Configure an Edge site with an Azure Container Registry
This topic explores how to configure your Edge site with a private Azure Container Registry.
We support the following Azure Container Registry authentication methods:
- Access token
- IAM based authentication for AKS
- This method is only available for:
- Edge sites installed on an Azure managed Kubernetes cluster.
- Private container image registries.
- This method is only available for:
- Service Principal ID with associated secret
For more information about Azure Container Registry authentication methods, go to the Azure documentation.
- Private container image registry
- Private Helm registry
Access token
To install your Edge site with container images stored within an Azure Container Registry using the Access token authentication method, add the following flags to the installation command:
--registry-url <url_for_registry>
--registry-user <token_name>
--registry-pass <token_password>
sudo sh install-master.sh properties.yaml -r registries.yaml
--registry-url edge.azurecr.io
--registry-user azureEdge
--registry-pass azureEdge12
For more information, go to the Azure Container Registry access token documentation.
Service Principal ID with associated secret
To install your Edge site with container images stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:
- Make sure the service principal has pull permissions from the Azure Container Registry.
- Add the following flags to the installation command:
--registry-url <url_for_registry>
--registry-user <service_principal_id>
--registry-pass <service_principal_secret>
sudo sh install-master.sh properties.yaml -r registries.yaml
--registry-url edge.azurecr.io
--registry-user azureEdge
--registry-pass azureEdge12
Azure IAM based authentication for AKS
Azure Container Registries that use the Azure IAM based authentication for AKS authentication method are only supported for Edge sites installed on an Azure managed Kubernetes cluster.
To install your Edge site with container images stored within an Azure Container Registry using the Azure IAM based authentication for AKS authentication method, add the following flag to the installation command:
--registry-url <url_for_registry>
./edgecli install
--registry-url edge.azurecr.io
Important All Helm charts must be uploaded as OCI artifacts.
Access token
To install your Edge site with Helm charts stored within an Azure Container Registry using the Access authentication method, add the following flags to the installation command:
--helm-url <oci_url_for_helm_registry>
--helm-user <token_name>
--helm-pass <token_password>
./edgecli install
--helm-url oci://edge.azurecr.io
--helm-user azureEdge
--helm-pass azureEdge12
For more information, go to the Azure Container Registry access token documentation.
Service Principal ID with associated secret
To install your Edge site with Helm charts stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:
- Make sure the service principal has pull permissions from the Azure Container Registry.
- Add the following flags to the installation command:
--helm-url <oci_url_for_helm_registry> --helm-user <service_principal_id> --helm-pass <service_principal_secret>
Show me an example./edgecli install --helm-url oci://edge.azurecr.io --helm-user azureEdge --helm-pass azureEdge12