Container image repository and pull secrets
You can configure the Turbonomic Custom Resource (CR) to define a private registry or repository location, or use a Secret.
Your private repository must support multi-architecture images to download the images from
*.icr.io
.
For example if you are using Artifactory, you must run V7, as V6 does not support multi-architecture images.
Pulling from a private repository
To use your own private repository, you need to pull and stage Turbonomic images, which are located in the following repositories based on the deployment method. The components are the same regardless of the deployment method.
Deployment method | Default repositories |
---|---|
Red Hat OpenShift OperatorHub |
|
Direct deployment |
|
Modifying the Turbonomic custom resource
After the images are pulled in to your private registry, update the registry and repository location of the Turbonomic server container images in the custom resource yaml. Also update the Operator deployment yaml to pull from the registry.
Modify these values for your environment:
global:
repository:<yourRegistry> /<yourRepository>
_# uncomment line below if using RedHat Container Catalog, and specify `registry.connect.redhat.com/turbonomic` as the `repository`_
_# when deploying from the OCP Operator Hub the `repository` and `customImageNames` will be preconfigured for you_
# customImageNames: false
_# for pull credentials, registry parameter is required and the value can be the same as repository_
_# uncomment what you need below if you need to specify pull credentials. Note this will be used for all images._
# registry: <yourRegistry>/<yourRepository>
# imageUsername: turbouser
# imagePassword: turbopassword
# imagePullSecret: <yourSecret>
tag: 8.14.4
If you are running the t8c-operator before version 42, you must define the registry and repository as shown in the following example:
global:
registry: <yourRegistry>
# imageUsername: turbouser
# imagePassword: turbopassword
# imagePullSecret: <yourSecret>
repository: <yourRepository>
tag:8.14.4
global:
repository: icr.io/cpopen/turbonomic
registry: icr.io/cpopen/turbonomic
imageUsername: turbouser
imagePassword: turbopassword
# imagePullSecret: <yourSecret>
tag: 8.14.4
-
The
registry
parameter is required in the CR to use theimageUsername
/imagePassword
orimagePullSecret
parameters. -
The
customImageNames
parameter must be set tofalse
when working with Red Hat Operators and the Red Hat Container Catalog. You must also specifyregistry.connect.redhat.com/turbonomic
for bothregistry
andrepository
.Note:When you deploy from the Red Hat OpenShift Operator Hub, these values are preset for you.
-
This method creates a Kubernetes Secret of
type docker-registry
with the default name ofturbocred
. It then applies thepullSecret
parameter to the Turbonomic component deployments.
Next, update the image:
value in the Operator deployment yaml to pull from the
repository.
containers:
- name: t8c-operator
image: <yourRegistry>/<yourRepo>/t8c-operator:42.69
If required, update the Turbonomic Operator to use the pull credentials. You
can specify the image pull Secret in the Operator deployment yaml, or add this Secret to the
t8c-operator
service account.
If you are working with an air-gapped Red Hat OpenShift cluster and you want to use the Operator Hub, follow the instructions from Red Hat for pulling operator bundles.
Image pull secrets
Use a docker-registry type Kubernetes Secret to exclude confidential data from your Turbonomic code.
Create the Secret resource in the same Turbonomic namespace and modify the CR to specify the Secret name:
global:
registry: <yourRegistry>/<yourRepository>
customImageNames: false
imagePullSecret: <yourSecretName>
tag: 8.14.4
The registry
parameter is required in the CR to use the
imageUsername
/imagePassword
or imagePullSecret
parameters.
Also add the Secret to the Turbonomic Operator deployment, which can be done in one of two ways.
- Update the Operator deployment to use the
Secret.
spec: serviceAccountName: t8c-operator imagePullSecrets: - name: <yourSecretName> containers: - name: t8c-operator
-
Link the Secret to the service account.
For the Operator, configure the
t8c-operator
service account for the image pull Secret. For more information, see the Kubernetes documentation.In Red Hat OpenShift, run the
oc secrets link
command:oc secrets link t8c-operator yourSecret -- for=pull
Note:To use this method for the Turbonomic pods, associate the Secret to the
default
service account.oc secrets link default yourSecret --for=pull
For more information, see the Kubernetes documentation.