In case you are incapable of changing the global pull secret in OpenShift 4, you need to renew or replace the global cluster pull secret.
Prerequisites
- To modify the pull secret used globally, it's required to access the cluster with a user that has cluster-admin permissions.
- The pull-secret taken from console.redhat.com will be also necessary.
- There is a notorious issue that the OpenShift API server does not get the renewed pull secret.
- Authentication errors are pointed out after the global pull secret is renewed in OCP 4 for extra info.
- The pull secret switch on its own will not renew the cluster owner on
console.redhat.com- commence the transfer of the cluster beforehand switching the pull secret! - Modifying the owner without undertaking this will destroy telemetry broadcasting.
- The full steps in the OpenShift cluster manager guidebook and the records to renew the global cluster pull secret for the required steps.
- You can also take the pull secret from
console.redhat.com/openshift/install/pull-secretusing a REST API call.
Testing
Before updating pull-secret, please test if your new pull-secret is valid and working:
$ podman pull --authfile /home/suyash/pull-secret registry.redhat.io/ubi8/ubi:latest
Renewing an existing secret
To update the existing secret, run:
$ oc set data secret/pull-secret -n openshift-config --from-file=.dockerconfigjson=/home/suyash/pull-secret
Create a secret
If a secret does not already exist and needs to be formed, the next instruction will generate the secret:
$ oc create secret generic pull-secret -n openshift-config --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=/home/suyash/pull-secret
It's possible to renew the global pull secret for your cluster by either changing the existing pull secret or adding a new pull secret.
Diagnostics
$ oc get secret pull-secret -n openshift-config --template='{{index .data ".dockerconfigjson" | base64decode}}'
For a straightforward look at the matter, if jq is accessible, it's feasible to affix | jq at the end of the previous instruction.
Ref: https://github.com/openshift/openshift-docs/blob/main/modules/images-update-global-pull-secret.adoc
Top comments (0)