Step #2: Create Pull Secret to access NVIDIA Container Registry
OpenShift has a secret object type that provides a mechanism for holding sensitive information such as passwords and private source repository credentials. Next, you will create a hidden object for storing our NGC API key (the mechanism used to authenticate your access to the NGC container registry).
Secrets are namespaced in OpenShift, meaning if you put this secret in a specific namespace/project, it will only be accessible to resources in that project unless you explicitly grant access to it. The exception is the default namespace, so if you want this secret to be accessible to all projects in OpenShift, place it there.
You may generate a new API key by following the steps below or use an existing API Key. If using an existing API Key you may skip to the Configure OpenShift Pull Secret section.
From a browser, go to https://ngc.nvidia.com/signin and enter your email and password.
In the top right corner, click your user account icon and select Setup.
Click the Get API key to open the Setup > API Key page.Note
The API Key is the mechanism to authenticate your access to the NGC container registry.
Click Generate API Key to generate your API key. A warning message appears to let you know that your old API key will become invalid if you create a new key.
Click Confirm to generate the key.
Your API key appears.Important
You only need to generate an API Key once. NGC does not save your key, so store it in a secure place. (You can copy your API Key to the clipboard by clicking the copy icon to the right of the API key.) You can generate a new one from the NGC website if you lose your API Key. When you generate a new API Key, the old one is invalidated.
In the OpenShift web console expand the Home menu and navigate to Projects, then click the Create Project button.
Enter nvidia-gpu-operator as the name and click the Create button.
In the OpenShift web console ensure you’re in the nvidia-gpu-operator Project/Namespace and navigate to Workloads > Secrets.
Click Create > Image pull secret.
Populate the form with the following values:
Secret Name: ngc (or some other human-readable name)
Authentication Type: leave as image registry credentials
Registry Server Address: nvcr.io
\$oauthtoken(note the leading
Password: The API key from step 1.
Email: Your email or leave blank
Click the Create button to store your Image pull secret. You now have credentials for NGC, which we’ll use in the next step.