias for the oc login command.
  2. Create a file named dockerconfig.json based on where your cluster pulls images from:
    IBM Entitled Registry 
    cat <<EOF > dockerconfig.json 
{
  "auths": {
    "cp.icr.io": {
      "auth": "${IMAGE_PULL_CREDENTIALS}"
    },
    "icr.io":{
      "auth": "${IMAGE_PULL_CREDENTIALS}"
    }
  }
}
EOF
    Private container registry 
    cat <<EOF > dockerconfig.json 
{
  "auths": {
    "${PRIVATE_REGISTRY_LOCATION}": {
      "auth": "${IMAGE_PULL_CREDENTIALS}"
    }
  }
}
EOF
  3. Create the image pull secret in the backup and restore orchestration project for the instance: 
    oc create secret docker-registry ${IMAGE_PULL_SECRET} \
--from-file ".dockerconfigjson=dockerconfig.json" \
--namespace=${PROJECT_CPD_INST_BR_SVC}
  4. Create the image pull secret in the operators project for the instance: 
    oc create secret docker-registry ${IMAGE_PULL_SECRET} \
--from-file ".dockerconfigjson=dockerconfig.json" \
--namespace=${PROJECT_CPD_INST_OPERATORS}
  5. Create the image pull secret in the operands project for the instance: 
    oc create secret docker-registry ${IMAGE_PULL_SECRET} \
--from-file ".dockerconfigjson=dockerconfig.json" \
--namespace=${PROJECT_CPD_INST_OPERANDS}
  6. If you plan to use tethered projects, create the image pull secret in each project that you plan to tether to the operands project: 
    oc create secret docker-registry ${IMAGE_PULL_SECRET} \
--from-file ".dockerconfigjson=dockerconfig.json" \
--namespace=${PROJECT_CPD_INSTANCE_TETHERED}

    Repeat this step for each tethered project that is associated with this instance of IBM Software Hub.

    Tip: If you set the PROJECT_CPD_INSTANCE_TETHERED_LIST environment variable, print the list of tethered projects to the terminal:
    echo $PROJECT_CPD_INSTANCE_TETHERED_LIST

    Use this information to set the PROJECT_CPD_INSTANCE_TETHERED environment variable before you re-run the command.

What to do next

Now that you've created the image pull secrets for this instance of IBM Software Hub, you're ready to complete Installing the required components for an instance of IBM Software Hub.