Configure an Edge site with a Google Artifact Registry
This topic is a reference for how to configure an Edge site with Google Artifact Registry.
We support the following Google Artifact Registry authentication methods:
- Service Account Key
- Workload Identity Federation for GKE
- This method is only available for:
- Edge sites installed on a GKE managed Kubernetes cluster.
- Private container image registries.
- This method is only available for:
Service Account Key
Use the following command flag when installing your Edge site to authenticate your Edge site with a Google Artifact Registry using the Service Account Key authentication method:
-r registries.yaml \
--registry-url <url_for_registry/custom_folder> \
--registry-user _json_key \
--registry-pass <path_to_json_key_file>| Command flag | Description |
|---|---|
<url_for_registry/custom_folder>
|
The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL. |
_json_key
|
The user you must use when configuring a Google Artifact Registry via the Service Account Key method. |
path_to_json_key_file
|
The file path to your Google Artifact JSON key file. |
- Add the path to the JSON key file as shown in the installation command.
- Add the full JSON key content as a single line, enclosed in single quotes.
{"type":"service_account","project_id":"","private_key_id":"","private_key":"","client_email":"","client_id":"","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":""}sudo sh install-master.sh properties.yaml -r registries.yaml \
--registry-url https://europe-west1-docker.pkg.dev/path/to/registry \
--registry-user _json_key \
--registry-pass /path/to/json_key_file.jsonFor more information, go to the Google Artifact Registry service account documentation.
Workload Identity Federation for GKE
Google Artifact Registries that use the Workload Identity Federation for GKE authentication method are only supported for Edge sites installed on a GKE managed Kubernetes cluster.
To pull container images, use one of the following methods:
- Use a service account with GAR access on the GKE node level.
- Use IAM based authentication without a cluster-specific service account.
Use the following command flag when installing your Edge site to authenticate your Edge site with a Google Artifact Registry using the Workload Identity Federation for GKE authentication:
--registry-url <url_for_registry/custom_folder>| Command flag | Description |
|---|---|
<url_for_registry/custom_folder>
|
The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL. |
./edgecli install \
--registry-url https://europe-west1-docker.pkg.dev/path/to/registryFor more information about the Workload Identity Federation for GKE authentication method, go to Google's documentation:
Important All Helm charts must be uploaded as OCI artifacts.
Service Account Key
Use the following command flag when installing your Edge site to authenticate your Edge site with a Google Artifact Registry using the Service Account Key authentication:
--helm-url <oci_url_for_helm_registry/custom_folder> \
--helm-user _json_key \
--helm-pass <path_to_json_key_file>| Command flag | Description |
|---|---|
<oci_url_for_helm_registry/custom_folder>
|
The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL. |
_json_key
|
The user you must use when configuring a Google Artifact Registry via the Service Account Key method. |
path_to_json_key_file
|
The file path to your Google JSON key file. |
./edgecli install \
--helm-url oci://europe-west1-docker.pkg.dev/path/to/registry \
--helm-user _json_key \
--helm-pass /path/to/json_key_file.jsonFor more information, go to the Google Artifact Registry service account documentation.