Configure an Edge site with an Azure Container Registry

This topic explores how to configure your Edge site with a private Azure Container Registry.

We support the following Azure Container Registry authentication methods:

  • Access token
  • IAM based authentication for AKS
    • This method is only available for:
      • Edge sites installed on an Azure managed Kubernetes cluster.
      • Private container image registries.
  • Service Principal ID with associated secret

For more information about Azure Container Registry authentication methods, go to the Azure documentation.

Access token

To install your Edge site with container images stored within an Azure Container Registry using the Access token authentication method, add the following flags to the installation command:

--registry-url <url_for_registry>
--registry-user <token_name>
--registry-pass <token_password>

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

To install your Edge site with container images stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:

  • Make sure the service principal has pull permissions from the Azure Container Registry.
  • Add the following flags to the installation command:
--registry-url <url_for_registry>
--registry-user <service_principal_id>
--registry-pass <service_principal_secret>

Azure IAM based authentication for AKS

Azure Container Registries that use the Azure IAM based authentication for AKS authentication method are only supported for Edge sites installed on an Azure managed Kubernetes cluster.

To install your Edge site with container images stored within an Azure Container Registry using the Azure IAM based authentication for AKS authentication method, add the following flag to the installation command:

--registry-url <url_for_registry>

Important All Helm charts must be uploaded as OCI artifacts.

Access token

To install your Edge site with Helm charts stored within an Azure Container Registry using the Access authentication method, add the following flags to the installation command:

--helm-url <oci_url_for_helm_registry>
--helm-user <token_name>
--helm-pass <token_password>

For more information, go to the Azure Container Registry access token documentation.

Service Principal ID with associated secret

To install your Edge site with Helm charts stored within an Azure Container Registry using the Service Principal ID with associated secret authentication method:

  • Make sure the service principal has pull permissions from the Azure Container Registry.
  • Add the following flags to the installation command:
    --helm-url <oci_url_for_helm_registry>
    --helm-user <service_principal_id>
    --helm-pass <service_principal_secret>