Home Navigation

Thursday 17 October 2024

Steps to Get Image Pull Secret for IBM Container Registry

Steps to Get Image Pull Secret for IBM Container Registry

  1. Log in to IBM Cloud CLI: If you haven't already, install the IBM Cloud CLI and log in to your IBM Cloud account:


    ibmcloud login

  2. Install the Container Registry Plugin: If you don’t have the Container Registry plugin installed, install it:


    ibmcloud plugin install container-registry

  3. Log in to IBM Container Registry: After installing the plugin, log in to the IBM Cloud Container Registry:

    ibmcloud cr login

  4. Generate API Key (Optional, but preferred for automation): Create an API key to securely authenticate with the IBM Container Registry. You can use it later to create the image pull secret in OpenShift:

    ibmcloud iam api-key-create MyAPIKey -d "API key for OpenShift pull" --file my-api-key.json

  5. Create an Image Pull Secret in OpenShift: Now, create the secret that allows OpenShift to pull images from the IBM Container Registry. You can use your IBM Cloud account credentials or an API key for authentication.

    For API Key authentication:

    oc create secret docker-registry ibm-cr-secret \
  --docker-server=icr.io \
  --docker-username=iamapikey \
  --docker-password=$(cat my-api-key.json | jq -r .apikey) \
  --docker-email=<your-email>

    Replace:

    • icr.io with the appropriate IBM Container Registry region endpoint (us.icr.io, eu.icr.io, jp.icr.io, etc.).
    • <your-email> with your email address.

    For IBM Cloud Username/Password authentication:

    oc create secret docker-registry ibm-cr-secret \
      --docker-server=icr.io \
  --docker-username=iamapikey \
  --docker-password=$(ibmcloud iam oauth-tokens | awk '{print $4}') \
  --docker-email=<your-email>

  6. Link the Image Pull Secret to a Service Account: To use this secret, associate it with the default service account in your project:

    oc secrets link default ibm-cr-secret --for=pull

  7. Ensure the secret is linked to the default service account:

    oc get serviceaccount default -o yaml

  8. Deploy the Container: Once the image pull secret is in place, you can deploy the container in OpenShift by creating a deployment configuration or pod that uses the image from IBM Container Registry:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: icr.io/namespace/my-image:tag
      imagePullSecrets:
      - name: ibm-cr-secret

After this, OpenShift will pull the image from IBM Cloud Container Registry using the credentials stored in the secret.

Region Endpoints for IBM Container Registry

Choose the correct container registry endpoint based on your region:

  • us.icr.io - US South
  • eu.icr.io - Frankfurt
  • jp.icr.io - Tokyo

Make sure to replace the region in the docker-server and image URL accordingly.

Posted by at No comments:

podman version 5.1.2 push image got Error: unexpected EOF

With podman version 5.1.2  when I tried to push a large image specially 3.5 GB I was having issue with Error: unexpected EOF. My platform is Mac book pro.

After some googling and debugging figured it was a memory issue. By default assigned memory in podman virtual machine is not enough.  So I had to manually assign a bit more memory to the podman virtual machine.

Here are the steps to that solved the issue


podman machine stop

podman machine rm
podman machine init -m 4096 

podman machine start

Happy learning!

Posted by at No comments:
Labels: ,

Thursday 11 April 2024

Openshift: Attach volume failed: CSINode does not contain driver vpc.block.csi.ibm.io

I encountered an error in the OpenShift cluster. It said that 'AttachVolume.Attach' failed because the CSINode 10.240.0.9 does not contain the 'vpc.block.csi.ibm.io' driver. As a result, all the pods connected to the volume were failing and couldn't start the pod.


