Configure an Edge site with a Google Artifact Registry
This topic explores how to configure an Edge site with Google Artifact Registry.
We support the following Google Artifact Registry authentication methods:
- Service Account Key
- Workload Identity Federation for GKE
- This method is only available for:
- Edge sites installed on a GKE managed Kubernetes cluster.
- Private container image registries.
- This method is only available for:
- Private container image registry
- Private Helm registry
Service Account Key
To install your Edge site with container images stored within a Google Artifact Registry using the Service Account Key authentication method, add the following flags to the installation command:
-r registries.yaml
--registry-url <url_for_registry>
--registry-user _json_key
--registry-pass <path_to_json_key_file>
{"type":"service_account","project_id":"","private_key_id":"","private_key":"","client_email":"","client_id":"","auth_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https://oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs","client_x509_cert_url":""}
sudo sh install-master.sh properties.yaml -r registries.yaml
--registry-url https://europe-west1-docker.pkg.dev/path/to/registry
--registry-user _json_key
--registry-pass /path/to/json_key_file.json
For more information, go to the Google Artifact Registry service account documentation.
Workload Identity Federation for GKE
Google Artifact Registries that use the Workload Identity Federation for GKE authentication method are only supported for Edge sites installed on a GKE managed Kubernetes cluster. We recommend using a service account with GAR access on the GKE node level, however, you can use IAM authentication that doesn't require a specific service account on the cluster to pull container images.
To install your Edge site with container images stored within a Google Artifact Registry using the Workload Identity Federation for GKE authentication method, add the following flag to the installation command:
--registry-url <url_for_registry>
./edgecli install
--registry-url https://europe-west1-docker.pkg.dev/path/to/registry
For more information about the Workload Identity Federation for GKE authentication method, go to Google's documentation:
Important All Helm charts must be uploaded as OCI artifacts.
Service Account Key
To install your Edge site with Helm charts stored within a Google Artifact Registry using the Service Account Key authentication method, add the following flags to the installation command:
--helm-url <oci_url_for_helm_registry>
--helm-user <_json_key file>
--helm-pass <path_to_json_key_file>
./edgecli install
--helm-url oci://europe-west1-docker.pkg.dev/path/to/registry
--helm-user _json_key
--helm-pass /path/to/json_key_file.json
For more information, go to the Google Artifact Registry service account documentation.