Configure an Edge site with an Azure Container Registry

This topic explores how to configure your Edge site with a private Azure Container Registry.

We support the following Azure Container Registry authentication methods:

  • Access token
  • IAM based authentication for AKS
    • This method is only available for:
      • Edge sites installed on an Azure managed Kubernetes cluster.
      • Private container image registries.
  • Service Principal ID with associated secret

For more information about Azure Container Registry authentication methods, go to the Azure documentation.

  • Private container image registry
  • Private Helm registry

Access token

To install your Edge site with container images stored within an Azure Container Registry using the Access token authentication method, add the following flags to the installation command:

--registry-url <url_for_registry>
--registry-user <token_name>
--registry-pass <token_password>
sudo sh install-master.sh properties.yaml -r registries.yaml
--registry-url edge.azurecr.io
--registry-user azureEdge
--registry-pass azureEdge12

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

To install your Edge site with container images stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:

  • Make sure the service principal has pull permissions from the Azure Container Registry.
  • Add the following flags to the installation command:
--registry-url <url_for_registry>
--registry-user <service_principal_id>
--registry-pass <service_principal_secret>
sudo sh install-master.sh properties.yaml -r registries.yaml
--registry-url edge.azurecr.io
--registry-user azureEdge
--registry-pass azureEdge12

Azure IAM based authentication for AKS

Azure Container Registries that use the Azure IAM based authentication for AKS authentication method are only supported for Edge sites installed on an Azure managed Kubernetes cluster.

To install your Edge site with container images stored within an Azure Container Registry using the Azure IAM based authentication for AKS authentication method, add the following flag to the installation command:

--registry-url <url_for_registry>
./edgecli install
--registry-url edge.azurecr.io

Important All Helm charts must be uploaded as OCI artifacts.

Access token

To install your Edge site with Helm charts stored within an Azure Container Registry using the Access authentication method, add the following flags to the installation command:

--helm-url <oci_url_for_helm_registry>
--helm-user <token_name>
--helm-pass <token_password>
./edgecli install
--helm-url oci://edge.azurecr.io
--helm-user azureEdge
--helm-pass azureEdge12

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

To install your Edge site with Helm charts stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:

  • Make sure the service principal has pull permissions from the Azure Container Registry.
  • Add the following flags to the installation command:
    --helm-url <oci_url_for_helm_registry>
--helm-user <service_principal_id>
--helm-pass <service_principal_secret>
    ./edgecli install
--helm-url oci://edge.azurecr.io
--helm-user azureEdge
--helm-pass azureEdge12