After researching, I discovered that the Block Storage for VPC addon was on an older version, 5.0, and it was in critical status. All I needed to do was update the addon from version 5.0 to 5.1


Here are the commands to fix the issue,

Check addOn status

ibmcloud ks cluster addon ls -c <OpenShift cluster Id/Name>

OK

Name                   Version              Health State   Health Status   

vpc-block-csi-driver   5.0* (5.1 default)   critical       Addon Unsupported. For more info: http://ibm.biz/addon-state (H1509)

Update addOn version

 ibmcloud ks cluster addon update vpc-block-csi-driver -c <OpenShift cluster Id/Name> --version 5.1



Posted by at No comments:
Labels: ,

Friday 27 October 2023

Setting up Artifactory repository for python pip package

Generate token

  • Login to Artifactory
  • Go to top right corner and click on the menu Edit profile
  • Then Click on Generate an Identity token
  • Copy the generated token

Setting up the token

  • From the command terminal open pip.config file, location ~/.pip/pip.config
  • add an entry like below

[global]

index-url = https://<ARTIFACTORY_USER>:<ARTIFACTORY_API_KEY>@<ARTIFACTORY_URL>/<ARTIFACTORY_REPO>

Posted by at No comments:
Labels:

Friday 7 July 2023

Connect to elasticsearch using python

 Based on your elasticsearch version, you have to install the Python Elasticsearch Client.

I am using elasticsearch version 7.10

# Elasticsearch 7.x
elasticsearch>=7.0.0,<8.0.0

# Elasticsearch 6.x
elasticsearch>=6.0.0,<7.0.0

# Elasticsearch 5.x
elasticsearch>=5.0.0,<6.0.0

# Elasticsearch 2.x
elasticsearch>=2.0.0,<3.0.0

Prepare your environment

python3 -m venv backend
source backend/bin/activate
pip3 install elasticsearch===7.10.1

Code

from elasticsearch import Elasticsearch
from elasticsearch.exceptions import RequestError

# Create an instance of Elasticsearch with TLS options
es = Elasticsearch(
'https://<user>:<password>@<host>:<port>',
ca_certs='<cert_file>'
)

print("=======================================================")

info = es.info()
print(info)
print("=======================================================")

# Test the connection and create an index
index_name = 'my_index'

try:
es.indices.create(index=index_name)
print(f"Index '{index_name}' created successfully.")
except RequestError as e:
if e.error == 'resource_already_exists_exception':
print(f"Index '{index_name}' already exists.")
else:
print(f"An error occurred while creating index '{index_name}': {e}")


document = {
'title': 'Example Document',
'content': 'This is the content of the document.'
}

# Add the document to the index
response = es.index(index=index_name, body=document)
print("=======================================================")
print(response)

Run

python3 app.py


Enjoy!


Ref: https://elasticsearch-py.readthedocs.io/en/v7.10.1/

https://www.elastic.co/guide/en/elasticsearch/client/python-api/current/getting-started-python.html




Posted by at No comments:
Labels: ,

Wednesday 26 April 2023

A simple script to build and push docker image to an OpenShift internal registry

echo "building the gradle project" ./gradlew clean bootJar echo "building docker image" TAG=1.0.1 NAME=image-name NAMESPACE=namespace-name docker build -t $NAME:$TAG . echo "pushing image to openshift internal registry" export REGISTRY=$(oc get routes -n openshift-image-registry -o jsonpath='{.items[0].spec.host}') echo $(oc whoami -t) | docker login $REGISTRY -u $(oc whoami) --password-stdin docker tag $NAME:$TAG $REGISTRY/$NAMESPACE/$NAME:$TAG docker push $REGISTRY/$NAMESPACE/$NAME:$TAG
Posted by at No comments:

Thursday 1 September 2022

Push image to OpenShift internal registry

Follow the below steps


Enable internal registry

oc patch configs.imageregistry.operator.openshift.io/cluster --patch '{"spec":{"defaultRoute":true}}' --type=merge

Get the internal registry 

oc get routes -n openshift-image-registry


Export the internal registry to an environmental variable

export REGISTRY=<The Registry URL you get from previous Command>

Login to the internal registry 

echo $(oc whoami -t) | docker login $REGISTRY -u $(oc whoami) --password-stdin

Build the docker image like below

docker build -t myimage:latest .

Tag your docker image with OpenShift registry

docker tag dashapp-grpc:latest $REGISTRY/openshift/myimage:latest

Push your docker image to OpenShift Internal Registry

docker push $REGISTRY/openshift/myimage:latest

Tag your image with OpenShift ImageStream

oc tag openshift/myimage:latest myimage:latest

List your ImageStream tags

oc get is

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)