About private registries with Edge
You can use a private registry with your Edge site to have more control over the security and deployment of your Edge site.
There are 2 types of custom registries you can use with Edge:
- A private container image registry - a repository that allows you to store and manage the container images included in an Edge site installation.
- A private Helm registry - a repository that allows you to store and manage the Helm charts included in an Edge site installation.
Both registry types are supported for Edge sites installed on bunlded k3s, or via the Edge CLI or Helm chart methods.
Use a private container image registry to perform security scans and audit container images consumed by your Edge site on your own infrastructure. Before you configure a private container registry, note the following:
- You can only switch to a private container image registry during installation. To add a private container image registry to an existing Edge site, you must reinstall your Edge site.
- All Edge site container images must reside in the same registry.
- When you copy images to your private container image registry, ensure you update only the domain name when tagging the new images.
Supported private container image registries
Note The above list shows the tested and supported private container image registries. If your private container image registry is not listed but uses user/pass authentication, you can attempt to install your Edge site with your registry. However, Collibra Support cannot provide assistance for untested registries.
Use a private Helm registry to store and serve Helm charts for Edge. Before you configure a private Helm registry, ensure your Edge site has Manual Upgrade mode enabled. This prevents your Edge site from upgrading to a version that is not yet published in your private registry.
As authentication occurs within the edge-cd pod rather than at the kubelet level, only username and password authentication is supported with private Helm registries.
How to retrieve Helm charts
If you want to have a private Helm registry, you need to pull the Helm chart information when you install or upgrade an Edge site. The commands you use depend upon your Edge site installation method.
Steps
- Get the Edge site site version:
- When installing an Edge site, download the Edge site installer and copy the version of Edge you are installing.
- When upgrading an Edge site, copy the version you are upgrading to from the Manual Upgrade version list.
- Go to the following file located in the extracted Edge site installer: /resources/manifests/sc-collibra-edge-repo-creds.yaml
- Copy the following information:
- URL
- Username
- Password
- To pull the Collibra Helm repository, enter the information you copied in the above steps into the commands relevant to your Edge site installation method:
- For Helm chart installations:Copy
helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz
--username <username_from_step_3>
--password <password_from_step_3> - For bundled k3s or Edge CLI installations, as you need to pull 2 Helm charts, you need to enter this information into 2 commands:
- Copy
helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz
--username <username_from_step_3>
--password <password_from_step_3> - Copy
helm pull <url_from_step_3>edge-helm-gold/api/charts/edge-cd-<version_from_step_1>.tgz
--username <username_from_step_3>
--password <password_from_step_3>
- For Helm chart installations:
Supported private Helm registries
Note The above list shows the tested and supported private container image registries. If your private container image registry is not listed but uses user/pass authentication, you can attempt to install your Edge site with your registry. However, Collibra Support cannot provide assistance for untested registries.