Downloading certified container images from IBM Entitled Registry

You can pull the IBM Transformation Extender Advanced Certified Container images from IBM Entitled Registry into the cluster or mirror the images if an air-gapped environment is available. For more information, see Mirroring Certified Container images in an air-gapped environment.

The following certified container images are available for download from IBM Entitled Registry:
Note: The certified container images for v10.0.1.9 are available for the following platform architectures:
  • Linux® on x86-64 bit CPU architecture (AMD64)
  • IBM® Transformation Extender Advanced 10.0.1.9 Certified Container
    • cp.icr.io/cp/ibm-itxa/itxa-init-db:10.0.1.9-x86_64
    • cp.icr.io/cp/ibm-itxa/itxa-ui-server:10.0.1.9-x86_64
    • cp.icr.io/cp/ibm-itxa/itxa-runtime:10.0.1.9-x86_64
    • cp.icr.io/cp/ibm-itxa/itxa-resources:10.0.1.9-x86_64
Complete the following steps to download Certified Container images from IBM Entitled Registry:
  1. Ensure that the entitlement key is obtained.
  2. Log in to MyIBM Container Software Library with the IBMid and Password that are associated with the entitled software. In case, you are not directed to the entitlement page, click Get an entitlement key to obtain the entitlement key.
  3. In the Entitlement key section, click Copy key to copy the entitlement key to the clipboard.
  4. Save the entitlement key to a safe location for later use.

    To confirm your Entitlement Key is valid, click View library from the left of the page. You can view the list of products that you are entitled to. If IBM Transformation Extender Advanced is not listed, or if the View library link is disabled, it indicates that the identity that you are logged in to the container library does not entitle for IBM Transformation Extender Advanced. In this case, the entitlement key is not valid for installing the software.

  5. Set Entitled Registry information by completing the following steps:
    1. Run export commands that set ENTITLED_REGISTRY to cp.icr.io.
    2. Set ENTITLED_REGISTRY_USER to cp.
    3. Set ENTITLED_REGISTRY_KEY to the entitlement key that you saved to a safe location.
  6. This step is optional - log in to Entitled Registry by using the following docker login command to validate the Entitled Registry credentials:
    docker login "$ENTITLED_REGISTRY" -u "$ENTITLED_REGISTRY_USER" -p "$ENTITLED_REGISTRY_KEY
    Configure Helm to Pull images directly from the IBM entitled Registry
  7. Run the following command to create Docker pull Secret for pulling the images from IBM Entitled Registry:
    kubectl create secret docker-registry <secret name> --docker-username="cp" --docker-password="<Entitled registry API key>" --docker-email="<email address" --docker-server="cp.icr.io" -n <namespace>
  8. Update the service account or Helm Chart image pull secret configurations with the secret name that is stated in step 7. For example:
    values.global.pullSecret: ibm-entitlement-key
    Pull images manually and push to an internal registry
  9. Follow these steps to download and push images to an Red Hat OpenShift or a local image registry.
    1. Download the image that uses the docker or podman pull command.
      docker pull cp.icr.io/ibm-itxa/itxa-ui-server:10.0.1.9
podman pull cp.icr.io/ibm-itxa/itxa-ui-server:10.0.1.9
    2. Tag the downloaded image with the correct local or Red Hat OpenShift registry.
      
docker tag <imageid> <registry URL>:<tag>
podman tag <imageid> <registry URL>:<tag>
      For example:
      docker tag 76b3dc4c111 my-registry/my-namespace/itxa-ui-server:10.0.1.9
    3. Push the Docker image that uses the docker or podman push command.
      
docker push <registry URL>:<tag>
podman push <registry URL>:<tag>
      For example:
      docker push 76b3dc4c111 my-registry/my-namespace/itxa-ui-server:10.0.1.9
  10. Run the following command to create a Docker pull Secret for pulling the images from the Registry. 
    kubectl create secret docker-registry <name of secret> --docker-server=
<your-registry-server> --docker-username=<your-username> --docker-password=<your-password>
 --docker-email=<your-email>
    Configure this pull secret in the service account that is used for deployment that uses this command:
    kubectl patch serviceaccount <service-account-name> -p '{"imagePullSecrets": [{"name": "<pull-secret-name>"}]}'
    Note: If you do not create a separate service account, the service account name is "default."
  11. Optionally update the Helm Chart image to pull secret configurations with the Secret name. For example: 
    values.global.pullSecret: <pull-secret-name>