How connect your on-prem k8s, docker or containerd deamon with IBM Cloud Container Registry
IBM cloud has a huge cloud offer that include also IBM Cloud container registry.
This registry works as private repository for your images, it’s pre-integrated with cloud tools and offer some advanced security features like a monitor for vulnerability.
If you need it’s possible connect ICR also to your tools like on-prem k8s environment, docker deamon on your laptop or containerd deamon.
The first step it’s create a token to grant the access, using IBM Cloud cli with Container registry plugin:
ic cr token-add — description “Token for my on-prem tools” — non-expiring — readwrite
This command will create the token ( in this case without expiration date and with read/write access) with an output similar to the following :
Requesting a registry token…
Token identifier Long-String-Of-Characters-AndNumbers
Token aVeryLongLongStringOfCharactersAndNumbers
If you like to check the token available on your account you could use:
ic cr token-list
Now you will be able to connect your on-prem tools and pull push the images in the following way.
Kubernetes
The first step is create a secret:
kubectl create secret docker-registry icr — docker-server=de.icr.io — docker-username=token — docker-password=aVeryLongLongStringOfCharactersAndNumbers — docker-email=devops@factor-y.com
now you could use the secret inside a yml to create a pod pulling your cloud images adding imagePullSecrets
imagePullSecrets:
— name: icr
Docker
From your local docker cli you could login to de.icr.io witht the following command:
docker login -u token -p aVeryLongLongStringOfCharactersAndNumbers de.icr.io
where aVeryLongLongStringOfCharactersAndNumbers is the token obtained at the beginning.
Containerd
You could use the token for example to pull an image using the following sintax:
ctr image pull — user token de.icr.io/domino/domino:10.0.1
Password:
The password is the aVeryLongLongStringOfCharactersAndNumbers obtained at the beginning.
