The IBM Entitled Registry contains software images for the IBM DPOD Cloud Agent instance. To allow the IBM DPOD Cloud Agent Operator to automatically pull those software images, you must first obtain your entitlement key, then add your entitlement key in a pull secret.
Image Pull Secret
If the IBM DPOD Cloud Agent images are to be pulled from the IBM Entitled Registry, an Entitlement Key must be used as an Image Pull Secret.
Obtaining your entitlement key
Go to the Container software library.
Click Copy key.
Copy the entitlement key to a safe place so you can use it when you add the pull secret in the next section.
(Optional) Verify the validity of the key by logging in to the IBM Entitled Registry by using a container tool.
docker login cp.icr.io --username cp --password entitlement_key
Creating the Secret
If you want to create your own Entitlement Key as a Secret, you must create it in the same namespace as the IBM DPOD Cloud Agent instance.
We recommend that you use the name ibm-entitlement-key
Use
cpas the usernameUse your Entitlement Key as the password
Use
cp.icr.ioas the Docker server
Adding a pull secret to a namespace using the CLI
You must be a namespace administrator to perform this task.
Create a docker registry secret named ibm-entitlement-key, using the following command. In the third line, replace entitlement_key with the value of your entitlement key from the previous section. In the last line, replace target_namespace with the name of your target namespace:
oc create secret docker-registry \ ibm-entitlement-key \ --docker-username=cp \ --docker-password=<entitlement-key> \ --docker-server=cp.icr.io \ --namespace=target_namespace
For more information on creating Secrets using the Kubernetes command line, please see their documentation.
Adding the pull secret to a namespace by using the OpenShift web console
You must be a namespace administrator to perform this task. For more information, see OpenShift Roles and permissions.
Log in to the OpenShift web console and select the Administrator perspective (if not selected by default).
In the left navigation, click Workloads > Secrets.
Ensure that the Project is set to the namespace where you intend to install instances.
Click Create and select Image pull secret.
Set the following parameters for the secret:
Parameter | Value |
|---|---|
Secret name |
|
Authentication type | Image registry credentials |
Registry server address |
|
Username |
|
Password | Value of the entitlement key you copied when you got your entitlement key. |
(Optional value) |
Click Create to create the secret.
images are available on the following container registries:
Operator images (Catalog, bundle and Operator) :
icr.io/dpodApplication images (Manager, Messaging, Api-proxy, Ingesters):
cp.icr.io/cp/dpod
On the current version a mirroring from icr.io/cpopen → icr.io/dpod is required.
Without a proper mirroring, the pods will fail on ImagePullBackOff error when trying to pull the images.
See Cloud Agent Overview for a list of available versions.
Image Name and Tag |
|---|
dpod-cloud-agent-operator-catalog:<OPERATOR-VERSION>-amd64 |
dpod-cloud-agent-operator-bundle:<OPERATOR-VERSION>-amd64 |
dpod-cloud-agent-operator:<OPERATOR-VERSION>-amd64 |
dpod-cloud-agent-api-proxy:<DPOD-VERSION>-amd64 |
dpod-cloud-agent-http-ingester:<DPOD-VERSION>-amd64 |
dpod-cloud-agent-manager:<DPOD-VERSION>-amd64 |
dpod-cloud-agent-messaging-broker:<DPOD-VERSION>-amd64 |
dpod-cloud-agent-syslog-ingester:<DPOD-VERSION>-amd64 |
Choose the Appropriate Procedure
The procedure for mirroring the Cloud Agent images varies, depending on the flavor of Kubernetes in you environment: