Home Navigation

Thursday 17 October 2024

Steps to Get Image Pull Secret for IBM Container Registry

Steps to Get Image Pull Secret for IBM Container Registry

  1. Log in to IBM Cloud CLI: If you haven't already, install the IBM Cloud CLI and log in to your IBM Cloud account:


    ibmcloud login

  2. Install the Container Registry Plugin: If you don’t have the Container Registry plugin installed, install it:


    ibmcloud plugin install container-registry

  3. Log in to IBM Container Registry: After installing the plugin, log in to the IBM Cloud Container Registry:

    ibmcloud cr login

  4. Generate API Key (Optional, but preferred for automation): Create an API key to securely authenticate with the IBM Container Registry. You can use it later to create the image pull secret in OpenShift:

    ibmcloud iam api-key-create MyAPIKey -d "API key for OpenShift pull" --file my-api-key.json

  5. Create an Image Pull Secret in OpenShift: Now, create the secret that allows OpenShift to pull images from the IBM Container Registry. You can use your IBM Cloud account credentials or an API key for authentication.

    For API Key authentication:

    oc create secret docker-registry ibm-cr-secret \
  --docker-server=icr.io \
  --docker-username=iamapikey \
  --docker-password=$(cat my-api-key.json | jq -r .apikey) \
  --docker-email=<your-email>

    Replace:

    • icr.io with the appropriate IBM Container Registry region endpoint (us.icr.io, eu.icr.io, jp.icr.io, etc.).
    • <your-email> with your email address.

    For IBM Cloud Username/Password authentication:

    oc create secret docker-registry ibm-cr-secret \
      --docker-server=icr.io \
  --docker-username=iamapikey \
  --docker-password=$(ibmcloud iam oauth-tokens | awk '{print $4}') \
  --docker-email=<your-email>

  6. Link the Image Pull Secret to a Service Account: To use this secret, associate it with the default service account in your project:

    oc secrets link default ibm-cr-secret --for=pull

  7. Ensure the secret is linked to the default service account:

    oc get serviceaccount default -o yaml

  8. Deploy the Container: Once the image pull secret is in place, you can deploy the container in OpenShift by creating a deployment configuration or pod that uses the image from IBM Container Registry:

    apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: icr.io/namespace/my-image:tag
      imagePullSecrets:
      - name: ibm-cr-secret

After this, OpenShift will pull the image from IBM Cloud Container Registry using the credentials stored in the secret.

Region Endpoints for IBM Container Registry

Choose the correct container registry endpoint based on your region:

  • us.icr.io - US South
  • eu.icr.io - Frankfurt
  • jp.icr.io - Tokyo

Make sure to replace the region in the docker-server and image URL accordingly.

Posted by at No comments:

podman version 5.1.2 push image got Error: unexpected EOF

With podman version 5.1.2  when I tried to push a large image specially 3.5 GB I was having issue with Error: unexpected EOF. My platform is Mac book pro.

After some googling and debugging figured it was a memory issue. By default assigned memory in podman virtual machine is not enough.  So I had to manually assign a bit more memory to the podman virtual machine.

Here are the steps to that solved the issue


podman machine stop

podman machine rm
podman machine init -m 4096 

podman machine start

Happy learning!

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)