Checks that a pull secret gives access to all the container images required for an OpenShift installation.
Use case: if your bootstrap node keeps failing at pulling images, then you probably want to check that you passed openshift-install
the required credentials in the pull-secret.
This tool takes the pull secret filename as an argument and uses it to fetch the image manifests for all the openshift pods. It only downloads (podman pull
) the release image pointed to by the openshift-install
binary; access to the individual images is assessed by downloading the image manifests with Skopeo.
- bash
- jq
- podman
- skopeo
- openshift-install
If openshift-install
is in $PATH
, just run:
./validate-pull-secret pull-secret.json
For passing openshift-install
's path:
./validate-pull-secret -i ~/go/bin/openshift-install pull-secret.json
If you know the address of the release image already, you can pass it without the need of having the corresponding openshift-installer
:
./validate-pull-secret -r registry.openshift.example.com/ocp/release:4.3 pull-secret.json