About private registries with Edge
As an Edge administrator, you can use a private registry with your Edge site to:
- Host Edge site images or Helm charts within your own firewall to comply with internal security policies.
- Secure and automate the Edge supply chain with a custom registry.
- Store container images or Helm charts in a single, audited location.
Edge supports the following types of custom registries:
- A private container image registry: Use this to store and manage the container images included in an Edge site installation.
- A private Helm registry: Use this to store and manage the Helm charts included in an Edge site installation.
Both registry types are supported for Edge sites installed on bundled k3s or via the Edge CLI or Helm chart methods.
Use a private container image registry to perform security scans and audit container images consumed by your Edge site on your own infrastructure. Before you configure a private container registry, note the following:
- You can only switch to a private container image registry during installation. To add a private container image registry to an existing Edge site, you must reinstall your Edge site.
- All Edge site container images must reside in the same registry.
- When you copy images to your private container image registry, ensure you update only the domain name when tagging the new images.
Supported private container image registries
The following list shows the tested and supported private container image registries. You can test other private container registries that use username and password authentication to install your Edge site, but Collibra Support cannot provide assistance for unsupported registries.
Use a private Helm registry to store and serve Helm charts for Edge. Before you configure a private Helm registry, ensure your Edge site has Manual Upgrade mode enabled. This prevents your Edge site from upgrading to a version that is not yet published in your private registry.
Authentication occurs within the edge-cd pod rather than at the kubelet level. Therefore, only username and password authentication is supported with private Helm registries.
How to retrieve Helm charts
If you want to have a private Helm registry, you need to pull the Helm chart information when you install or upgrade an Edge site. The commands you use depend upon your Edge site installation method.
Steps
- Get the Edge site site version:
- When installing an Edge site, download the Edge site installer and copy the version of Edge you are installing.
- When upgrading an Edge site, copy the version you are upgrading to from the Manual Upgrade version list.
- Go to the following file located in the extracted Edge site installer: /resources/manifests/sc-collibra-edge-repo-creds.yaml
- Copy the following information:
- URL
- Username
- Password
- To pull the Collibra Helm repository, enter the information you copied in the above steps into the commands relevant to your Edge site installation method:
- For Helm chart installations:Copy
helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz
--username <username_from_step_3>
--password <password_from_step_3> - For bundled k3s or Edge CLI installations, as you need to pull 2 Helm charts, you need to enter this information into 2 commands:
- Copy
helm pull <url_from_step_3>edge-helm-platinum/api/charts/collibra-edge-<version_from_step_1>.tgz
--username <username_from_step_3>
--password <password_from_step_3> - Copy
helm pull <url_from_step_3>edge-helm-gold/api/charts/edge-cd-<version_from_step_1>.tgz
--username <username_from_step_3>
--password <password_from_step_3>
- For Helm chart installations:
Supported private Helm registries
The following list shows the tested and supported private Helm registries. You can test other private Helm registries that use username and password authentication to install your Edge site, but Collibra Support cannot provide assistance for unsupported registries.