Setting up a private registry

A private image registry must be used to store all images in your local environment. Create a registry and make sure that it meets the requirements. It must be available and accessible from the OCP cluster nodes.

About this task

Make sure that your image registry meets the following requirements:

  • Supports Docker Manifest V2, Schema 2.
  • Supports multi-architecture images.
    Note: Do not use the OpenShift image registry as your private registry. The OpenShift registry does not support multi-architecture images.
  • Is accessible from both the host and your OpenShift Container Platform cluster nodes.
  • Has the username and password of a user who can write to the target registry from the host.
  • Has the username and password of a user who can read from the target registry that is on the OpenShift cluster nodes.
  • Allows path separators in the image name.

To pull all of the images, you need at least 500 GB of disk space. The actual size does depend on the registry type that you are using because some registries require more storage than other types of registry. All the images in the groups are pulled irrespective of architecture.

When the images are mirrored to your private registry, the namespaces where images are mirrored must exist or the image push must create them automatically. If your registry does not allow automatic creation of namespaces, you must create them manually. If you do need to create the namespaces manually, create the following namespaces at the root of your registry.

Procedure

  1. Create a cp namespace to store the images from the IBM Entitled Registry cp.icr.io/cp.

    The cp namespace needs an entitlement key and credentials to pull the images. The namespace must have a user who can write and create repositories, and read all repositories.

  2. Create a ibmcom namespace to store all images from all IBM images that do not require credentials to pull.
  3. Create a cpopen namespace to store all images from the icr.io/cpopen repository.

    The cpopen namespace is for publicly available images that are hosted by IBM that do not require credentials to pull.

  4. Create a opencloudio namespace to store the images from quay.io/opencloudio.

    The opencloudio namespace is for select IBM open source component images that are available on quay.io. The IBM Cloud® Platform Common Services images are hosted on opencloudio.

What to do next

Important: Verify that each namespace meets the following requirements:
  • Supports auto-repository creation.
  • Has credentials of a user who can write and create repositories. The host uses these credentials.
  • Has credentials of a user who can read all repositories. The OpenShift Container Platform cluster uses these credentials.

You can now set up the image inventory. For more information, see Downloading the CASE files.

Optional: Removing unused images from the target registry
Note: Removing the unused images from the target registry is necessary only if you want to save the storage space in the private registry after an upgrade of the Cloud Pak for Business Automation deployment to a new version or interim fix.
CAUTION:
Before you remove the unused images from the target registry, you need to make sure that the images are not used by any Cloud Pak for Business Automation deployment on your OpenShift cluster. Do not remove the images from the target registry if the images are used by any Cloud Pak for Business Automation deployment on your OpenShift cluster.
The following procedure provides the steps for removing the unused images from the target registry:
Note: The user must have permission to create a folder in the target registry.
  1. Create a path or folder in the target registry. For example, myregistry/cp4ba-<version>.
  2. Make sure that you specify this path when generating the mirror manifests and mirroring the images.
  3. Make sure that the generated ImageContentsourcePolicy (image-content-source-policy.yaml) has the correct path.
  4. Mirror the images of the new version or interim fix. All images are mirrored to myregistry/cp4ba-<version>.
  5. Make sure that the deployment is upgraded to the new version or interim fix.

After the upgrade is complete and all the images are upgraded to the new version or interim fix, you can now delete the images from the previous version.