Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

5.4.3. Updating the global cluster pull secret

To add new registries or update authentication for your OpenShift Container Platform cluster, you can update the global pull secret by appending new credentials to the additional-pull-secret. To do this, you can use the oc set data secret/additional-pull-secret -n kube-system command. Hypershift manages the new credential propagation among the HostedCluster nodes.

중요

The global pull secret is a HostedControlPlane feature only and is not an OCP standalone feature.

To transfer your cluster to another owner, you must initiate the transfer in OpenShift Cluster Manager and then update the pull secret on the cluster. Updating a cluster’s pull secret without initiating the transfer in OpenShift Cluster Manager causes the cluster to stop reporting Telemetry metrics in OpenShift Cluster Manager.

For more information, see Transferring cluster ownership under Additional resources in the Red Hat OpenShift Cluster Manager documentation.

Prerequisites

  • You have access to the cluster as a user with the cluster-admin role.

Procedure

  1. Optional: To append a new pull secret to the existing pull secret:

    1. Download the pull secret by entering the following command: 

      $ oc get secret/pull-secret -n openshift-config --template='{{index .data ".dockerconfigjson" | base64decode}}' > <pull_secret_location>

      where:

      <pull_secret_location>
      Specifies the path to the pull secret file.

    2. Add the new pull secret by entering the following command: 

      $ oc registry login --registry="<registry>" \
--auth-basic="<username>:<password>" \
--to=<pull_secret_location>

      where:

      <registry>
      Specifies the new registry. You can include many repositories within the same registry, for example: --registry="<registry/my-namespace/my-repository>.
      <username>:<password>
      Specifies the credentials of the new registry.
      <pull_secret_location>
      Specifies the path to the pull secret file.

  2. Update the global pull secret for your cluster by entering the following command. Note that this update rolls out to all nodes, which can take some time depending on the size of your cluster. 

    $ oc set data secret/pull-secret -n openshift-config \
  --from-file=.dockerconfigjson=<pull_secret_location>

    where:

    <pull_secret_location>
    Specifies the path to the new pull secret file.

    This merges your additional pull secret with the original HostedCluster pull secret, making it available to all nodes in the cluster.

  3. Optional: Modify the additional pull secret added by entering the following command: 

    $ oc edit secret additional-pull-secret -n kube-system

    The secret must contain a valid DockerConfigJSON format.

    Example pull secret

    apiVersion: v1
kind: Secret
metadata:
  name: additional-pull-secret
  namespace: kube-system
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: <base64-encoded-docker-config-json>

    This results in the following states of the each pull secret:

    • Original: immutable
    • Additional: mutable
    • Global: final state of both the original and additional pull secrets

  4. Optional: Delete the additional pull secret added by entering the following command: 

    $ oc delete secret additional-pull-secret -n kube-system

    This triggers the automatic cleanup process across your nodes.

Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

Legal Notice

Theme

© 2026 Red Hat맨 위로 이동