installation-adding-registry-pull-secret.adoc

Adding the registry to your pull secret

Modify your the pull secret for your {product-title} cluster to describe your local registry before you install an {product-title} cluster in a restricted network.

Prerequisites

• You configured a mirror registry to use in your restricted network.

Procedure

Complete the following steps on the bastion host:

1. Download your registry.redhat.io pull secret from the Pull Secret page on the {cloud-redhat-com} site.

2. Generate the base64-encoded user name and password or token for your mirror registry:

   $ echo -n '<user_name>:<password>' | base64 -w0 (1)
   
   BGVtbYk3ZHAtqXs=

   1. For <user_name> and <password>, specify the user name and password that you configured for your registry.

3. Make a copy of your pull secret in JSON format:

   $ cat ./pull-secret.text | jq .  > <path>/<pull-secret-file>(1)

   1. Specify the path to the folder to store the pull secret in and a name for the JSON file that you create.

      The contents of the file resemble the following example:

      {
        "auths": {
          "cloud.openshift.com": {
            "auth": "b3BlbnNo...",
            "email": "[email protected]"
          },
          "quay.io": {
            "auth": "b3BlbnNo...",
            "email": "[email protected]"
          },
          "registry.connect.redhat.com": {
            "auth": "NTE3Njg5Nj...",
            "email": "[email protected]"
          },
          "registry.redhat.io": {
            "auth": "NTE3Njg5Nj...",
            "email": "[email protected]"
          }
        }
      }

4. Edit the new file and add a section that describes your registry to it:

     "auths": {
   ...
       "<local_registry_host_name>:<local_registry_host_port>": { (1)
         "auth": "<credentials>", (2)
         "email": "[email protected]"
     },
   ...

   1. For bastion_host_name, specify the registry domain name that you specified in your certificate, and for <local_registry_host_port>, specify the port that your mirror registry uses to serve content.

   2. For <credentials>, specify the base64-encoded user name and password for the mirror registry that you generated.

      The file resembles the following example:

      {
        "auths": {
          "cloud.openshift.com": {
            "auth": "b3BlbnNo...",
            "email": "[email protected]"
          },
          "quay.io": {
            "auth": "b3BlbnNo...",
            "email": "[email protected]"
          },
          "registry.connect.redhat.com": {
            "auth": "NTE3Njg5Nj...",
            "email": "[email protected]"
          },
          "<local_registry_host_name>:<local_registry_host_port>": {
            "auth": "<credentials>",
            "email": "[email protected]"
          },
          "registry.redhat.io": {
            "auth": "NTE3Njg5Nj...",
            "email": "[email protected]"
          }
        }
      }