Configure an Edge site with an Azure Container Registry

This topic explores how to configure your Edge site with a private Azure Container Registry.

We support the following Azure Container Registry authentication methods:

  • Access token
  • IAM based authentication for AKS
    • This method is only available for:
      • Edge sites installed on an Azure managed Kubernetes cluster.
      • Private container image registries.
  • Service Principal ID with associated secret

For more information about Azure Container Registry authentication methods, go to the Azure documentation.

  • Private container image registry
  • Private Helm registry

Access token

To install your Edge site with container images stored within an Azure Container Registry using the Access token authentication method, add the following flags to the installation command:

Copy 
--registry-url <url_for_registry/custom_folder> \
    --registry-user <token_name> \
    --registry-pass <token_password>

Command flags:

  • <url_for_registry/custom_folder>: The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
  • token_name: The name of your Azure token.
  • token_password: The password of your Azure token.
sudo sh install-master.sh -r registries.yaml
--registry-url edge.azurecr.io
--registry-user azureEdge
--registry-pass azureEdge12

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

To install your Edge site with container images stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:

  • Make sure the service principal has pull permissions from the Azure Container Registry.
  • Add the following flags to the installation command:
Copy 
--registry-url <url_for_registry/custom_folder> \
    --registry-user <service_principal_id> \
    --registry-pass <service_principal_secret>

Command flags:

  • <url_for_registry/custom_folder>: The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
  • service_principal_id: The ID of your Azure service principal.
  • service_principal_secret: The secret of your Azure service principal.
sudo sh install-master.sh properties.yaml -r registries.yaml \
    --registry-url edge.azurecr.io/myazurefolder \
    --registry-user azureEdge \
    --registry-pass azureEdge12

Azure IAM based authentication for AKS

Azure Container Registries that use the Azure IAM based authentication for AKS authentication method are only supported for Edge sites installed on an Azure managed Kubernetes cluster.

To install your Edge site with container images stored within an Azure Container Registry using the Azure IAM based authentication for AKS authentication method, add the following flag to the installation command:

Copy 
--registry-url <url_for_registry/custom_folder>

Command flag:

  • <url_for_registry/custom_folder>: add your registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
./edgecli install \
    --registry-url edge.azurecr.io/myazurefolder

Important All Helm charts must be uploaded as OCI artifacts.

Access token

To install your Edge site with Helm charts stored within an Azure Container Registry using the Access authentication method, add the following flags to the installation command:

Copy 
--helm-url <oci_url_for_helm_registry/custom_folder> \
    --helm-user <token_name> \
    --helm-pass <token_password>

Command flags:

  • <oci_url_for_helm_registry/custom_folder>: The registry URL. Optionally, if you have a custom folder within your registry that you want to pull the Edge images into, add that to the end of the URL.
  • token_name: The name of your Azure token.
  • token_password: The password of your Azure token.
./edgecli install
--helm-url oci://edge.azurecr.io
--helm-user azureEdge
--helm-pass azureEdge12

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

To install your Edge site with Helm charts stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:

  • Make sure the service principal has pull permissions from the Azure Container Registry.
  • Add the following flags to the installation command:
    --helm-url <oci_url_for_helm_registry>
--helm-user <service_principal_id>
--helm-pass <service_principal_secret>
    ./edgecli install
--helm-url oci://edge.azurecr.io
--helm-user azureEdge
--helm-pass azureEdge12