Container image repository and pull secrets

You can configure the Turbonomic Custom Resource (CR) to define a private registry or repository location, or use a Secret.

Note:

Your private repository must support multi-architecture images to download the images from *.icr.io.

For example if you are using Artifactory, you must run V7, as V6 does not support multi-architecture images.

Pulling from a private repository

To use your own private repository, you need to pull and stage Turbonomic images, which are located in the following repositories based on the deployment method. The components are the same regardless of the deployment method.

Deployment method Default repositories
Red Hat OpenShift OperatorHub

icr.io/cpopen/turbonomic

icr.io/cpopen

registry.access.redhat.com/ubi8/ubi-minimal

Direct deployment

icr.io/cpopen/turbonomic

icr.io/cpopen

Modifying the Turbonomic custom resource

After the images are pulled in to your private registry, update the registry and repository location of the Turbonomic server container images in the custom resource yaml. Also update the Operator deployment yaml to pull from the registry.

Modify these values for your environment:

global:
 repository:<yourRegistry> /<yourRepository>
_# uncomment line below if using RedHat Container Catalog, and specify `registry.connect.redhat.com/turbonomic` as the `repository`_
_# when deploying from the OCP Operator Hub the `repository` and `customImageNames` will be preconfigured for you_
# customImageNames: false

_# for pull credentials, registry parameter is required and the value can be the same as repository_
_# uncomment what you need below if you need to specify pull credentials. Note this will be used for all images._
# registry: <yourRegistry>/<yourRepository>
# imageUsername: turbouser
# imagePassword: turbopassword
# imagePullSecret: <yourSecret>

 tag: 8.14.4
Note:

If you are running the t8c-operator before version 42, you must define the registry and repository as shown in the following example:

global:
 registry: <yourRegistry>
# imageUsername: turbouser
# imagePassword: turbopassword
# imagePullSecret: <yourSecret>
 repository: <yourRepository>
 tag:8.14.4 
If you require credentials to access your registry, you can specify the username and password credentials as shown in the following example:
global:
 repository: icr.io/cpopen/turbonomic
 registry: icr.io/cpopen/turbonomic
 imageUsername: turbouser
 imagePassword: turbopassword
# imagePullSecret: <yourSecret>
 tag: 8.14.4
  • The registry parameter is required in the CR to use the imageUsername/imagePassword or imagePullSecret parameters.

  • The customImageNames parameter must be set to false when working with Red Hat Operators and the Red Hat Container Catalog. You must also specify registry.connect.redhat.com/turbonomic for both registry and repository.

    Note:

    When you deploy from the Red Hat OpenShift Operator Hub, these values are preset for you.

  • This method creates a Kubernetes Secret of type docker-registry with the default name of turbocred. It then applies the pullSecret parameter to the Turbonomic component deployments.

Next, update the image: value in the Operator deployment yaml to pull from the repository.

      containers:
      - name: t8c-operator
        image: <yourRegistry>/<yourRepo>/t8c-operator:42.69

If required, update the Turbonomic Operator to use the pull credentials. You can specify the image pull Secret in the Operator deployment yaml, or add this Secret to the t8c-operator service account.

Note:

If you are working with an air-gapped Red Hat OpenShift cluster and you want to use the Operator Hub, follow the instructions from Red Hat for pulling operator bundles.

Image pull secrets

Use a docker-registry type Kubernetes Secret to exclude confidential data from your Turbonomic code.

Create the Secret resource in the same Turbonomic namespace and modify the CR to specify the Secret name:

global:
 registry: <yourRegistry>/<yourRepository>
 customImageNames: false
 imagePullSecret: <yourSecretName>
 tag: 8.14.4
Note:

The registry parameter is required in the CR to use the imageUsername/imagePassword or imagePullSecret parameters.

Also add the Secret to the Turbonomic Operator deployment, which can be done in one of two ways.

  1. Update the Operator deployment to use the Secret.
    spec:
      serviceAccountName: t8c-operator
      imagePullSecrets:
      - name: <yourSecretName>
      containers:
      - name: t8c-operator
  2. Link the Secret to the service account.

    For the Operator, configure the t8c-operator service account for the image pull Secret. For more information, see the Kubernetes documentation.

    In Red Hat OpenShift, run the oc secrets link command:

    oc secrets link t8c-operator yourSecret -- for=pull
    Note:

    To use this method for the Turbonomic pods, associate the Secret to the default service account.

    oc secrets link default yourSecret --for=pull

For more information, see the Kubernetes documentation.