Configure an Edge site with an Azure Container Registry

Updated: January 8, 2025

This topic is a reference for how to configure your Edge site with a private Azure Container Registry.

We support the following Azure Container Registry authentication methods:

Access token
IAM based authentication for AKS
- This method is only available for:
  - Edge sites installed on an Azure managed Kubernetes cluster.
  - Private container image registries.
Service Principal ID with associated secret

For more information about Azure Container Registry authentication methods, go to the Azure documentation.

Access token

Use the following command flag when installing your Edge site to authenticate your Edge site with Azure Container Registry using the Access token authentication.

Copy

--registry-url <url_for_registry/custom_folder> \
    --registry-user <token_name> \
    --registry-pass <token_password>

Command flag Description

Command flag	Description
`<url_for_registry/custom_folder>`	The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
`token_name`	The name of your Azure token.
`token_password`	The password of your Azure token.

<url_for_registry/custom_folder>

The registry URL.

Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.

token_name The name of your Azure token.

token_password The password of your Azure token.

Example

sudo sh install-master.sh properties.yaml -r registries.yaml \
    --registry-url edge.azurecr.io/myazurefolder \
    --registry-user azureEdge \
    --registry-pass azureEdge12

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

Use the following command flag when installing your Edge site to authenticate your Edge site with an Azure Container Registry using the Service Principal ID with associated secret authentication.

Before you install your Edge site, ensure the service principal has pull permissions from the Azure Container Registry.

Copy

--registry-url <url_for_registry/custom_folder> \
    --registry-user <service_principal_id> \
    --registry-pass <service_principal_secret>

Command flag Description

Command flag	Description
`<url_for_registry/custom_folder>`	The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
`service_principal_id`	The ID of your Azure service principal.
`service_principal_secret`	The secret of your Azure service principal.

<url_for_registry/custom_folder>

The registry URL.

Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.

service_principal_id The ID of your Azure service principal.

service_principal_secret The secret of your Azure service principal.

Example

sudo sh install-master.sh properties.yaml -r registries.yaml \
    --registry-url edge.azurecr.io/myazurefolder \
    --registry-user azureEdge \
    --registry-pass azureEdge12

Azure IAM based authentication for AKS

Azure Container Registries that use the Azure IAM based authentication for AKS authentication method are only supported for Edge sites installed on an Azure managed Kubernetes cluster.

Use the following command flag when installing your Edge site to authenticate your Edge site with an Azure Container Registry using the Azure IAM based authentication:

Copy

--registry-url <url_for_registry/custom_folder>

Command flag Description

Command flag	Description
`<url_for_registry/custom_folder>`	The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.

<url_for_registry/custom_folder>

The registry URL.

Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.

Example

./edgecli install \
    --registry-url edge.azurecr.io/myazurefolder

Important All Helm charts must be uploaded as OCI artifacts.

Access token

Use the following command flag when installing your Edge site to authenticate your Edge site with an Azure Container Registry using the Access authentication:

Copy

--helm-url <oci_url_for_helm_registry/custom_folder> \
    --helm-user <token_name> \
    --helm-pass <token_password>

Command flag Description

Command flag	Description
`<oci_url_for_helm_registry/custom_folder>`	The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
`token_name`	The name of your Azure token.
`token_password`	The password of your Azure token.

<oci_url_for_helm_registry/custom_folder>

The registry URL.

Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.

token_name The name of your Azure token.

token_password The password of your Azure token.

Example

./edgecli install
    --helm-url oci://edge.azurecr.io/myazurefolder \
    --helm-user azureEdge \
    --helm-pass azureEdge12

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

Use the following command flag when installing your Edge site to authenticate your Edge site with an Azure Container Registry using the Service Principal ID with associated secret authentication.

Before you install your Edge site, ensure the service principal has pull permissions from the Azure Container Registry.

Copy

--helm-url <oci_url_for_helm_registry/custom_folder> \
    --helm-user <service_principal_id> \
    --helm-pass <service_principal_secret

Command flag Description

Command flag	Description
`<oci_url_for_helm_registry/custom_folder>`	The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
`service_principal_id`	The ID of your Azure service principal.
`service_principal_secret`	The secret of your Azure service principal.

<oci_url_for_helm_registry/custom_folder>

The registry URL.

Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.

service_principal_id The ID of your Azure service principal.

service_principal_secret The secret of your Azure service principal.

Example

./edgecli install \
    --helm-url oci://edge.azurecr.io/myazurefolder \
    --helm-user azureEdge \
    --helm-pass azureEdge12